23 March, 2023

Chrome Wants to Make It Easier to Reset Compromised Passwords

Apple already offers a similar feature for Safari and iCloud keychain.

Google Chrome will soon roll out a way that will allow users to easily reset the passwords that have been compromised in data breaches. Apparently taking a cue from Apple, Google plans to introduce the new feature in Chrome 86 that will allow users to know and easily change their stored credentials, such as usernames and passwords, when they are reported compromised. Apple has reportedly been using this feature since 2018 in Safari Web browser and iCloud Keychain.

According to a post sent to the Blink-Dev (Blink is the browser engine used by Chromium project) mailing list, accessed by Bleeping Computer, Google plans to introduce a way for websites to declare the change password pages, that information will then be used to help users quickly navigate to change password pages to update their credentials in the case of a data breach. Apple had developed the specification for declaring a change password URL and Google plans to use the specification.

“Chrome will leverage this change password URL to help users easily change their weak / compromised passwords following a bulk password check (Desktop, Android, iOS). We want to ship this to 100% in M86,” wrote Ali Sarraf, a product manager at Google, in the Blink-dev mailing list.

In order to understand the functioning, we first need to understand Google Chrome’s “Check passwords” feature. When the browser finds that a password has been compromised in a data breach, it displays a “Change password” button. If a website has defined change password URL, clicking on the “Change password” button will directly connect to the site’s change password URL. If the support is not present, the user will be redirected to the site’s homepage.