Google Chrome can now change weak passwords for users

Weak passwords can make it easy for hackers to gain access to any of your online accounts. Password managers can tell if a password is weak and even suggest alternatives, but Google Chrome is taking it a step further.

Chrome will automatically change users' weak passwords

Chrome's password manager can detect if you're using a weak or compromised password for a site. Now, Google is rolling out a new feature called Automatic password change , which will automatically prompt you during login with the option to update your password to a stronger one on supported sites.

The feature was announced at Google I/O, giving developers time to update their apps and websites to support it when it launches in late 2025. Google's announcement didn't mention a launch date, but given the number of password-related features coming to Chrome, it may be a while before we see it in action.

How useful this feature will be depends entirely on whether hundreds of thousands of websites on the Internet support it. It will be years before it is widely supported beyond popular services and social media sites, but it is a good start.

While the feature will save you from having to dig into a website's account settings to change your password, it's unclear how you'll be notified of the change. Chrome VP and GM Parisa Tabriz told The Verge in a pre-Google I/O press conference that Chrome won't change invalid or compromised passwords without the user's consent. However, a demo video of the feature on Google's announcement blog doesn't show any authentication or verification prompts before updating the password.

It's also unknown whether Chrome automatically updates all your passwords regularly so they're never out of date, or just makes a one-time change to bring any weak or compromised passwords you might be using up to standard.

There are tools you can use to check if your passwords have been compromised, but having this built into your browser would make it accessible to more users. You can also keep your passwords more secure yourself, but having Chrome do it automatically saves you a lot of hassle.

The idea of ​​a browser automatically updating passwords may seem a bit extreme, especially when done without authentication. However, changing passwords has become an increasingly difficult task, especially with websites now having rules about what characters should be in your password. If implemented properly, the new feature could significantly improve the account security of millions of users, especially given Chrome's huge user base.

Google is getting serious about password management

Google has announced more password management features beyond Automatic password change . Chrome is gaining support for importing and exporting passkeys and passwords based on FIDO standards. This replaces the old method of exporting credentials as a file and then importing them into another browser. The new process doesn't require you to handle any files.

There's also good news for developers. Google is expanding the Credential Manager API to let developers request any type of credential from their browser, making the login experience more secure regardless of whether you're using a password, passkey, or other sign-in options for your services.

Passkey support in Chrome has been extended to iOS, allowing you to sync passkeys and securely sign in across Android, Windows, macOS, ChromeOS, Linux, and finally iOS. You'll also see automatic passkey generation, improved autofill, better credential sharing across apps and the web, and more.

Marvin Fry

Update 26 May 2025