Forum Discussion
Use Password Monitor to help protect your passwords online
Suhrid_Palsule does it check the actual password or hash of it?
I guess it is hash checking because checking the blank password is privacy concern.
It would be interesting to implement this for other user inputs like Credit Cards, National ID Number, ...
I have observed several stolen Credit Card number on Dark Web too.
- Suhrid_PalsuleJun 25, 2020MicrosoftYes, the latter. Advanced privacy-preserving methods are used to ensure that the actual username-password remains protected.
True - there are data-types other than login information available online. Those are presently beyond the scope of Password Monitor.- rshupakOct 17, 2020Iron Contributor
Suhrid_Palsule I am months late in responding to this, so apologies. Why are the requests to https://edge.microsoft.com/passwordbreach/api/v1 authenticates with a bearer token associated with my account? Doesn't this increase the risk that the information could be associated with me personally?
Rich
- Suhrid_PalsuleDec 01, 2020Microsoft
Bearer token authentication is because this feature is available only for signed in users. As far as privacy concerns go, adequate protections are in place to ensure that neither Microsoft nor any other party can get any new information about you from this check. We hope to share more details on the way this check is completed with you in the near future. Thanks!