Imagine this: you’re logging into an online account, and Chrome flashes a warning—your password has been detected in a data breach or it’s just too easy to guess. In the past, that little warning would be the start of a chore: you’d have to navigate to the site’s password-reset page, come up with something stronger, confirm with your second email, and hope you didn’t lock yourself out along the way. Google thinks it has a better way.

At Google I/O 2025, the company unveiled a new extension of Chrome’s built-in Password Manager: an “automatic password change” feature that, with your permission, can handle the entire reset process for you on supported websites. No more copy-pasting generative-AI-style gibberish into forms, no more juggling tabs—the browser will generate a rock-solid password and update it behind the scenes, all in a few clicks.

Passwords are at the heart of online security, yet surveys show that up to 59% of people reuse the same password across multiple sites, and nearly 30% can’t recall their credentials without a password manager’s help. Chrome’s existing Password Manager already flags weak or compromised credentials, but stopping at a warning hasn’t always spurred action. “If we tell you your password is weak, it’s really annoying to actually have to change your password,” Parisa Tabriz, VP and GM of Chrome, explained. “And we know that if something is annoying, people are not going to actually do it. So we see automatic password change as a win for safety, as well as usability. Overall, that’s a win-win for users.”

By reducing friction, Google hopes to close the gap between awareness and action. When Chrome detects a risky password at sign-in—whether it’s been exposed in a breach or is simply too simplistic—the browser will prompt you with a one-click offer to “Change it for me.” Once you accept, Chrome generates a new, unguessable password and, on compatible sites, submits it through the site’s native change-password form, updating your stored credentials seamlessly.

For the behind-the-scenes magic, Chrome leverages “Duplex on the Web,” the same technology that powers Google Assistant’s ability to interact with web pages on your behalf—like booking movie tickets or checking into flights. Originally announced in 2019, Duplex on the Web lets Chrome “fill in” forms and click buttons just as a human would, ensuring the automated reset mimics your manual process. If a site isn’t yet supported, Chrome will still prompt you to generate a strong password and guide you through a manual change.

Google’s I/O announcement is a heads-up for developers: if your site uses non-standard password-change flows, now’s the time to ensure compatibility. Google is providing technical documentation and APIs so that web and app teams can test their reset forms against Chrome’s automation engine. By marking your change-password endpoints with the proper HTML attributes, you can guarantee users on Chrome will enjoy one-click updates rather than hitting a dead end.

The feature is slated to roll out “later this year” in Chrome on desktop and Android for users who sync their passwords. Initially, it will be available on a curated list of high-traffic sites; over time, Google plans to expand support widely. And don’t worry—Chrome will always ask for your explicit consent before touching your passwords, so you stay in control.

Google isn’t stopping here. The same Duplex-powered automation could soon help you manage two-factor authentication prompts or even rotate SSH keys in developer consoles. As AI assistants become more capable, browsers may evolve from passive vaults into proactive guardians of your digital identity.

For now, though, the promise is simple: reclaim the time you spend on password drudgery, and spend it on whatever matters—whether that’s writing the next great novel or just catching up on sleep. Because in the battle against breaches and bots, your best defense shouldn’t be your own fatigue.