Microsoft Edge goes homomorphic: Nobody will see your credentials... but you'll need to sign in to use it

Has your password been pwned? MS browser will tell you


Microsoft has detailed how the Password Monitor feature in Edge works after it pushed version 88 of the browser into the Stable channel.

The release follows the recent first anniversary of Chromium-based Edge emerging from preview. The Password Monitor feature was rolled out in an update tilted towards "transparency and control."

The Password Monitor technology had already been made available to Insiders during 2020 and notifies users in the event their saved passwords are found in a third-party breach.

While such technology has been a mainstay of other browsers and password managers, Microsoft's twist is to ensure that neither Microsoft itself, nor anyone else, can learn a user's passwords. This is achieved through the use of homomorphic encryption – performing actions on encrypted data without decrypting it first.

It's a neat feature that means, since the data remains encrypted, neither Microsoft nor miscreants-in-the-middle can read a user's credentials.

As well as password monitoring, a more traditional Password Generator has turned up in the release alongside improved controls for which websites have access to the user's location, microphone, and camera. Other browsers, such as Google's Chrome, make these settings available too.

It has also been made easier to enable tracking prevention in Strict mode while InPrivate because "No one wants a personalized ad based on browsing history ruining all the fun," said Microsoft, using the example of a surprise gift's recipient perhaps seeing an ad over the user's shoulder. Secure DNS (using HTTPS to connect to DNS service provider) is also in the release.

While the focus on privacy and security is laudable, some might be disappointed to learn that in order to use Password Monitor (which is only available on Windows 7/8/10 at present), a user must be signed into Edge with a work, school, or personal Microsoft account.

The password generator similarly requires sign-in, and password sync must be turned on. On the plus side, it will work on macOS. ®


Biting the hand that feeds IT © 1998–2021