Microsoft Edge will tell you when your password is compromised

Edge (Image credit: Windows Central)

What you need to know

  • Password Monitor is rolling out to Microsoft Edge Dev and Canary.
  • The feature helps you know when a password isn't safe to use anymore.
  • Password Monitor checks your passwords against a database of breached credentials.

Microsoft Edge Dev and Canary now have a Password Monitor that lets you know when a password isn't safe anymore (via Techdows). Password Monitor checks your password against a database of breached credentials, letting you know that your password needs to be changed. Microsoft updated its page that breaks down Password Monitor (opens in new tab) yesterday.

As Microsoft points out, many people use the same password across multiple sites. That means that when there's a data breach for a site, people can try your password across other sites with some success. Hackers can use this method to hijack accounts and perform illegal or dangerous activities with someone else's account.

Password Monitor proactively checks the passwords you've saved in Edge against a database of breached credentials. According to Microsoft, your information is encrypted during this process and only you know the password that is compromised.

Here are the steps to turn on Password Monitor, as outlined by Microsoft:

  1. Make sure you're signed in to Microsoft Edge using your Microsoft account or your work or school account.
  2. In your browser settings, go to Profiles > Passwords.
  3. Turn on the toggle next to "Show alerts when passwords are found in an online leak". After the toggle is turned on, any unsafe passwords will be displayed on the Password Monitor page in your browser settings > Passwords.

If a password is compromised, you should change it immediately. You should also consider using a password manager to make more secure passwords that aren't used across multiple websites.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at (opens in new tab).

  • There should be no need to safely encrypt the transfer if the database itself was distributed to the clients and the clients would check for breach themselves (offline).
  • Does it make sense to save your passwords on Edge, or Firefox, or any browser that doesn't have an OS or an app to access these passwords? Even if you use it on your phone, you can't use the passwords in another app. They should make a password manager app, or just build an existing service inside Edge. Or just recommend one.
  • I think for a few people this will be nice. But I think you are right on the mark. No password manager app no significant usage. But we will see :)