Yesterday, Microsoft announced a bunch of new features coming to its Edge browser, including sidebar search, history sync, and more. Another nifty capability coming to the browser is Password Monitor, which alerts you if you are using unsafe credentials. The service began rolling out to Insiders back in June 2020 and is now being made available to the general public in Edge 88. Microsoft has detailed the feature in a dedicated blog post.
Password Monitor is the outcome of collaboration between the Edge product team and a former Microsoft Research incubation group called the "Cryptography and Privacy Research Group". The underlying technology is based on homomorphic encryption and is built on top of the Microsoft SEAL homomorphic encryption library.
Simply stated, Password Monitor contacts a server periodically and verifies that the credentials you have saved in Edge are not present in a database of breached credentials. If they are, the user is immediately alerted and asked to change them. It is important to note that neither Microsoft nor any other third-party can see your credentials, with the technology also secure against man-in-the-middle attacks so a malicious actor cannot hijack your password during transit between your browser and the server.
Microsoft has also modified its SEAL library to ensure multi-platform support on various architectures including ARM, x86, and Mac, and it is also compatible with low-end devices. The firm has described the principles of homomorphic encryption in its blog post as well for our more cybersecurity-savvy readers. Microsoft has emphasized that the process consumes minimal network bandwidth, optimizes CPU utilization, and that the Password Monitor service is capable of handling a "large number" of client requests.
Password Monitor will be made available to Edge users on a rolling basis so it will not be immediately visible to everyone. You can head over to the dedicated supported page to find out how to enable it.