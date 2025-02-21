Chrome may soon make it even easier to change a password after a data breach. An in-test feature would actively change the password on the user's behalf.

The change would affect what happens when Google auto-fills a password field using a stored password. The browser already checks such stored passwords against a database of passwords that have been breached and released publicly.

At the moment Chrome will simply warn users about such a breach and prompt them to change it. However, the user will need to manually go to the password settings section or account settings on the website in question and make the change.

Canary In The Mine

The change has been spotted in Chrome Canary. That's a test version of Chrome where new features are rolled out to users outside of Google for the first time. It's generally only suitable for extremely confident users who are happy with the risk of something going seriously wrong. It's definitely more for enthusiast experimentation than for use as an everyday browser.

The test feature is currently dubbed "Automated password Change". Its description, along with early user experiences, suggests that when Chrome spots a compromised password, it will offer to not only generate a new, secure password, but also change it on the user's account at the website.

As usual with Chrome-generated passwords, there's no human involvement and the user doesn't need to decide or even see the new password, which will be stored in the browser for future use.

AI Not Explained

The feature is categorized in Chrome settings as being an "AI" feature, though it doesn't explain how or why it is using artificial intelligence. It's possible the AI approach is used for finding the account settings section on the relevant site and then identifying the buttons or boxes to request and complete a password change. (Source: windowsreport.com)

As the feature is only in early testing, it's a bit fiddly to use at the moment. It requires changing a setting to manually mark all passwords as compromised (thus triggering the offer to change passwords). That's because it isn't yet connected to a real database of compromised passwords. (Source: arstechnica.com)

What's Your Opinion?

