Every year, hundreds of millions of usernames and passwords are exposed online when websites or apps become the target of data breaches. Hackers use this stolen info to hijack accounts and engage in fraudulent transactions, identity theft, illegal fund transfers, or other illegal activities.

Unfortunately, many people reuse the same usernames and passwords for more than one online account. This leaves them vulnerable on multiple sites when breaches occur.

To help you protect your online accounts, Password Monitor informs you if any of your passwords have been compromised in a data breach. Changing your passwords immediately is the best way to prevent your accounts from being hijacked.

Note: Password Monitor is currently available only on Windows and macOS.

How Password Monitor works

When Password Monitor is on, Microsoft Edge automatically checks passwords you’ve saved in the browser against a database of known breached credentials. This database is updated periodically.

If any saved passwords match those in the database, they’ll appear on the Password Monitor page. You can get to the page by typing edge://settings/passwords/PasswordMonitor in the Microsoft Edge address bar (Windows and macOS only). Any passwords that appear on this page are no longer safe to use and should be changed immediately.

When Password Monitor checks your passwords against the database of known leaked credentials, they’re hashed and encrypted before being sent to the service. This encryption helps prevent anyone but you from seeing your saved passwords.

Turn on Password Monitor

  1. Make sure you’re signed in to Microsoft Edge using your Microsoft account or your work or school account.

  2. At the top corner of the browser, select Settings and more (...) > Settings.

    A screenshot of the Settings and more button

  3. Select Profiles > Passwords.

  4. Turn on the toggle next to Show alerts when passwords are found in an online leak. After the toggle is turned on, any unsafe passwords will be displayed on the Password Monitor page.

What to do if you discover your password has been compromised

  1. At the top corner of the browser, select Settings and more (...) > Settings.

    A screenshot of the Settings and more button

  2. Select Profiles > Passwords > Password Monitor.

  3. For each account where your password is shown to be compromised, select the Change Password button. You’ll be taken to the relevant website where you can change your password.

  4. If an entry in the list of compromised passwords is no longer relevant to you, you can ignore it by selecting Ignore.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×