We celebrated World Password Day last week with the traditional reminder of good practices that all users should take into account for the sake of their security and here is a piece of news that, in part, goes in that direction. The other part is a bit scary, and that is that automatisms are double-edged.
In essence, the headline says it all: Chrome will automatically renew exposed passwords. How is this? How it sounds, but with nuances. The first and most important is that this function will be implemented on Android Chrome, rather than on PCalthough everything indicates that sooner rather than later it will also be a feature available in the latter.
However, since you may have gotten lost, let me remind you how you got here. It all starts with the widespread interest in improving the management of passwords stored by current web browsers, which we could well consider to be the most popular password managers, even though they are not. In fact, it is still recommended to use a separate password manager for the task.
Now, reality is what it is and since many people use the browser for everything, what less than password management is adequate. Google has been improving Chrome’s capabilities in this regard for some time and the improvements, forgive the redundancy, have been continuous: from the editing option to alerts for weak passwords and their repair.
Even before and following in the footsteps of Firefox (Mozilla was the pioneer, although it is a widespread function among password managers), Chrome implemented the alert for exposed passwords, that is, when it is detected that a password has been compromised after some time. type of attack (for example, a security breach on a site where you have registered an account), the browser warns you and prompts you to change it.
The improvement in password management is still a pending task for many users
Well, Chrome is now going to go a step further and not only notify when it detects that there are passwords that have been exposed, but also will change them automatically, for added security and convenience of the user, as it is being counted. How will do? Through the Google assistant on Android, so the user will be aware of the problem at all times -and its solution.
It’s a little scary that the browser -or the software, as a whole- cooks and eats it in such a way, but if the process is transparent it is a good measure… for those who use Chrome as a browser and manager of primary or secondary passwords.
To the question of how they will verify that a password has been exposed, the answer is as they have done so far: periodically checking the well-known Have I Been Pwned database, the one used by all the applications in the segment, from Firefox to dedicated password managers like KeePass or others. Even so, it is still convenient to renew old passwords from time to time.
However, this new feature will not work with all sites, just some, at least for now. And although the reason has not been explained, experts point out the different procedures of websites to modify passwords and the difficulty of adapting to all of them. It is common, for example, to have to verify password changes via email, and these issues need to be handled with care.
It is understood, therefore, that this change is aimed not only at Chrome users, but also at Google users, but since it is in its early stages of implementation, we will have to wait to see how it evolves.
