How to Use Chrome, Firefox, or Safari to Change All of Your Bad Passwords

By David Nield on at

Passwords have long been a vulnerable way to safeguard your online accounts, which is why measures like two-factor authentication are now so widespread. Web browsers are also adding more features to try and promote good password habits.

Chrome, Firefox, and Safari all have features warning you if you’re using a password that needs to be changed for whatever reason. The new Microsoft Edge will remember passwords for you, but won’t warn you about bad ones or ones that have been exposed (at least not yet – the revamped version only made its debut earlier this year).

We’d still recommend using a password manager as the very best and most secure way of keeping managing all your login credentials, because you’ll get a whole bunch of other features on top (and the services work across multiple devices, too).

But using your browser’s built-in warning system is certainly better than nothing. Here’s how to manage your passwords in Chrome, Firefox, and Safari.

Chrome

Chrome’s password manager is tied to your Google account and watches out for passwords you’re entering in other places, such as apps on Android. Open the Chrome menu (three dots, top right), then choose Settings and Passwords to access the manager.

At the top of your password list you’ll see a warning if any of your login credentials have been involved in a data breach, aren’t strong enough, or are being used across multiple accounts. Click Check passwords to run a test. You can also get to the same service by heading to the Password Checkup page on the web.

The test will turn up any problematic passwords. Google checks a variety of online sources to spot data breaches, and will also flag passwords that are repeated or that use “obvious phrases, simple keyboard patterns, and single words” that make them easy to guess. You’ll be able to see what the problem is alongside the password.

Helpfully, Google provides the relevant links for changing your passwords on those other sites right away, if possible, though you won’t always land on exactly the right webpage. If you click inside the field for entering a new password, Google should suggest a strong one for you if you don’t want to think up one yourself. (Bonus: You won’t have to remember it, because it’ll be stored in your Google account.)

If you’re using Chrome and signed in with your Google account, you’ll see a warning whenever you sign into an account using a password that has been exposed or compromised in some way. You can choose to access the same password management screen from the pop-up warning. To turn this warning off, go to the chrome://flags page and turn the Password Leak Detection flag to Disabled. (But we recommend you keep it on – it’s useful info.)

Firefox

Firefox also stores your passwords for you and syncs them between devices. To manage your passwords, open the Firefox menu (three lines, top right), and choose Preferences and Privacy & Security. Under the Logins and Passwords heading, you can see the login credentials Firefox has saved, and change them if needed.

What Firefox doesn’t do is warn you about passwords that have been duplicated or that are weak. It will suggest randomised strong passwords for you, if you’re on a sign-up page, so you can use that option to make sure your passwords are hard to guess, but you won’t get warnings about existing passwords.

You can get warnings about data breaches that have exposed your credentials using a standalone tool called Firefox Monitor (this can actually be used with or without the Firefox browser). Type in any of your email addresses, and Firefox Monitor will tell you if you’ve got anything to worry about.

For more features and instant alerts about breaches, create a free Firefox account and use it to sign into Firefox Monitor. You’ll be able to monitor the status of several email accounts at the same time, and get detailed information about which of your accounts have been exposed on the web, including the specific types of data that were leaked (such as passwords or payment information).

Follow any of the Resolve this breach links to fix the problem – you can read more about the actual breach, and follow the Change password for this site link to go to the relevant site and change your password. Firefox Monitor will also show a warning if you visit a site that’s been involved in a major data breach and start to log in.

Safari

Safari remembers and syncs your data across multiple devices linked by your Apple ID. From the Safari browser on macOS, you can get to your passwords by opening the Safari menu and then choosing Preferences and Passwords.

You’ll see a little yellow exclamation mark symbol next to any password that there’s a problem with – as in, the password is a duplicate or could be easily guessed. Click the yellow icon to see what the problem is, and to get a web link you can use to change your password straight away. You can also select any entry in the list and click on Details... to find the link.

As with Chrome and Firefox, Safari will suggest strong passwords for you if it detects that you’re signing up for a new account somewhere on the web. It will then remember these strong passwords for you, too, so you can get into sites and apps without doubling up on your login credentials or picking weak ones.

There’s no feature for checking your usernames and passwords against data breaches at the moment, but that’s coming with macOS Big Sur. In addition to spotting duplicate passwords and weak passwords, Safari will also warn you if your login credentials have found their way on to the web. When the software rolls out this fall, you’ll be able to see which sites have been compromised under Safari, Preferences, then Passwords. A yellow warning label will appear next to any compromised passwords you’ve saved to iCloud Keychain, in addition to a link to change the password. Safari is tightening up its data-tracking protections even further in the next version of the browser, too, with a new Privacy Report feature that tells you which sites have been blocked from tracking you around the web.