Microsoft Edge Password Monitor feature begins rolling out

Page 1 of 3 123 LastLast
    Microsoft Edge Password Monitor feature begins rolling out

    Microsoft Edge Password Monitor feature begins rolling out


    Last Updated: 26 Jun 2020 at 15:03

    How to Enable or Disable Password Monitor in Microsoft Edge Chromium



    Use Password Monitor to help protect your passwords online

    Note: We are in the process of deploying this feature, so it may be a little while before you see it in your respective channel and build.

    Each year, hundreds of millions of usernames and passwords are exposed online when websites or apps—for example, the kind we use to order products—become the target of data breaches.

    These leaked username and passwords often end up for sale on the online black market, commonly referred to as the Dark Web. Hackers use automated scripts to try different stolen username and password combinations to hijack people’s accounts. When an account is taken over, its owner can be the target of fraudulent transactions, identity theft, illegal fund transfers, or other illegal activities.

    Though people are regularly cautioned against reusing the same username and password combination for more than one online account, it’s a common practice. This leaves them vulnerable on multiple sites when breaches occur.

    Password Monitor helps Microsoft Edge customers protect their online accounts by informing them if any of their passwords that have been compromised, so they can update them. Changing their passwords immediately is the best way to prevent their accounts from being hijacked.

    How Password Monitor works

    After you turn on Password Monitor, Microsoft Edge begins proactively checking the passwords you’ve saved in the browser against a large database of known breached credentials that are stored in the cloud. If any of your passwords match those in the database, they will be shown on the Password Monitor page in Settings > Profiles > Passwords > Password Monitor. Passwords listed there are no longer safe to use and need to be changed immediately.

    When your credentials are checked against the database of known leaked credentials, powerful encryption helps prevent your information from being revealed to anyone. Information about which password has been compromised is only available to you.

    Turn on Password Monitor

    To turn on Password Monitor:

    1. Make sure you’re signed in to Microsoft Edge using your Microsoft account or your work or school account.
    2. In your browser settings, go to Profiles > Passwords.
    3. Turn on the toggle next to “Show alerts when passwords are found in an online leak”. After the toggle is turned on, any unsafe passwords will be displayed on the Password Monitor page in your browser settings > Passwords.


     What to do if you discover your password is unsafe

    1. Go to Settings > Profiles> Passwords > Password Monitor.
    2. For each account where your password is shown to be unsafe, select the Change Password button. You’ll be taken to the relevant website. Change your password.
    3. If an entry in the list of compromised passwords is no longer relevant to you, you can ignore it by clicking Ignore.


    Source: https://techcommunity.microsoft.com/...ne/m-p/1487025


    Latest Microsoft Edge released for Windows

    Brink's Avatar Posted By: Brink
    25 Jun 2020


  1. Posts : 7,257
    Windows 10 Pro 64-bit
       #1

    198 compromised passwords according to it. I think their system is flawed.
      My Computers


  2. Posts : 13,979
    Windows 10 Pro X64 21H1 19043.1503
       #2

    It's idiotic. Unless the password has context to it the fact that it's "Known in the cloud" is meaningless. It's like saying every word in the dictionary is "Known in the Cloud".
      My Computers


  3. Posts : 2,557
    Windows 10 pro x64-bit
       #3

    I already have LastPass and don't need a second Password Manager, Sorry to say that if one is starting to have 3-4 Password Managers to deal with, your passwords aren't any safer.
      My Computers


  4. Posts : 13,979
    Windows 10 Pro X64 21H1 19043.1503
       #4

    It's not a password manager, it's a password threat assessment tool that doesn't work.

    The password manager is built into Edge and works well but not as well or secure as LastPass.
      My Computers


  5. Posts : 3,257
    Windows 10 Pro
       #5

    Ztruker said:
    It's idiotic. Unless the password has context to it the fact that it's "Known in the cloud" is meaningless. It's like saying every word in the dictionary is "Known in the Cloud".
    Actually, that's exactly true. Every dictionary word is "known in the cloud" and why dictionary attacks are so successful.

    Consider this. Imagine hackers taking these known passwords, and running them against every username/email from other compromised sites against every other site. They're going to get lots of hits, and brute force a ton of accounts.

    Do you NOT want to know that your exact password is in a published list of dictionary attack vectors? You need to re-assess your secops if you think using known dictionary passwords is a good idea. (and that includes non-actual dictionary words, but exist in a "dictionary" of passwords known to be compromised).

    You may think.. "They'd have to know my username". Chances are, they probably do. If they've compromised a site that you are on, they also have a dictionary of usernames to try the list on.
      My Computer


  6. Posts : 13,979
    Windows 10 Pro X64 21H1 19043.1503
       #6

    Mystere, good point. I had not thought this through.

    Thank you.
      My Computers


  7. Posts : 2,557
    Windows 10 pro x64-bit
       #7

    Ztruker said:
    It's not a password manager, it's a password threat assessment tool that doesn't work.

    The password manager is built into Edge and works well but not as well or secure as LastPass.
    Very nice of you to remind me of the difference. It is like the one in Firefox which doesn't have all the features of a real password manager. I feel safer with LastPass. Maybe it is just me...
      My Computers


  8. Posts : 13,979
    Windows 10 Pro X64 21H1 19043.1503
       #8

    Yeah, very similar to Firefox/Mozilla/Seamonkey. No security at all compared to LastPass.
      My Computers


  9. Posts : 3,257
    Windows 10 Pro
       #9

    Ztruker said:
    Mystere, good point. I had not thought this through.
    Thank you.
    Security is "hard". It's a saying you might have heard before, but most people don't really get just how hard, particularly with computers. Things that seem like common sense for a human don't always apply when you have an army of botnets out there to do your bidding.

    One argument i hear a lot for people that run websites is "Hey, i'm not big enough to be a target", but that's not really thinking about what a target is. A target is any site that can be compromised, which can then be used to assist in compromising other sites. It may not be your content they care about, but even the smallest sites are targets.

    This doesn't really apply here, but i was just using it as an example. Security is hard, and annoying... because stuff that is easy for you is also easy for attackers.

    Sorry, don't mean to get on my soapbox.. i'm not perfect either.. i recently had my amazon account hacked because my email service was compromised, and they sent password reset requests and didn't have multi-factor auth... luckily they sent a text saying it had been reset.. still took me 10 days to unfreeze my account (including getting a new email service provider).
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:37.
Find Us




Windows 10 Forums