Microsoft Edge will warn users if their credentials have been compromised

Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised.

Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data breach.

“Today, we’re announcing Password Monitor in Microsoft Edge to help keep your online accounts safe from hackers. When enabled, Password Monitor is a feature that notifies you if the credentials you’ve saved to autofill have been detected on the dark web.” reads the advisory published by Microsoft.

In recent months, credential stuffing attacks continues to be a growing threat.

Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and third-party data breaches. This kind of attack is very efficient due to the bad habit of users of reusing the same password over multiple services.

To prevent that threat actors could abuse credentials obtained from third-party data breaches, the Microsoft Password Monitor feature implemented in the Edge web browser will notify users if the password they are entering using autofill has been offered for sale on the dark web.

“If Microsoft Edge uncovers a match with any of your saved username + passwords, you will receive a notification from within the browser prompting you to take action,” continues the announcement. “Through a dashboard in Settings, you can view a list of all leaked credentials and get routed to their respective websites to change your password. Once the password has been changed, save the new credential to autofill and continue browsing with peace of mind knowing that Microsoft Edge and Password Monitor have your back.”

Edge users will be able to view a list of all leaked credentials in the dashboard in Settings, then they will be redirected to their respective websites to change your password. Once the password has been changed, users have to save it to autofill and let the Password Monitor to alert it in case a future security breach would expose users’ credentials.

The new feature in the Password Monitor will be rolled out to the Insider channels in the next few months.

Other web browsers such as Firefox and Chrome already warn users about compromised passwords since October 2019.

Microsoft also announced the enhancement of the InPrivate browsing mode and a feature to prevent users’ tracking online.

Pierluigi Paganini

(SecurityAffairs – Edge browser, credential stuffing)

Share On