Although stolen credentials have been a problem for as long as there have been computers, they have become far more problematic in recent years. Microsoft is attempting to help Edge users avoid the pitfalls of leaked passwords with a new password monitor integrated into the Edge browser. The Microsoft Edge Password Monitor lets users know if they are using a password that is known to have been compromised. In this article we will explore how Microsoft Edge Password Monitor works.
There are two main reasons for the uptick in stolen credentials: For one thing, cyber criminals maintain massive databases containing billions of leaked credentials. Access to these databases is sold on the dark web, meaning that almost anyone can gain access to stolen credentials. The other reason why leaked credentials are becoming a bigger problem is that many people use the same password on multiple websites. If such a password happens to become compromised, an attacker could potentially impersonate the account holder on any number of sites, doing a huge amount of damage to the person in the process. Just think about how many sites store credit card data to make future purchases easier.
How to Access Microsoft Edge Password Monitor
To access Microsoft Edge Password Monitor, open the Edge browser and then go to Settings. Once the Settings screen opens, click on the Profiles tab and click Passwords. This brings up the Passwords screen shown in Figure 1.
There are a number of password management settings available within the Edge browser.
As you look at the screen capture above, you will notice that the browser contains a setting labeled Show Alerts When Passwords are Found in an Online Leak. You can enable the Password Monitor by simply switching this setting on.
Microsoft Edge Password Monitor’s biggest limitation is that it can only check passwords that have been saved by the Edge browser. Incidentally, if you scroll down a bit, you can see which websites passwords have been saved for, as well as each password’s health. This is actually a great place to begin assessing your online passwords, even before you begin using Password Monitor.
If you look at Figure 2, you can see that I have saved a password for one website. This password’s health is expressed as an icon in which two of three bars are lit up.
Health information is displayed for each saved password.
Another thing that you will notice in the screen capture above is that there is a blue question mark icon just to the right of the Health column. Clicking on this icon causes Edge to reveal a legend that tells you what the various health status icons mean. The two-bar icon displayed for the sample password that appeared in the previous screen capture indicates that the password is either weak or is in use on more than one site. A single bar indicates that the password is both weak and has been reused. Three bars indicates that the password is not known to be vulnerable. As you can see in Figure 3, there are also icons corresponding to leaked passwords and ignored passwords.
This legend indicates what the various password health status icons mean.
Once you have configured the Edge browser to alert you when passwords are found to have been leaked, you can click the View Results link to see if any of your passwords have been compromised. The first time that you click on this leak, you will be taken to a screen like the one shown in Figure 4. This screen provides an introduction to how Password Monitor works, while also indicating that the system has never been scanned for leaked passwords.
This system has never been scanned for leaked passwords.
Click the Scan Now button shown in the figure above, and the Edge browser will compare all of your saved passwords against Microsoft’s database of password leaks. When you click this button, it may at first appear that nothing is happening. If that happens, then just refresh the browser by clicking on the Refresh icon to the left of the address bar. When the screen refreshes, you should see a message indicating that a scan is in progress. You can see what this looks like in Figure 5.
The scan has begun, and any leaked passwords are displayed on this screen.
If any of the saved passwords are found to have been leaked, you will be alerted so that you can change those passwords. Leaked passwords are displayed on the screen shown in the previous figure. It is worth noting that the leaked password scan can take quite a while to complete. The scan shown in the figure above took several hours.