Microsoft says Edge’s plaintext password behavior is “by design”

Some time ago, we discussed whether you should allow your browser to remember your passwords.

In that article we mentioned the importance of encryption.

“With a browser password manager, someone with access to your browser could see your passwords in clear text, although Windows can be set to ask for authentication (the same you use at startup of your device).”

The typical behavior of browser password managers is to store passwords encrypted on disk, tied to your user account, and protected by the operating system.

But recently, a security researcher systematically tested every major Chromium-based browser for how they handle credentials in memory. The researcher found that Edge was the only one loading the entire password vault into plaintext process memory at startup, where it remains for the duration of the session.

Microsoft says Edge’s plaintext password behavior is “by design”

Other newsrooms on this story

Related reading

Microsoft is changing Edge’s plaintext password behavior

Microsoft backpedals: Edge to stop loading passwords into memory

Microsoft Does U-Turn On Edge ‘By Design’ Password Vulnerability

Microsoft Edge: Keine Klartext-Passwörter mehr im Browserprozess

Se le vostre password sono su Microsoft Edge c’è qualcosa che dovreste sapere

If You Use The Same Password For Everything, A Digital Privacy Expert Wants You…