Managing your passwords with Microsoft Edge
January 20, 2023
Did you know you can manage your passwords with Microsoft Edge without the necessity of remembering them all the time? Well, in this note, we’re going to explain to you how. Then, please pay close attention so that you can do it by yourself effortlessly.
How are passwords stored in Microsoft Edge and how safe is this approach?
This technique is called local data encryption since Microsoft stores your passwords on the disk by using AES and the encryption key is saved in an operating system (OS) storage area. But be careful, because not all the browser’s data is encrypted, although sensitive data such as passwords, credit card numbers, and cookies are encrypted when they are saved.
Hence, the Microsoft Edge password manager encrypts passwords so they can only be accessed when a user is logged on to the operating system. Thus, even if an attacker had admin rights or offline and can somehow access the locally stored data, the system will be in charge of avoiding the outsider from getting the plaintext passwords of a user who isn’t logged in.
The encryption method
The profile’s encryption key is protected using Chromium’s OSCrypt and uses the following platform-specific OS storage locations:
- On Windows, the storage area is DPAPI
- On Mac, the storage area is the Keychain
- On Linux, the storage area is Gnome Keyring or KWallet
To make it easier, all these store areas encrypt the AES key using a key accessible to some or all processes running as the user. Furthermore, you’ve probably seen the attack vector before in blogbs as a possible “exploit” or “vulnerability”, but this is an incorrect understanding of the browser threat model and security posture.
However, physically local attacks and malware are outside the threat model and, under these conditions, encrypted data would be vulnerable. If your computer’s infected with malware, an attacker can get decrypted access to the browser’s storage areas. The attacker’s code, running as your user account, can do anything you can do.
Why encrypt data locally?
While the internet browsers (including Microsoft Edge) don’t have a defense system to protect the users against threats where the entire device is compromised due to malware running as the user on the computer.
Fortunately, programs like Microsoft Defender SmartScreen and OS-level protections like Windows Defender are designed to ensure that the device isn’t compromised to start with.
Save or forget passwords in Microsoft Edge
When you visit a website that requires you to sign in, Microsoft Edge will ask if you want your user name and password remembered. In this way, the next time you visit the site, the browser will finish filling in your account info. And despite having the password saving turned on by default, you can turn it off.
Turn password saving on or off
- First, select Settings and more > Settings .
- Now, select Profiles > Passwords
- Then, turn on or off the Offer to save passwords.
View saved passwords
- To start with, select Settings and more > Settings .
- After that, select Profiles > Passwords.
Delete saved passwords
- Start by selecting Settings and more > Settings .
- Then, select Privacy, search, and services.
- Next, under Clear browsing data, select Choose what to clear.
- To finish, select Passwords and then select Clear now.