Microsoft Edge boosts online user security with Password Monitor

Get a free Techzine subscription!

The latest version of Microsoft’s web browser has new encryption technology to protect users online.

This week Microsoft has released its Edge 88 browser into the Stable Channel after spending 8 weeks in Beta. In addition to the new Stable browser version, the company also announced a series of “Microsoft Edge 88 Privacy and Security Updates” to protect users while they surf the web and make online purchases.

The new security updates were detailed this week in a blog post by the Microsoft Edge Team.

Password Monitor uses encryption to guarantee privacy

A major new security update is Edge’s Password Monitor. This feature notifies users if any of their saved passwords have been found in a third-party breach. The Edge browser monitors various databases of breached data to see if the user’s password has been breached.

But here is the trick: Edge does all this while ensuring Microsoft doesn’t learn the user’s passwords. This is done using homomorphic encryption, the underlying technology that ensures privacy and security of the user’s passwords.

This means that neither Microsoft nor any other party can learn the user’s passwords while they are being monitored.

How homomorphic encryption it works

The details of the Password Monitor system and the new encryption process were discussed this week in a post that appeared in the Microsoft Research Blog.

“Homomorphic encryption is a relatively new cryptographic primitive that allows computing on encrypted data without decrypting the data first,” they write. This prevents anyone upstream from decrypting the user’s credentials.

The Edge client uses homomorphic encryption to encrypt and send the credentials as ciphertext to a server. The server then evaluates a matching function on the encrypted credential, obtaining a result (True or False) encrypted under the same client key. The server forwards the encrypted result to the client, who decrypts it and obtains the result.

“The most important aspect is that the Edge servers must never learn any information about the client’s usernames or passwords. It is also important to ensure that no outside party is able to gain access to this information while it travels between users and Edge servers (as in man-in-the-middle attacks).”