Google Chrome to introduce automatic password updates for enhanced security

At its annual Google I/O conference, Google unveiled a significant update to Chrome’s password management system aimed at making digital security both stronger and more user-friendly. The company announced that Google Password Manager will soon be capable of automatically changing weak or compromised passwords on behalf of the user, signaling a major step forward in browser-based cybersecurity.

Currently, Chrome already alerts users when their saved passwords are unsafe—either due to a data breach or because they’re considered weak. However, acting on these warnings requires users to manually visit websites, reset credentials, and create new passwords. According to Parisa Tabriz, Vice President and General Manager of Chrome, this process often deters users from actually following through on important security changes.

“But if we tell you your password is weak, it’s really annoying to actually have to change your password,” said Tabriz during a press briefing. “And we know that if something is annoying, people are not going to actually do it. So we see automatic password change as a win for safety, as well as usability. Overall, that’s a win-win for users.”

With the upcoming update, Chrome will automatically prompt users to fix compromised passwords detected during sign-in. On websites that support this functionality, Chrome will generate a strong replacement password and automatically update it. This reduces the burden on users while ensuring they remain protected against common threats such as phishing, brute-force attacks, and credential stuffing.

The feature is expected to launch later this year, but Google is announcing it now to give developers time to preparetheir websites and applications. Websites will need to support the new protocol that enables automated password changes. By offering this preview, Google hopes to encourage widespread adoption before the official rollout, ensuring a smoother experience for users and developers alike.

Importantly, while the new system automates much of the process, it won’t completely remove user agency. Users will be asked for consent before any password is changed. Tabriz emphasized that user control is paramount: “We’re very much focused on keeping the user in control of changing their password.”

In response to questions about whether Chrome might eventually take a more aggressive approach—such as routinely changing passwords to keep them fresh—Tabriz clarified that this is not part of Google’s plan. The current system will not proactively change any credentials unless the user agrees to the modification. This reflects Google's broader strategy of balancing convenience with transparency and user autonomy.