Keeping your accounts secure using Edge – Tech Enthusiast UK blog

Applies to: Microsoft Edge, Microsoft Edge Dev, Microsoft Edge Canary

As more of us are using online services for personal use, work use and school/education. It is important that we are making sure we are keeping our accounts/data safe and secure. Hackers and criminals are getting more creative in the ways they try and steel our passwords and gain access to sensitive information. Thus, we need to make sure we are keeping one step ahead of them by making it harder for them to gain access to sensitive information.

Sign in

To use some of the features in this article, please ensure you have signed into the Edge browser and that it is synchronising. If you have a local profile and want to sign into your account (either work/school or personal account), please launch Edge.

Then, on the top-left of the browser window, you want to click onto your avatar

A menu should appear with your account information & Microsoft rewards points. You want to select Add profile which is found at the bottom of the menu.

It will then load a new instance of the browser on a new profile and begin to ask you to sign in and setup your browsing experience.

Locating these features

The features that are discussed in the article are in the password section in Edge settings. You can get to this setting by copy and pasting, or typing, the following URL: edge://settings/passwords

You can navigate to these settings by clicking onto your profile avatar located on the top-left of your window.

Then select the key symbol on the Microsoft Wallet tile.

You will see Microsoft Wallet open up in a new tab on your browser where you can see your passwords that are saved on your Microsoft account. If you want to learn how to manage your passwords in Microsoft Wallet, please go to this article: How to manage saved passwords in Microsoft Edge – Microsoft Community

To manage your settings for Microsoft Wallet, please click onto the settings option on the left-hand menu for Microsoft Wallet

Once you click onto the settings option, you will be taken to the Wallet’s settings page. This is where you will be able to manage how Wallet behaves and when it should store bank/billing information along with passwords.

To view all your password settings, you want to scroll down to where it says “Passwords” which will be under “Order tracking”.

When you get to the passwords settings, you want to click onto “More settings” which is found at the bottom of the tile.

This will expand and show all password settings which you can change.

Password Monitor (Scan for leaked passwords)

One feature Edge has is the Password Monitor. This scans your passwords against a database that contains leaked passwords. Leaked usernames and passwords are usernames and passwords that have been identified and made available on the internet for others to use. This occurs when other sites/online services have been hacked and the data has been compromised.

This will enable hackers to be able to use your passwords to sign into websites/services that use the email address/username and password combination.

For more information on how this works, please see this article here: Protect your online accounts using Password Monitor (microsoft.com)

Enabling this feature

Password Monitor can be found under Autofill Passwords option, which may be enabled already, it is called Show alerts when passwords are found in an online leak which is shown in the image below in the red box.

You can toggle this option on and off. If it is blue, and the white dot is to the right, then it means that it is on. I would recommend having this option enabled and checking your passwords once a week to check if information has been leaked.

By having this option enabled, you are keeping your account secure by allowing Edge to identify any credentials (username and passwords) that have been leaked. This allows you to be notified when one of your credentials is public so you can change your password.

For security, you should not use a password more than once for different sites. You should use one password for each site. This way, if one is compromised, the attacker cannot get into other accounts using the same password.

Viewing credentials that have been leaked

You can view leaked credentials at any time, by going into your saved passwords by clicking onto “Passwords” on the Wallet menu

At the top of the window, you will see a tile called “Password security check” that will display a a message telling you when it was last checked.

You want to click onto check found on the right-hand side of the tile.

This will take you to page where you can view passwords/accounts that have been identified/leaked in the Password Monitor.

If you wanted to check the database to see if any of your email addresses and passwords have been leaked, please click onto check at the top.

This will run a check for you. While it is doing a check, you can open a new tab and continue browsing the internet. Once it has finished, it will update and tell you if it has found anything or when it was last checked.

Suggest strong passwords

Another way we can keep our accounts secure online is by allowing Microsoft Edge to suggest strong passwords you can use on sites that you are creating accounts on. This generates random characters, numbers, and symbols that you can use as a password.

This setting is called “Suggest strong passwords” which is found at the bottom of the list of features. You can see this option highlighted in the red box below.

You can toggle this option on and off. If it is blue, and the white dot is to the right, then it means that it is on. By having this option enabled, Edge will offer randomly generated passwords you can use when signing up to sites. It will then save these passwords in Microsoft Wallet, so you don’t need to try and remember the password it has generated. This will sync to your other devices you have signed into your account on.

Once this feature has been enabled, you will notice that Edge will automatically generate a password for you to use on a site.

You will notice that this will be automatically generated and placed inside the password box. When you click into the password box, you can choose to refresh (generate a new password) or you can leave it alone and go ahead and create a new account on the site.

If you find that it hasn’t generated you a password automatically, please right click into the password box. You should see an advanced menu

You will see the option “Suggest strong password” as the first option on the list (as seen in the image above, in the red box). When you select this option, Edge will suggest a strong password for you. You can then continue with the account creation. Once you have created your account, and the site moves onto the next stage, you will see the following notification in Edge.

Just want to point out, I got Edge to generate a new password to use, so my password isn’t the one shown in the image!

This tells you that your password has been saved and is accessible in the password manager in the Microsoft Edge browser.

View and autofill passwords and passkeys

Microsoft Wallet allows you to choose whether you want the browser to autofill passwords that it has stored for websites.

