Security Experts:

Microsoft to Add Compromised Password Notification to Edge

Microsoft on Monday announced several new features for its Edge web browser, including one that will alert users if the credentials they have saved to autofill have been compromised as a result of a third-party data breach.

Online services often get hacked and these intrusions can result in millions of username and password combinations getting stolen. While the affected service may reset passwords to prevent abuse, it’s not uncommon for users to set the same password for other websites as well, leaving them exposed to credential stuffing attacks.

Microsoft says the Password Monitor feature in Edge will notify users if the password they are entering using autofill has been offered for sale on dark web sites.

“If Microsoft Edge uncovers a match with any of your saved username + passwords, you will receive a notification from within the browser prompting you to take action,” explained Microsoft’s Liat Ben-Zur. “Through a dashboard in Settings, you can view a list of all leaked credentials and get routed to their respective websites to change your password. Once the password has been changed, save the new credential to autofill and continue browsing with peace of mind knowing that Microsoft Edge and Password Monitor have your back.”

According to Ben-Zur, the Password Monitor feature will be rolled out to the Insider channels in the next few months.

It’s worth noting that Firefox and Chrome have been warning users about compromised passwords since October 2019 — that is when they added the feature to their built-in password manager.

Microsoft also announced on Monday that Edge will have a tracking prevention feature to ensure users are not being tracked by websites they haven’t accessed directly, and that it’s enhancing the InPrivate browsing mode.

Related: Microsoft Boosts PUA Protections in Edge

Related: Microsoft Not Concerned About Disclosed Edge, IE Flaws

Related: Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.