Click to Skip Ad
Closing in...

Google just fixed the worst thing about dealing with hacked passwords

Published May 19th, 2021 7:31AM EDT
Google Chrome
Image: Teerasan/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Security researchers advise people to use unique, strong passwords every time hackers compromise an app or service. That’s because many people use weak passwords to protect their online accounts, and they often recycle those passwords. Remembering tens to hundreds of different username and password combinations is almost impossible for most people. That’s where password managers can help. These services only require users to remember a single password, which secures all the other logins. Password services also offer suggestions for strong passwords, and some of them warn users if their accounts were compromised, advising them to change the hacked password immediately.

Some of these password managers require a one-time cost or a monthly subscription, while others are free of charge. Google has its own password manager built into Chrome, and the company has just released the best possible fix for changing a compromised account. A single tap is enough to change a hacked password, a technology that most other password managing apps might not be able to match.

Chrome’s password manager already checks saved passwords against lists of compromised credentials to determine whether hackers have obtained access to any of your online accounts. Whenever it finds a breached account, it notifies users to change their password, and this is where the tedious process begins.

You have to navigate to the app or service in question, and manually change the password to something else that’s unique and strong, and then update the password in your password manager apps, Chrome included. The process isn’t difficult, but it’s tedious enough for some people to postpone changing the password to later and then forget about doing it.

Google announced at I/O 2021 a feature that only Google would be able to pull off. Google can automatically change the password of a breached account, performing the same steps above automatically on supported sites. All you need to do is tap a button when Google tells you an account was breached. That’s the new “Change password” option from the Assistant.

Google Assistant
Google Assistant’s automatic password change feature for Chrome on Android. Image source: Google

“When you tap the button, Chrome will not only navigate to the site but also go through the entire process of changing your password,” Google explains in a blog post. Users can still get involved in the process or do it manually from the start. But Google Assistant simplifies all that.

If these Assistant powers seem familiar, that’s because Google is using the same underlying technology. Duplex on the Web was unveiled in 2019 as an advanced Assistant feature that lets the virtual assistant perform tasks on the web for you, such as buying movie tickets, making restaurant reservations, and checking in to flights:

Powered by Duplex on the Web, Assistant takes over the tedious parts of web browsing: scrolling, clicking and filling forms, and allows you to focus on what’s important to you. And now we’re expanding these capabilities even further by letting you quickly create a strong password for certain sites and apps when Chrome determines your credentials have been leaked online.

The feature is rolling out to Chrome on Android first to US users who sync their passwords. The feature will be available on more sites and in more countries in the coming months.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.