Almost everyone who uses the internet today is aware of the ubiquitous surveillance by big tech. Amazon, Facebook, Google, and others want to track everywhere you go and everything you do online. Some users just accept this, while others push back whenever they can. The web browser (Chrome, Edge, Firefox, etc.) you use on your computer or phone is also keen on getting you to sign-in because the companies providing your browser are eager to track your activities too. A lot of people skip signing into their browser to avoid the tracking element and because there is no perceived value. That may be about to change.
Microsoft has recently started providing its “Password Monitor” service in its Edge browser. This new feature checks to see if any of the passwords you have saved in your browser match a password that has been exposed in a data breach. If one of your passwords has been exposed, you will be alerted and warned that you should change your password.
This is not to be confused with a password manager that keeps track of your passwords for you. This is simply an alert system to warn you of passwords, possibly yours, that have been exposed in data breaches and leaked to cybercrooks on the darknet. Mozilla Firefox started testing such a system back in 2018. Google followed by adding a similar feature to Chrome in 2019, and now Microsoft is getting on board.
Microsoft has created a system using “homomorphic encryption” that it says permits monitoring your passwords without actually viewing them. When a password is saved in your browser, it contacts a server to check if your password was found in a list of breached passwords. Allegedly, the homomorphic encryption permits doing this without Microsoft ever knowing what your password is.
While all this is clever, and it seems like a good feature to add to browsers, the truth is quite different. Any computer tech with knowledge of security will agree that saving your passwords in a web browser is inherently a very bad idea. Therefore, a feature that checks to see if those passwords might have been hacked is only mitigating people’s bad habits. When you use a password online, it is so easy to click on “Yes” when your browser asks if you want to save the password. The next time you return to that website your browser will automatically fill in that password for you. The problem is that “convenient” is the opposite of “secure.”
In spite of improvements made to browser security, it is still rather trivial for malicious web sites to snatch any passwords you have saved in your browser. A much more secure way to store your passwords is to use a password manager such as Dashlane, Keeper, LastPass, or 1Password. In this case, even writing your passwords down on Post-It notes is more secure than storing them in your web browser.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ82@SMAguru.com.