Microsoft Edge Password Monitor feature begins rolling out

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 2,557
    Windows 10 pro x64-bit
       #10

    Any respectful site or company dealing with users' passwords should have your passwords salted by rehashing them. That makes it very, very hard for any hacker to brute force them. I am pretty sure LastPass is one of those respectful sites.
      My Computers


  2. Posts : 3,257
    Windows 10 Pro
       #11

    IronZorg89 said:
    Any respectful site or company dealing with users' passwords should have your passwords salted by rehashing them. That makes it very, very hard for any hacker to brute force them. I am pretty sure LastPass is one of those respectful sites.
    Indeed, that's best practice.. but one thing most people don't realize is that attackers have dictionaries of salted dictionaries as well. Some sites use the same salt for every password, which is just as bad.

    Each password should be salted with a different salt value for real security.. lots of website designers think they know how to do security, and frequently they are wrong. Or, they use a compromised library to do it. Or, they think they can roll their own (nobody should ever do thism unless they can also have it peer reviewed)

    Also, FYI, LastPass and other password managers are probably a bad example. They, by nature of their business, can't hash passwords because they have to be recovered to use them to log in to other sites.

    The passwords they use to log in to lastpass itself are actually more like PKI encryption, because the password is used (in part) to decrypt the database. But this method doesn't save the password in any form anyways, so it's effectively similar to a hashed and salted password.

    Honstly, servers are powerful enough now that they should all be using PKI for authentication rather than saving a salted hash, which can become compromised.
      My Computer


  3. Posts : 2,557
    Windows 10 pro x64-bit
       #12

    @Mystere,

    Good reasoning, but salted passwords + Multifactor authentication, i.e, sending a code to your smartphone or cell phone make it very hard for anyone to use your password in order to get access to your account.
      My Computers


  4. Posts : 3,257
    Windows 10 Pro
       #13

    IronZorg89 said:
    @Mystere,
    Good reasoning, but salted passwords + Multifactor authentication, i.e, sending a code to your smartphone or cell phone make it very hard for anyone to use your password in order to get access to your account.
    Yes, MFA is a great tool, not everyone can use it though.. SMS systems cost a lot of money.

    It will be less than 10 years probably before Quantum computing makes current hashing pointless.. hopefully they'll have decent anti-quantum hashes by then.
      My Computer


  5. Posts : 2,557
    Windows 10 pro x64-bit
       #14

    Mystere said:
    Yes, MFA is a great tool, not everyone can use it though.. SMS systems cost a lot of money.

    It will be less than 10 years probably before Quantum computing makes current hashing pointless.. hopefully they'll have decent anti-quantum hashes by then.
    Hopefully, because everything is becoming a technological race. We are living in a world where we have to be constantly on our guards especially in regards to anything that can generate big earnings moneywise.
      My Computers


  6. Posts : 7,290
    Windows 10 Pro 64 bit
       #15

    I sometimes use haveibeenpwned to check whether my passwords have been breached Have I Been Pwned: Pwned Passwords

    What online databases are Microsoft revealing your sensitive passwords to?
      My Computers


  7. Posts : 2,078
    Windows 10 Pro
       #16

    Great thread....I'm glad I found and read it all. I'm now a LastPass user. Thanks.
      My Computer


  8. Posts : 22
       #17

    Hi,

    One thing that would help is if there were a big financial penalty for sites that are hacked. So that they would have a financial incentive to properly secure there websites. Truly annoys me when a company is hacked and user information is compromised and the company release a statement that this stuff happens...
      My Computer


  9. NMI
    Posts : 1,031
    Windows 11 Pro, Version 22H2
       #18

    Steve C said:
    What online databases are Microsoft revealing your sensitive passwords to?
    None:

    Password Monitor

    Microsoft Edge is committed to keeping you safe on the web. To help keep your personal information private and secure, if you are signed into Microsoft Edge, Password Monitor alerts you if your credentials have been exposed in a third-party data breach. If Password Monitor is turned on, your saved credentials are hashed and encrypted locally on your device, sent to Microsoft servers over HTTPS, and compared against an encrypted list of known breached credentials. Your signed-in account identifier is securely sent along with your hashed and encrypted credentials to the Password Monitor service. If a credential is found in the list of known breached credentials, Microsoft sends an encrypted response back to your version of Microsoft Edge to warn you that your credential was detected as part of a hack or breach. No data is stored on Microsoft servers after the check is complete.The feature is only available for users signed into Microsoft Edge. Microsoft Edge asks for your permission to turn on Password Monitor. To turn Password Monitor on or off, go to edge://passwords.

    Microsoft Edge Privacy Whitepaper - Password Monitor
      My Computer


  10. Posts : 13,961
    Windows 10 Pro X64 21H1 19043.1503
       #19

    I'd like to try this but I don't have it yet.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 10:25.
Find Us




Windows 10 Forums