Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Microsoft to Add Compromised Password Notification to Edge

Microsoft on Monday announced several new features for its Edge web browser, including one that will alert users if the credentials they have saved to autofill have been compromised as a result of a third-party data breach.

Microsoft on Monday announced several new features for its Edge web browser, including one that will alert users if the credentials they have saved to autofill have been compromised as a result of a third-party data breach.

Online services often get hacked and these intrusions can result in millions of username and password combinations getting stolen. While the affected service may reset passwords to prevent abuse, it’s not uncommon for users to set the same password for other websites as well, leaving them exposed to credential stuffing attacks.

Microsoft says the Password Monitor feature in Edge will notify users if the password they are entering using autofill has been offered for sale on dark web sites.

“If Microsoft Edge uncovers a match with any of your saved username + passwords, you will receive a notification from within the browser prompting you to take action,” explained Microsoft’s Liat Ben-Zur. “Through a dashboard in Settings, you can view a list of all leaked credentials and get routed to their respective websites to change your password. Once the password has been changed, save the new credential to autofill and continue browsing with peace of mind knowing that Microsoft Edge and Password Monitor have your back.”

According to Ben-Zur, the Password Monitor feature will be rolled out to the Insider channels in the next few months.

It’s worth noting that Firefox and Chrome have been warning users about compromised passwords since October 2019 — that is when they added the feature to their built-in password manager.

Microsoft also announced on Monday that Edge will have a tracking prevention feature to ensure users are not being tracked by websites they haven’t accessed directly, and that it’s enhancing the InPrivate browsing mode.

Related: Microsoft Boosts PUA Protections in Edge

Related: Microsoft Not Concerned About Disclosed Edge, IE Flaws

Related: Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.