A tweet from leaker Max Weinbach and a report from the Android Police has revealed the wider rollout of a Google Assistant feature that helps automate the time-consuming process of users changing their passwords after a breach in what appears to be a strategic update from the Alphabet Inc owned company.
Weinbach in a post showed some screenshots indicating the leak, with one of them showing a dialog box warning that Chrome on Android has detected that a used password appeared in a breach, and offers the option to “Change automatically.” Another screenshot by Weinbach showed a confirmation box, that asked the user to agree to “Let Google Assistant help you change your password.”
Google Assistant being able to change breached passwords >>>>> pic.twitter.com/Dfcnvhs1S5
— Max Weinbach (@MaxWinebach) May 3, 2022
First announced at the Google I/O last year, the Google Assistant feature only works on supported sites, with the main idea being able to automate as much of the password-changing process as possible. The Assistant when triggered, takes the user directly to the right page for changing their password, while it uses the Chrome’s built-in password manager to generate, and then store, new login details.
Android Police in its own report says the feature also gives the option to manually check whether one’s passwords saved by Chrome have been compromised. It reports that the “Check passwords” option is available in the “Passwords” sub-menu in the browser’s settings and thus when a compromised password is found, a “Change password” button will appear, and it’ll feature a Google Assistant logo if there’s the option of automatically changing it.
Built on Google’s “Duplex on the Web” technology, the security feature is designed in such a way as to help swiftly carry out tasks such as buying movie tickets, checking in to flights, or ordering food. It successfully carries out this act by the process of automating the more routine parts of the process, like scrolling, clicking through multiple pages, and filling out forms.
According to 9to5Google, the password automation is not just getting out but has been rolling out gradually since November 2021 when “some users” were given access.
With the ability to automatically change compromised passwords been offered by password managers in the past, taking cognizance of the amount of people that default to using whatever password manager is built into their browser, the feature could end up having a much larger reach as it rolls out.
It so happens that today is also World Password Day
Culled from The Verge.