Google Password Manager automates password changes for compromised credentials.
Automated Password Change helps users quickly update passwords found in public data breaches for Chrome desktop users in the US. When Google detects that a saved password was exposed, Google Password Manager can create a strong, unique replacement and update it for your users.
The feature fills out the site's password change form for the user with a new, strong password and saves it to Google Password Manager, all done in the background. This removes the need for manual updates and helps users keep their account secure.
User experience
When a user signs in to a supported website using a compromised password, Google Password Manager may offer to change it for them. If they accept, the Automated Password Change process begins.
Automated password change navigates the website and completes the password update for the user.
The user can cancel it while it's happening. After the process is done, the new password is saved to their Google Password Manager and linked to their Google Account, so it's available on all synced devices.
How compromised passwords are identified
When a user saves a password or signs in to a site, Chrome checks whether the username and password have appeared in a public data breach.
To do so, Chrome uses a privacy-preserving process to compare your encrypted credentials against a list of known breaches. If a match is found, Chrome notifies the user that the password is compromised. Google never sees actual usernames or passwords. For more details, you can read about how Google helps protect your accounts from data breaches on the Google Security Blog.
Lists of compromised passwords are established by public data breaches and security analysts.
Optimization for Automated Password Change
To support Automated Password Change and improve compatibility with Google Password Manager and other tools, implement the following web standards and best practices. These changes help browsers and password managers interact reliably with password-related forms.
Use a well-known change password URL
Use the path /.well-known/change-password to advertise the location of your
password change page. This URL helps browsers and password managers, such as
Google Password Manager, quickly direct users to the right place when a password
update is needed.
For example:
https://yourdomain.com/.well-known/change-password
This improves the user experience and supports features like Automated Password Change. Supporting this path increases the likelihood that your site will be compatible with automated tools.
The URL /.well-known/change-password must redirect to your password change
form.
You can implement the redirect in one of two ways:
- Server-side (recommended):
- Configure your web server (such as Apache or Nginx) to issue a temporary redirect using HTTP status code 302, 303, or 307.
- Avoid using 301 (permanent redirect) in case the destination changes.
- If the user is not signed in, the redirect can take them to a sign-in flow first.
HTML meta refresh (alternative):
- Serve a basic HTML page at the well-known path that performs a client-side redirect:
<!DOCTYPE html> <html> <head> <meta http-equiv="refresh" content="0;url=https://example.com/settings/password"> <title>Redirecting...</title> </head> <body> <p>Redirecting you to the change password page...</p> </body> </html>- The
/.well-known/change-passwordpath must not host the actual password change form. It is meant only for discovery and redirection. See A Well-Known URL for Changing Passwords for more details.
See the Help users change passwords easily by adding a well-known URL for changing passwords article to learn more about the change password well-known URL.
Use autocomplete attributes in forms
Browsers and password managers use the autocomplete attribute to understand
the purpose of form fields. This attribute helps improve autofill accuracy,
enables password generation, and is required for features like Automated
Password Change to work reliably.
Use these autocomplete values:
| Value | Purpose | Common usage |
|---|---|---|
username |
Identifies the account username | Sign-in, sign-up, password change |
current-password |
Field for the existing password | Sign-in, password change |
new-password |
Field for a new password | Sign-up, password change, reset |
The following code snippet shows an example form with autocomplete values:
...
<form action="/https/developer.chrome.com/change-password-handler" method="post">
<div>
<label for="current-pw">Current password:</label>
<input type="password" id="current-pw" name="current-password"
autocomplete="current-password" required>
</div>
<div>
<label for="new-pw">New password:</label>
<input type="password" id="new-pw" name="new-password"
autocomplete="new-password" required minlength="8"
aria-describedby="password-constraints">
<div id="password-constraints">Minimum 8 characters.</div>
</div>
<div>
<label for="confirm-pw">Confirm new password:</label>
<input type="password" id="confirm-pw" name="confirm-password"
autocomplete="new-password" required minlength="8">
</div>
<button type="submit">Change password</button>
</form>
...
Additional best practices
Follow these guidelines to improve the usability and compatibility of your password change forms:
- Use semantic HTML elements such as
<form>,<label>, and<button>. - Verify that labels are properly linked to inputs using the
forandidattributes. - Show password rules with attributes like
minlengthorpattern, and provide inline guidance. - Display a confirmation or error message in proximity to the form.