Google Chrome now offers to automatically change your passwords. It sounds like the password problem is solved. Open Chrome, click a button, done.
Not quite.
Chrome's automatic password change feature only works on a small list of partnered websites. Your bank? Probably not supported. Amazon? Not supported. Most of the sites where password security actually matters? Not supported.
Here's what Chrome's feature actually does—and doesn't do.
What Chrome's automatic password change offers
Google introduced automatic password changes as part of Chrome's Password Checkup. When Chrome detects a compromised password, it can offer to change it automatically.
The process:
- Chrome detects your password was in a breach
- If the site is supported, you see "Change password automatically"
- Click the button
- Chrome navigates to the site and changes your password
Sounds perfect. Here's the catch.
The ~50 site limitation
Chrome's automatic password change only works on sites that have partnered with Google and integrated specific scripts.
Currently supported (examples)
| Site | Category |
|---|---|
| Spotify | Streaming |
| Duolingo | Education |
| H&M | Retail |
| Yelp | Reviews |
| Tripadvisor | Travel |
| WordPress.com | Publishing |
Not supported (most sites)
| Site | Category | Why it matters |
|---|---|---|
| Chase, Bank of America | Banking | Financial security |
| Amazon | Shopping | Payment methods stored |
| Gmail, Outlook | Master key to other accounts | |
| Facebook, Instagram | Social | Identity, personal data |
| Netflix, Disney+ | Streaming | Shared accounts, payment |
| Professional | Career reputation | |
| Most others | Everything | ~85% of your accounts |
The supported list is approximately 50 sites. The average person has 80-100 online accounts.
That's roughly 15% coverage.
Why the limitation exists
Chrome's automatic password change uses a protocol called .well-known/change-password. Sites must explicitly implement this to be compatible.
The adoption problem:
- Implementation effort — Sites need to modify their infrastructure
- Testing requirements — Automated changes need extensive QA
- Security concerns — Some sites worry about automated access
- Low priority — Password change UX isn't a competitive advantage
- Regulatory issues — Financial sites have compliance concerns
Most sites simply haven't prioritized it.
What happens with unsupported sites
When Chrome detects a compromised password for an unsupported site, you get:
- A warning that your password was compromised
- A "Change password" button that... opens the site's homepage
- Manual navigation to find the password change form yourself
- Manual entry of new password
- Manual update in Chrome's password manager
You're back to the same 3-5 minute manual process per site.
The math problem
Let's say you have 80 accounts and a breach exposed a password you reused on 30 of them.
With Chrome's automatic change:
- ~5 accounts might be auto-changeable
- 25 accounts need manual changes
- Time saved: ~15 minutes
- Time still required: 1.5+ hours
The promise of "automatic" falls apart at scale.
What Chrome Password Checkup actually does well
To be fair, Chrome's security features aren't useless:
Breach detection
Chrome checks your saved passwords against known breach databases. This detection is valuable—even if the resolution is manual.
Password strength warnings
Chrome flags weak passwords (too short, commonly used patterns).
Reuse detection
Chrome warns when you're using the same password across multiple sites.
Phishing protection
Chrome warns when you enter a saved password on a suspicious site.
The problem isn't detection—it's resolution.
Chrome is good at telling you what's wrong. It's limited in helping you fix it.
What works better for bulk password changes
If you need to change many passwords (after a breach, during security cleanup, or as regular hygiene), you need a solution that works on any site.
AI-powered browser automation
Tools like Dosel use AI to navigate any website's password change flow:
- Import your passwords from Chrome (or any password manager)
- Select accounts to change
- AI navigates each site automatically
- You handle 2FA prompts when they appear
- Export updated passwords back to Chrome
Coverage: Any site with a password change form
How AI automation differs from Chrome's approach
| Feature | Chrome built-in | AI automation |
|---|---|---|
| Site coverage | ~50 partnered sites | Any website |
| Approach | Pre-integrated scripts | Real-time navigation |
| Handles UI changes | Only if partner updates | AI adapts automatically |
| 2FA support | Limited | Pauses for user input |
| Bulk changes | Sequential, mostly manual | Parallel, automated |
| Works offline | No | Yes (local AI) |
The future of Chrome password management
Google is actively improving Chrome's password features. Recent additions include:
- Better organization of saved passwords
- Password sharing with family members
- iOS integration improvements
- More partners for automatic changes
But the fundamental limitation—requiring site-by-site partnerships—means universal coverage is unlikely anytime soon.
The web is too big and too fragmented for a partnership model to scale.
When to use Chrome's built-in features
Chrome's password manager is fine for:
- Day-to-day password storage
- Breach detection and alerts
- Basic password generation
- Sites that do support automatic changes
Chrome works as your storage layer. But you need something else for bulk security actions.
When to use dedicated automation tools
Consider dedicated tools when:
- You need to change 10+ passwords at once
- A breach requires immediate, comprehensive response
- You're doing quarterly/annual password rotation
- Chrome doesn't support your critical sites
- You want faster completion times
Step by step: Exporting from Chrome for automation
If you want to use automation tools with your Chrome passwords:
- Open Chrome → Settings → Passwords
- Click ⋮ (three dots) → Export passwords
- Confirm with your system password
- Save the CSV file
- Import into your automation tool
- Run automated changes
- Import updated CSV back to Chrome
The CSV export/import cycle works with any automation tool and keeps Chrome as your central storage.
Frequently asked questions
Will Chrome eventually support all sites?
Unlikely. The partnership model requires each site to actively implement support. With millions of websites, universal coverage isn't realistic.
Is Chrome's password manager secure enough?
For storage, yes—Chrome uses encryption tied to your Google account. The limitation is in automation, not security.
Can I use Chrome and another tool together?
Yes. Export from Chrome, use automation tools for bulk changes, import results back. Chrome remains your password vault.
Why doesn't Google just use AI like other tools?
Google could build AI automation into Chrome. It would require processing your passwords through cloud AI, which raises privacy concerns. A local-first approach (like standalone automation tools) keeps passwords on your machine.
What about Firefox or Safari?
Firefox and Safari have similar limitations. Their built-in password managers store and detect, but don't offer universal automatic changes.
Change passwords Chrome can't handle
Dosel uses local AI to change passwords on any website—not just the ~50 sites Chrome supports. Your passwords never leave your Mac.
- Works on any site — AI navigates whatever password change form exists
- Bulk changes — 50 passwords in 30 minutes
- Zero-knowledge — Passwords stay on your device
Download Dosel → — 5 free automated password changes per month, no credit card required.
Chrome tells you there's a problem. We help you fix it.