Once you have enabled this option, by default, the fill website password and sign in automatically option will be enabled. When you sign into a website that you have saved a username and password for, Edge will autofill your username and password for you as soon as you click onto the email/username box. While this is good that Edge, along with most browsers, do this. It is not secure.

If someone were to use your account on your computer. They could go to a site you frequently visit and sign in automatically. If the site has an option to show password, as seen in the google sign in window underneath, they could obtain your password you have used.

While this option is not commonly used online due to privacy concerns it holds, it can be found on some websites. However, when you use the autofill setting, the Reveal password button is not displayed.

Under the Autofill passwords option, there are a few options that you can choose from for added security for your accounts/passwords you have stored on Edge.

Prompt for device password before filling website password

This option can be found under Fill website passwords and sign in automatically within the Autofill passwords setting. You can see this option in the image below, in the red box.

Once selected, you will be asked for your device pin/password before this option is applied.

Once you enter your device password/pin this setting will be enabled. The browser will ask for your device password/pin before filling out the username/password field on the website. You will be given two options to choose from with this setting. Always ask permission or Ask permission once per browsing session.

I would set it to always ask permission, just to be safe. However, this is up to you. If you choose to ask permission once per browsing session, if someone was to use your account on your computer to browse the internet and you haven’t closed your browser to end browsing session and you have already entered your device password. The other person will still be able to sign into sites using the autofill option.

More information about this option can be found in this article: Additional privacy for your saved passwords | Microsoft Support

Prompt for customised primary password before filling website password

This option will allow you to create a primary password to be used when the browser uses autofill for your passwords.

Please note: The custom password used is only for that device it is created on. It will not sync to other devices you have signed into your account on.

You can find this option under Prompt for the device password before filling website password, as seen in the image below.

One you have selected this option; you will be asked to enter your device password/pin.

Once you have entered your password, you will be asked to create a local password that Edge will use.

Once you have entered a password to use, you will need to click create. This will change the setting on your browser. Now when you visit a website you have saved your username and password. When you sign into that site, you will be asked to enter your custom password. This option is beneficial for shared devices, as each profile will be able to use this option to ensure that their passwords are kept secure and to prevent others that use the computer to log into the site using your credentials.

You will be able to choose when the browser will require you to enter your password.

The settings you can choose from are Always ask permission and once per browsing session. When you go to view your passwords that are stored, you will be asked to enter your customized primary password instead of entering the user accounts password.

To learn more about this option, please visit this article Keep your saved passwords private with custom primary password | Microsoft Support

Exporting saved passwords and encrypting the file

While this is not recommended, as Edge keeps your passwords secure. For those who want to keep a back-up of their passwords on their computer/device, you can export your passwords as a .csv file.

Please note that if you do not encrypt your password .csv file, other people on that computer/device who have access to your account/device that it has been moved to, will be able to see all your passwords that have been stored on Edge.

To export your passwords, you will need to go to your passwords. To view your passwords, click onto “Passwords” on the Wallet menu on the left-hand side of the window.

This will take you to your stored passwords. At the top of the page, you will see three buttons called “Add”, “Settings” and “Passkeys”. You want to click onto the ellipsis icon to expand the more menu, which is found on the far right of the menu.

This option will show a menu with three options you can choose from. One option will be where you can import passwords from a .csv file. Another option will be to export passwords using a .csv option. You want to select the option “Export passwords” which is the middle option on the menu.

Once you click onto export passwords, you will see a window appear that gives you a warning about exporting passwords (the same warning that this article gave you).

If you are sure you wish to export the passwords stored, please select export passwords. When you select this option, you will be asked to enter your password for your account, or your local password for the browser (This depends on your settings).

Once you have entered your password, you will be asked where you want to save this file on your computer or external device/hard drive. Once you choose your location and click next. It will export your passwords from Edge.

This file isn’t encrypted, thus anyone who has access to your device/account and/or external drive will be able to open this file and see all your passwords. So before leaving the file where it is, please locate it and open it using Microsoft Excel.

When you open your file, please click onto file.

This will bring up your options for the workbook file you have opened. You want to click onto info from the menu.

This will open the workbook information. This will bring up options for you to be able to protect your workbook and documents. You will want to select the button Protect Workbook.

This will show options available to you to protect your workbook. One of the options you want to select is Encrypt with Password.

You will be asked to provide a password you are wanting to use to encrypt your workbook. This password will only be applied to this workbook and not to the other workbooks in the same folder/directory.

Note: If you lose/forget your password, Microsoft is unable to help you retrieve this password. Just because you encrypt your workbook that contains your passwords, doesn’t mean that a hacker isn’t able to decrypt your workbook and access your passwords. Therefore, it is better to keep your passwords stored on Edge to ensure that they are safe.

After you have encrypted your workbook, please save the file (ctrl + S) to save the changes made. You may get a warning about some data being lost. If data is lost, this will still be accessible on the Edge browser in your Passwords section.

Note: Even when you export your passwords from Edge, they are still stored on the browser. It just exports a copy of the passwords to a .csv file.

_______________________________________________________________________________________________

Thank-you for reading this article. I hope it was useful. Other articles you may be interested in reading are:

This article is also available on the Microsoft Community here: Keeping your accounts secure using Edge – Microsoft Community