Google Chrome will now allow automatic changing of breached passwords.

Jun 11, 2025 | Jindřich Zechmeister

Password management is often one of the most frustrating yet crucial aspects of online security for many users. That’s why Google has decided to take user protection to the next level. At the Google I/O 2025 conference, the company announced that Chrome will soon be able to automatically change compromised passwords — without requiring any user intervention, if the user opts in.

Effortless Security: Chrome Changes Passwords for You

Google is once again pushing the boundaries of security – the latest version of the Chrome browser brings the ability to automatically change compromised passwords. This new feature aims to eliminate the painful gap between being alerted to a compromised password and actually fixing it. If Chrome detects that your password was leaked during a security incident, and the particular web service allows for automated password changes, the entire process can be completed for you – from generating a new password to saving it.

It's all built on the current Chrome Password Manager, which has already been alerting users to weak or compromised passwords for some time. Until now, it was more of a passive feature – now comes active defense.

How does it all work?

Technically speaking, Chrome uses standardized tags in forms and conventions like

autocomplete="current-password"

and

autocomplete="new-password"

. To make integration with websites easier, it also expects a redirect from the address

/.well-known/change-password

to the appropriate form. This way, the browser can recognize the password change interface, input a new one, and save it – all securely and with your permission. Of course, users are always informed and involved – no changes are made without their interaction or consent.

If you are a developer and want to support this feature on your website, check out the official documentation at web.dev: Change password URL.

Control remains in your hands

Even though Chrome can do many things automatically, you still have the final say. Automatic password change is optional, and no action will be taken without explicit confirmation. With this step, Google is responding not only to the increasing number of data breaches but also to the need to balance convenience and privacy.

Users who prefer to manage passwords manually can continue to do so. Others will appreciate not having to spend minutes (or hours) restoring accounts whenever security is breached.

Impact on Security and Developers

From the perspective of regular users, this is a significant enhancement in protection against common threats like phishing or password reuse. For developers, however, a new chapter opens – they should adjust their forms to be compatible with the feature and use the prescribed conventions.

With this step, Chrome cements its role as a technological leader unafraid to introduce advanced security features directly into the browser without burdening users.

When will the feature be available?

Google plans to launch this new feature in the course of 2025. The function will be gradually available, depending on how individual websites adapt their interfaces. For users, this means they need not fear data breaches – Chrome will offer them not just warnings but solutions as well.

Whether you're a regular user or managing web services, it's the right time to look at password management with a fresh perspective. Automatic password change may not be a cure-all – but it's a step in the right direction.

Source:

Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

---