Note: We are in the process of deploying this feature, so it may be a little while before you see it in your respective channel and build.

Each year, hundreds of millions of usernames and passwords are exposed online when websites or apps—for example, the kind we use to order products—become the target of data breaches. 

These leaked username and passwords often end up for sale on the online black market, commonly referred to as the Dark Web. Hackers use automated scripts to try different stolen username and password combinations to hijack people’s accounts. When an account is taken over, its owner can be the target of fraudulent transactions, identity theft, illegal fund transfers, or other illegal activities. 

Though people are regularly cautioned against reusing the same username and password combination for more than one online account, it’s a common practice. This leaves them vulnerable on multiple sites when breaches occur.  

Password Monitor helps Microsoft Edge customers protect their online accounts by informing them if any of their passwords that have been compromised, so they can update them. Changing their passwords immediately is the best way to prevent their accounts from being hijacked.  

How Password Monitor works 

After you turn on Password Monitor, Microsoft Edge begins proactively checking the passwords you’ve saved in the browser against a large database of known breached credentials that are stored in the cloud. If any of your passwords match those in the database, they will be shown on the Password Monitor page in Settings > Profiles > Passwords > Password Monitor. Passwords listed there are no longer safe to use and need to be changed immediately.  

When your credentials are checked against the database of known leaked credentials, powerful encryption helps prevent your information from being revealed to anyone. Information about which password has been compromised is only available to you.   

Turn on Password Monitor  

To turn on Password Monitor:  

1. Make sure you’re signed in to Microsoft Edge using your Microsoft account or your work or school account. 
2. In your browser settings, go to Profiles > Passwords. 
3. Turn on the toggle next to “Show alerts when passwords are found in an online leak”. After the toggle is turned on, any unsafe passwords will be displayed on the Password Monitor page in your browser settings > Passwords. 

 What to do if you discover your password is unsafe  

1. Go to Settings > Profiles> Passwords > Password Monitor. 
2. For each account where your password is shown to be unsafe, select the Change Password button. You’ll be taken to the relevant website. Change your password. 
3. If an entry in the list of compromised passwords is no longer relevant to you, you can ignore it by clicking Ignore.