Microsoft Edge will warn users if their credentials have been compromised

Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised.

Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data breach.

“Today, we’re announcing Password Monitor in Microsoft Edge to help keep your online accounts safe from hackers. When enabled, Password Monitor is a feature that notifies you if the credentials you’ve saved to autofill have been detected on the dark web.” reads the advisory published by Microsoft.

In recent months, credential stuffing attacks continues to be a growing threat.

Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and third-party data breaches. This kind of attack is very efficient due to the bad habit of users of reusing the same password over multiple services.

To prevent that threat actors could abuse credentials obtained from third-party data breaches, the Microsoft Password Monitor feature implemented in the Edge web browser will notify users if the password they are entering using autofill has been offered for sale on the dark web.

“If Microsoft Edge uncovers a match with any of your saved username + passwords, you will receive a notification from within the browser prompting you to take action,” continues the announcement. “Through a dashboard in Settings, you can view a list of all leaked credentials and get routed to their respective websites to change your password. Once the password has been changed, save the new credential to autofill and continue browsing with peace of mind knowing that Microsoft Edge and Password Monitor have your back.”

Edge users will be able to view a list of all leaked credentials in the dashboard in Settings, then they will be redirected to their respective websites to change your password. Once the password has been changed, users have to save it to autofill and let the Password Monitor to alert it in case a future security breach would expose users’ credentials.

The new feature in the Password Monitor will be rolled out to the Insider channels in the next few months.

Other web browsers such as Firefox and Chrome already warn users about compromised passwords since October 2019.

Microsoft also announced the enhancement of the InPrivate browsing mode and a feature to prevent users’ tracking online.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Edge browser, credential stuffing)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.