Google Chrome may soon use “AI” to detect leaked passwords and replace them – Ars Technica
Rather than just warn you, Chrome will guide you to making a better password.
Google’s Chrome browser might soon get a useful security upgrade: detecting passwords used in data breaches and then generating and storing a better replacement. Google’s preliminary copy suggests it’s an “AI innovation,” though exactly how is unclear.Noted software digger Leopeva64 on X found a new offering in the AI settings of a very early build of Chrome. The option, “Automated password Change” (so, early stages—as to not yet get a copyedit), is described as, “When Chrome finds one of your passwords in a data breach, it can offer to change your password for you when you sign in.”Chrome already has a feature that warns users if the passwords they enter have been identified in a breach and will prompt them to change it. As noted by Windows Report, the change is that now Google will offer to change it for you on the spot rather than simply prompting you to handle that elsewhere. The password is automatically saved in Google’s Password Manager and “is encrypted and never seen by anyone,” the settings page claims.If you want to see how this works, you need to download a Canary version of Chrome. In the flags settings (navigate to “chrome://flags” in the address bar), you’ll need to enable two features: “Improved password change service” and “Mark all credential as leaked,” the latter to force the change notification because, presumably, it’s not hooked up to actual leaked password databases yet. Go to almost any non-Google site, enter in any user/password combination to try to log in, and after it fails or you navigate elsewhere, a prompt will ask you to consider changing your password.It’s unclear from Leopeva64’s images, or subsequent blog reports, how exactly this feature is one of Chrome’s “AI innovations,” as it is labeled in the settings menu. As noted, Chrome was already detecting the presence of passwords in repositories of leaked passwords, like Have I Been Pwned. The handoff from that prompt to creating a new password in Google’s Password Manager wouldn’t seem to require “AI” to generate something new and secure and save it with encryption; that is something password managers have long been able to do.Smart algorithms that existed long before the current AI boom are coming forward with new labels, and this might be one of them. Perhaps Google’s AI is doing a better job of creating a secure password. Regardless of whether it’s a bit of overselling—and whether that description changes in the final release, if that release occurs—it’s a net good to nudge people toward better, non-reused passwords.Ars Technica has been separating the signal from
the noise for over 25 years. With our unique combination of
technical savvy and wide-ranging interest in the technological arts
and sciences, Ars is the trusted source in a sea of information. After
all, you don’t need to know everything, only what’s important.
