Google has announced a new feature that enables the Chrome browser to automatically replace passwords if they are found compromised in data breaches.
The move is to reduce the stress of manually changing passwords across websites. It comes as a hassle-free option to have your compromised password replaced and stored in your password manager with a stronger one.
“When Chrome detects a compromised password during sign-in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura said in a blog post.
However, website owners have the task of configuring their websites to support this feature. Passwords, with permission, can only be changed on supported websites. “On supported websites, Chrome can generate a strong replacement and update the password for the user automatically,” added in the blog post.
To have this functionality on your website, website owners must include the following:
- Use autocomplete=”current-password” and autocomplete=”new-password” in authentication forms to trigger autofill and storage.
- Make a redirect from <your-website-domain>/.well-known/change-password to the password change form on your website. This will navigate the user to the change password page when a vulnerable password is detected.
The development comes as an innovative approach to ensure stronger authentication mechanisms. Password attacks such as credential stuffing and password spraying are active vectors that hackers increasingly leverage.
For Microsoft, they’ve made all new accounts “passwordless by default” to enhance account security. Users would have to use passkeys for sign-ins.
About Author
