Call us
Call us

Microsoft Edge Password Security Issue

A recently discussed security concern involving Microsoft Edge and browser-stored passwords.

  • You do not urgently need to abandon Edge

  • But for business/admin users, there are now good reasons to reconsider using Edge as your primary password vault

Security researchers have highlighted that saved passwords within Microsoft Edge may be temporarily held in plain text within the computer’s memory while the browser is running. While passwords remain encrypted when stored on disk, this creates a potential risk if a computer becomes infected with malware, compromised by an attacker, or used in a shared/admin-access environment. Microsoft has stated this behaviour is “by design,” however many security professionals are recommending caution, especially for business users and anyone storing sensitive credentials in the browser.

Competing browsers such as Google Chrome, Mozilla Firefox, Safari, and Brave do not currently appear to use the same password handling approach that has recently drawn criticism toward Edge. While no browser password manager is completely immune from compromise on an infected computer, many security researchers currently consider dedicated password managers and browsers with stronger isolation models to present lower risk for sensitive business credentials.

The primary risk is not from websites or normal browsing activity, but from malware, infostealer tools, or attackers who gain administrative access to the computer. It is important to note that no browser or password manager can be considered completely safe once a computer is infected with malware or otherwise compromised. However, some browsers and dedicated password managers use stronger isolation and credential handling methods than others, which can help reduce risk and limit exposure.

Current best-practice recommendations for password security are:

  • Use a dedicated password manager
  • Where browser storage is used, many security professionals currently favour Safari, Firefox, or Brave over Edge for sensitive credentials
  • Enable Multi-Factor Authentication (MFA) wherever possible
Recent Posts
Archives
Follow Us