The World According to Mitch

The day to day ramblings of an IT Professional (and so much more…)

Leaked Passwords: Be aware

**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody else.

EdgeA few months ago I started using the new Microsoft Edge browser as my primary browser. To be clear: Microsoft Edge has been included in the Windows 10 operating system since 2015, but recently they changed it, and it is definitely a class product.

While browsing the web the other day, I noticed a red warning sign in the top-right corner of the browser, like this:

image

I clicked to take a look, and sure enough, this is what I saw:

image

Aha. 1 saved password leaked. That doesn’t sound good. Let’s look into that. I clicked, and it opened the page edge://settings/passwords/passwordmonitor in a new tab.

Microsoft goes out of its way to protect its users.  When you use a password in your browser, like most browsers Edge saves it so you do not have to reenter your credentials for every site you visit. It also starts scanning the dark web to see if that credential has been leaked. What the Password Monitor tells you is this:

Microsoft Edge has detected that malicious attackers have published the usernames and passwords shown below on the web. To keep your accounts safe, change your passwords for these sites.

Okay, that is troubling… but let’s look at the entire page:

image

We see the entire process of how Microsoft Edge discovered that your password leaked, and then tells you what site it is. If there are multiple sites, you will see them all listed.

We have the option to either Change or Ignore the leaked password. I am going to click Change, which will take me to the site in question. As soon as I change my password, I know I am safe.

Remember though… unless you authenticate to the affected site, Microsoft Edge still won’t save the new password. So go ahead, log out and log back in. Then go back to the Passwords / Fix leaked passwords page, and you should see this:

image

Secure passwords are extremely important to IT security. Leaked passwords can cost time, money, and reputation. I use a password vault for my most important sites, and that helps me to rotate secure passwords on a regular basis. However even without that, Microsoft Edge can help you to stay safe by knowing when your credentials are at risk

Advertisement

Mitch Garvis

, ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: