Microsoft's response to plain text passwords in Edge – it is an expected feature
5 hours ago
- #Browser Vulnerability
- #Microsoft Edge
- #Password Security
- Microsoft Edge stores passwords in plaintext in RAM when using its built-in password manager.
- Microsoft claims this behavior is a feature, balancing performance, usability, and security, and requires the device to already be compromised for risk.
- Security researcher Tom Jøran Sønstebyseter Rønning demonstrated the vulnerability, noting Edge differs from other Chromium-based browsers like Chrome, which decrypts passwords only when needed.
- Experts criticize storing passwords in plaintext memory as violating security principles like least privilege and zero trust.
- Recommendations include switching to dedicated third-party password managers for better security and cross-browser accessibility.
- Users are advised against using Edge as a password manager until Microsoft addresses this security flaw.