Google Chrome may soon change compromised passwords for you automatically
Google announced today that it is bringing a new security feature to the company's Chrome web browser that informs users about compromised passwords and lets them change these passwords to a secure new password instantly.
Many web browsers introduced and password managers introduced security features in the recent past that inform users about leaked passwords. Google introduced a password checker in Chrome in 2019,Â and has been working on improvements ever since.
All password checkers use a similar system: a database with leaked password hashes is used to find out if one of the user's passwords is on that list. If it is, it is considered compromised and it is then up to the user to change the password. The process is time consuming, especially if a password is reused. Users have to open the website of the service in question, find the password change page, come up with a new password, and save it somehow.
Google made the process easier in recent Chrome releases. A change password link is now available that opens a "standardized password page on the host site. The option to verify passwords for leaks was added to Chrome 88, released in January 2021.
Today's announcement aims to make things even easier, but not for all users of the Chrome web browser and not for all sites. If a site is supported, users are able to change the password directly from within the Google Chrome web browser. Chrome does all the heavy lifting, including selecting a secure password for the account and saving it in Chrome and the linked Google account.
There are some caveats though: first, that sites need to support the feature, and only a few, including Twitter, do at the moment. Second, that it is only available for users signed-in to Chrome and only if password syncing is enabled. Lastly, the feature is rolling out to Chrome on Android users in the United States first. Google plans to launch it in other regions in the coming months.
The feature uses Google's Duplex on the Web technology, which the company introduced in 2019 in Google Assistant to make mundane tasks such as buying movie tickets, flights or ordering food easier.
Google Chrome users who don't sign-in with a Google account or use password syncing won't be able to use the feature.
The new automatic changing of passwords feature makes it easier for Chrome users to change passwords. While limited currently by site and region, it could become a good tool for users to change compromised passwords quickly. Chrome users who prefer to stay in control can do so, for instance by ignoring the feature.
Now You: would you use such a feature?
Will they automatically delete bookmarks they believe are unsafe or not good for their business?
Will they automatically remove software they don’t want you using?
they already hide results in search they don’t want you seeing, and if you consider addons software then they already do that as well.
I use Firefox mainly. When I opened GMail in Firefox yesterday I was informed that I had a series of compromised passwords, along with other lists of multi-used passwords and weak ones.
This was very impressive and also very scary. Scary because I have been so careless over the last 20 years of password use, and also scary because this information is collected and matched.
So, It’s now crystal clear that Google does not only respect my password privacy by scanning the private passwords I have but on top of that Google is also changing my password for me.
The next thing will be that Google is not only changing my private password but also saying that they are not giving me the new password because you do not understand the value, of a strong password? Google knowing there also will let me pay for the change in the immediate feature.
I understand that Google wants stronger passwords but there are a million and one way to do that and also respect my privacy.
“It’s for your own good!”
Yeah no. Too invasive. If you’re going to bother setting this up just use a good passphrase to begin with or a password manager. And don’t use services that don’t hash and salt their databases. Everyone could get hacked sure, but it wouldn’t matter if all databases are properly encrypted.
But we live in the real world where everyone has terrible database security and that’s out of your hands. What can you do? First, limit your dependencies on third-party services. Limit liabilities and don’t put all your eggs in one basket. If Gmail dies tomorrow I have all my old emails backed up, and can switch full-time to Protonmail. For similar reasons I have two checking accounts. I use the Privacy service for virtual credit cards and 33mail for virtual email addresses. I used to have a burner phone app but it was more trouble than it was worth so I got a cheap second phone which I use on a different carrier from my main phone.
Incredible. Basically, companies like Google are saying you are an idiot, let me fix it for you.
Coming soon … they will tell you how to have sex, how to eat, who to date, what is the right job for you.
Your life is not yours anymore. Welcome to the future.
I will not eat the bugs though… but I agree that this patronizing behaviour is incredibly creeping.
These tech giants think they are gods and we’re their cattle.
Google new keeps telling me my account was signed in from a new device (no it wasn’t but it was me). No doubt this works using the same flawed technology. It brings to mind a sign in an old movie.
Funny! That movie’s on TV right now. Everyone’s an android. Only a few know it.
Everyone’s google. Life’s an ad. Almost no one knows it.
I installed Windows 10 on a friends 11 year old laptop yesterday. What I have done in the past is to install Google Chrome, because..well, that’s what “everybody” knows and uses. But this time I fiddled around with Microsoft Edge, changed every damn default setting to something usable (mind you, the same has to be done with Chrome..) slapped on an adblocker and h264ify so the thing was good to go. And I gotta say, there really wasn’t ANY reason to install Google Chrome on that laptop after that. Aging hardware doesn’t need more bloatware to bog it down with extra processes and tasks and so on, plus Microsoft Edge performed really well on it too. Now hear me out, I hate Microsoft. I have HATED Edge with a VENGEANCE in the past.. but now, my hatred isn’t really valid anymore and that’s a good thing.Also, Google have reeked havoc with their almost monopoly in the browserfield for far too long now so they need a slap across the face too. I can’t wait to see Google Chrome usage plummet in the coming years, because it will. And Google can blame themselves for that.
This is bad, but the fact that they censor search results is far, far worse. I’m no fan of Donald Trump in any respect, but he was 100% right when he said that Facebook needs to pay a political price for its actions. And the very same thing applies to Google.
I don’t know. Not disagreeing with your sentiments but look into where much of the misinformation from that dark era came from. The almost a decade of time before King Orange was booted.
No! It’s not a password if you don’t generate it. If you can change their password immediately, that’s better but the basic principle is still dumb.
Most users couldn’t care less though. Sad, trapped in phone culture.