This post is also available in:
עברית (Hebrew)
Google Chrome has rolled out a security enhancement that allows its built-in Password Manager to automatically replace compromised passwords, offering users a seamless way to maintain account security after a breach.
The new functionality activates when Chrome detects that login credentials have been exposed during sign-in. Instead of requiring users to manually reset their password, the browser now prompts them with the option to let Chrome handle the process. On compatible websites, the browser can generate a strong new password and update it directly within the user’s account—all without navigating through account settings or interrupting the login process.
This feature builds on existing capabilities of Google Password Manager, which already includes tools to create strong passwords at sign-up and alerts users if their saved credentials have been found in known data breaches.
To support this new automated password reset function, websites need to make minimal adjustments. These changes were detailed by Google on web.dev.
While passwordless authentication methods like passkeys are gaining momentum across the industry, experts acknowledge that passwords are likely to remain common for years to come. In anticipation of that, Chrome has also added an API that allows websites to generate a passkey for users immediately after a successful password login, supporting a gradual transition to more secure authentication models.
Until widespread adoption of passwordless technologies becomes a reality, Chrome’s automatic password reset tool is a practical step toward reducing user exposure to credential theft. It streamlines the recovery process and helps limit the damage caused by breaches—without placing the burden entirely on the user. For both individuals and organizations managing multiple digital accounts, the feature marks a meaningful improvement in everyday cybersecurity hygiene.
