Hackers haven’t stopped trying to steal passwords for as many online services and websites as possible, and nobody is safe from data breaches. You’re at risk even if you use strong passwords and don’t recycle credentials.
Thankfully, password managers and browsers with built-in password features can track hacked passwords. They’ll alert you if any of your credentials show up in lists of compromised logins that routinely surface online. That’s the first step toward fixing the problem.
The second step is actually doing something about it, like changing the old password to a new one. It’s a tedious task that many people put off. I’m speaking from experience here.
I’ve delayed changing a password once or twice because, honestly, who likes doing that? You have to log into the site, go to your profile or settings, and change the password. It’s one of those annoying parts of using the internet that we just have to deal with.
Fortunately, Google wants to tackle our reluctance to deal with chores like this by automating the password change process right where you need it most: the browser.
Chrome can automatically change a hacked password for you, as long as you give it permission to do so.
“When Chrome detects a compromised password during sign-in, Google Password Manager prompts the user with an option to fix it automatically,” Google said in a blog about internet security released around I/O 2025. “On supported websites, Chrome can generate a strong replacement and update the password for the user automatically.”
Google’s blog focuses on what developers need to do to make their websites and services compatible with this new Chrome feature. But developers aren’t the only ones who need to prepare.
For the feature to work, you need to use Chrome’s built-in password manager. That’s how Chrome knows one of your passwords has been compromised.
If you’re using a different browser or a standalone password manager app, you’ll need to sync your passwords with Chrome so it can detect stolen credentials.
Also, keep in mind that Chrome can only detect breaches if the stolen logins are posted online. Hackers can still steal your passwords without publishing them, so you might not know someone accessed your account until there’s real damage.
Lastly, you still have to tap a button in a Chrome notification to let the browser change your password. Chrome won’t act without your approval, so you stay in control, as shown in the video above.
That said, this feature is brilliant. I haven’t used Chrome in a while, but this new security tool is definitely something I’d recommend. I know some password manager apps offer similar functionality. Hopefully, more browsers and apps will follow suit, at least while passwords remain the dominant form of authentication.
The feature should work automatically in Chrome, but you won’t see it in action unless one of your accounts gets breached. Hopefully, that never happens.
As a reminder, don’t recycle username/password combinations. Use strong, unique passwords for every online account. Opt for passkeys when you can, and enable two-factor authentication to stay safer. Save everything in a password manager to make things easier.
I’ll wrap up with the obvious advice: change your passwords on important accounts regularly to stay ahead of hackers. It’s a tedious, manual job, but password managers can still make it easier.
It would be great if you could tell a password manager or browser like Chrome to update certain passwords automatically on a regular basis. Google isn’t offering that yet, telling The Verge the user has to stay in control and decide when and what to change.
