If you read my blog just prior to this one about the new Microsoft Edge Password Monitor, you already know how great this feature is to help identify which of your credentials are floating around the Dark Web. Armed with information about which usernames/passwords you need to change, now you need to come up with passwords that look nothing like one another, keep them saved somewhere safe, and while all of that sounds simple, in reality it is not. So what is the next step?
The answer comes from one of the most unique features of the new Microsoft Edge browser called Microsoft Edge Password Generator. Just like it sounds, when you navigate to a page where a new password field is present, along with a secondary field to repeat the new password, Microsoft Edge Password Generator pops open with a new password suggestion. You can then choose to use the cryptic series of generated letters, numbers, and special characters as your new password and have it saved into the browser sync area. Saving to the browser sync area enables username and password information to be remembered and used each time you visit that particular website. This data is encrypted before leaving the user’s device and then encrypted again across the synchronization transport level (more information here).
Microsoft Edge Password Generator can be enabled by going to Settings/Profiles/Passwords in Microsoft Edge.
Now that we have covered the very easy process to use Microsoft Edge Password Generator, you can see the benefits it offers over the use of your standard password with a few variances of characters that you can easily remember. Keep in mind that attackers are smart and write algorithms to guess what those variations are. So even with a great and complex password like the one generated by this great tool, we must assume a determined attacker will figure out these passwords as well. So at the end of the day, you must have Multi-Factor Authentication configured on your accounts to eliminate most attack surfaces. Most public services like those from Microsoft, Google, Yahoo and more all offer these enhanced services at no cost that I strongly recommend you review and enable.
If you are using the browser sync option in Microsoft Edge, be sure you have enabled MFA for your Microsoft account as an added layer of protection. See this article for more information about how to setup this important feature. If you need more convincing about how critical MFA is to the security of your account please review this blog I wrote for more information.
