Google Chrome security Google Chrome may soon use AI to replace compromised passwords Rather than just warn you, Chrome will guide you to making a better password. Kevin Purdy Feb 11, 2025 2:01 pm | 19 Credit: Google Credit: Google Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreGoogle's Chrome browser might soon get a useful security upgrade: detecting passwords used in data breaches and then generating and storing a better replacement. Google's preliminary copy suggests it's an "AI innovation," though exactly how is unclear.Noted software digger Leopeva64 on X found a new offering in the AI settings of a very early build of Chrome. The option, "Automated password Change" (so, early stagesas to not yet get a copyedit), is described as, "When Chrome finds one of your passwords in a data breach, it can offer to change your password for you when you sign in."Chrome already has a feature that warns users if the passwords they enter have been identified in a breach and will prompt them to change it. As noted by Windows Report, the change is that now Google will offer to change it for you on the spot rather than simply prompting you to handle that elsewhere. The password is automatically saved in Google's Password Managerand "is encrypted and never seen by anyone," the settings page claims.If you want to see how this works, you need to download a Canary version of Chrome. In the flags settings (navigate to "chrome://flags" in the address bar), you'll need to enable two features: "Improved password change service" and "Mark all credential as leaked," the latter to force the change notification because, presumably, it's not hooked up to actual leaked password databases yet. Go to almost any non-Google site, enter in any user/password combination to try to log in, and after it fails or you navigate elsewhere, a prompt will ask you to consider changing your password. The prompt that comes up when you enter a password found in a data breach, inside the experimental feature now in Chrome's Canary version. Kevin Purdy The prompt that comes up when you enter a password found in a data breach, inside the experimental feature now in Chrome's Canary version. Kevin Purdy Clicking the info button at bottom left provides a bit more context. Kevin Purdy Clicking the info button at bottom left provides a bit more context. Kevin Purdy You are pushed directly into a prompt for Google Password Manager to re-save a better version of your password. Kevin Purdy You are pushed directly into a prompt for Google Password Manager to re-save a better version of your password. Kevin Purdy Clicking the info button at bottom left provides a bit more context. Kevin Purdy You are pushed directly into a prompt for Google Password Manager to re-save a better version of your password. Kevin Purdy It's unclear from Leopeva64's images, or subsequent blog reports, how exactly this feature is one of Chrome's "AI innovations," as it is labeled in the settings menu. As noted, Chrome was already detecting the presence of passwords in repositories of leaked passwords, like Have I Been Pwned. The handoff from that prompt to creating a new password in Google's Password Manager wouldn't seem to require "AI" to generate something new and secure and save it with encryption; that is something password managers have long been able to do.Smart algorithms that existed long before the current AI boom are coming forward with new labels, and this might be one of them. Perhaps Google's AI is doing a better job of creating a secure password. Regardless of whether it's a bit of oversellingand whether that description changes in the final release, if that release occursit's a net good to nudge people toward better, non-reused passwords.Kevin PurdySenior Technology ReporterKevin PurdySenior Technology Reporter Kevin is a senior technology reporter at Ars Technica, covering open-source software, PC gaming, home automation, repairability, e-bikes, and tech history. He has previously worked at Lifehacker, Wirecutter, iFixit, and Carbon Switch. 19 Comments