“When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically. On supported websites, Chrome can generate a strong replacement and update the password for the user automatically,” – Google.
The new functionality is based on existing password manager capabilities that allow users to generate strong passwords when signing up and track credentials affected by known data leaks.
According to Google, the purpose of automatic password is to mitigate friction and help users keep their accounts secure without going to advanced settings or interrupting their work.
Website owners can enable this feature using the following methods:
- use autocomplete=”current-password” and autocomplete=”new-password” to enable autofilling and saving; and
- set a redirect from /.well-known/change-password to the change password page of your website.
“It would be much easier if password managers could navigate the user directly to the change-password URL. This is where a well-known URL for changing passwords becomes useful. By reserving a well-known URL path that redirects the user to the change password page, the website can easily redirect users to the right place to change their passwords,” – Google.