Jun 24 2020 10:52 AM - edited Jun 24 2020 11:01 AM
Note: We are in the process of deploying this feature, so it may be a little while before you see it in your respective channel and build.
Each year, hundreds of millions of usernames and passwords are exposed online when websites or apps—for example, the kind we use to order products—become the target of data breaches.
These leaked username and passwords often end up for sale on the online black market, commonly referred to as the Dark Web. Hackers use automated scripts to try different stolen username and password combinations to hijack people’s accounts. When an account is taken over, its owner can be the target of fraudulent transactions, identity theft, illegal fund transfers, or other illegal activities.
Though people are regularly cautioned against reusing the same username and password combination for more than one online account, it’s a common practice. This leaves them vulnerable on multiple sites when breaches occur.
Password Monitor helps Microsoft Edge customers protect their online accounts by informing them if any of their passwords that have been compromised, so they can update them. Changing their passwords immediately is the best way to prevent their accounts from being hijacked.
How Password Monitor works
After you turn on Password Monitor, Microsoft Edge begins proactively checking the passwords you’ve saved in the browser against a large database of known breached credentials that are stored in the cloud. If any of your passwords match those in the database, they will be shown on the Password Monitor page in Settings > Profiles > Passwords > Password Monitor. Passwords listed there are no longer safe to use and need to be changed immediately.
When your credentials are checked against the database of known leaked credentials, powerful encryption helps prevent your information from being revealed to anyone. Information about which password has been compromised is only available to you.
Turn on Password Monitor
To turn on Password Monitor:
What to do if you discover your password is unsafe
Aug 31 2020 07:18 AM
hi @lwetzel, the launch date for Password Monitor in the Stable channel is not yet public, but that day is not far. Expect more details on this in Oct-Nov timeframe.
Sep 18 2020 01:39 PM
Ok, this password manager and all that went with it, seems to have disappeared in this latest version of Can.. Version 87.0.644.0 (Official build) canary (64-bit).
Is this intentional?
Dennis5mile
Sep 19 2020 03:33 PM
I keep getting alerts that my passwords have leaked online to the same websites over and over again, after I have changed my password(s). When I check the password, it still shows the old one that I have already changed. This is so frustrating!! I had 25 passwords leaked on a scan last night and on probably 90% of them, I had already changed the password. Is this a glitch in the system? I want to continue to have my passwords monitored, but not if this redundancy doesn't stop! Thanks!@Suhrid_Palsule
Oct 02 2020 05:07 AM
Hi @Bamatami,
Sorry you faced this! Password Monitor checks all username-password combinations stored in Microsoft Edge, regardless of whether they are valid or stale credentials.
In order to avoid getting alerts for older passwords (which are no longer valid), you can delete those specific entries from the browser by going to Settings > Profiles > Passwords.
Let me know if this answers your question! :)
Oct 02 2020 05:10 AM
hi@Dennis5mile
thanks for bringing this to our attention! this should not happen, as Password Monitor is available for 100% of Canary and Dev users. Do update to the latest version or restart your browser if you're already using the latest, and let me know if the issue persists.
Oct 02 2020 05:25 AM
Thanks for the reply,
As of Version 87.0.657.0 (Official build) canary (64-bit) everything appears to beback to normal.
Dennis5mile
Oct 02 2020 10:39 AM
Oct 16 2020 05:01 PM
@Suhrid_Palsule I am months late in responding to this, so apologies. Why are the requests to https://edge.microsoft.com/passwordbreach/api/v1 authenticates with a bearer token associated with my account? Doesn't this increase the risk that the information could be associated with me personally?
Rich
Dec 01 2020 09:04 AM
Bearer token authentication is because this feature is available only for signed in users. As far as privacy concerns go, adequate protections are in place to ensure that neither Microsoft nor any other party can get any new information about you from this check. We hope to share more details on the way this check is completed with you in the near future. Thanks!
Dec 01 2020 09:56 AM
Dec 01 2020 10:02 PM
We hear you,@Kam! Password Monitor, like other features, will be brought to the release version when it meets the high standards of quality that Stable channel users deserve and have come to expect. That day is not too far out, although i'm unable to share an exact date here. Thanks for your patience, and self-hosting the feature!
Dec 02 2020 05:29 AM
@Suhrid_Palsule You're welcome!
Dec 08 2020 02:12 PM - edited Dec 08 2020 02:14 PM
Does this feature actually scans for password or does it just try to match the website URL and email address? Because I have a few hits that are very unlikely to have been leak as there's no recent data leak/hack on those sites since the last time I changed password there and it is a unique password so it cannot come from other site being hacked. (ex: bestbuy.ca)
Jan 04 2021 01:54 PM
Jan 10 2021 11:37 AM
Jan 10 2021 12:21 PM