Microsoft Edge password manager, three things to know

Like Firefox, Microsoft Edge has a password manager. How does it work ? What you need to know about it. Here are the three things you need to know.

Online security requires the use of complex passwords. Additionally, it is imperative for each account to use unique and long identifiers. Considering these two recommendations, it becomes clear that using a password manager is the only way to deal with such complexity.

Microsoft Edge – Password Manager

As a so-called “modern” browser, Microsoft Edge comes with its own password manager. As a result, it is no longer necessary to use a third-party application on the Internet. The browser is capable of storing credentials securely. He can thus, during a next connection, offer to fill in the necessary fields so that you can identify yourself.

Here are three things to know about it

The data is stored locally and, above all, it is encrypted.

Not all credentials stored by Microsoft Edge are uploaded to a server. Everything is stored locally and protected using AES encryption.

If a hacker wants to read this content, he will have to find a way to break into the PC. He then needs to find the admin IDs to access all the content. However, the case is more complex because he cannot access passwords stored in another Edge account. The method requires a connection to decrypt credentials.

Microsoft explains

Microsoft Edge stores encrypted passwords on disk. They are encrypted using AES and the encryption key is stored in an operating system (OS) storage area. This technique is called local data encryption. Although not all browser data is encrypted, sensitive data such as passwords, credit card numbers and cookies are encrypted when stored.

The Microsoft Edge password manager encrypts passwords so that they can only be accessed when a user is logged into the operating system. Even if a hacker has administrator rights or offline access and can access locally stored data, the system is designed to prevent the hacker from obtaining plain text passwords from an offline user.

Passwords, extensions can read them

On the other hand, if the browser is designed to protect access to passwords, a compromised extension can still reveal credentials. For example, an add-on that is authorized to read what’s on a page can read and therefore store the password that the browser auto-fills. In this case, a data transfer may take place to a remote server. However, hacking only affects the page that is open and currently being displayed.

Faced with this risk, the best approach is to never install add-ons and extensions from unknown and untrusted sources.

Edge’s password manager does not use a password

Finally, unlike a standalone program, Microsoft Edge’s password manager does not use a master password. It clearly does not require an identifier to be able to access the content. According to Microsoft, this makes the most sense in a browser from a “convenience point of view”. Such a feature would make filling the fields non-automatic, as the user would first have to enter the master password.

adds Redmond

A master password feature (which authenticates the user before auto-filling their data) offers a practical compromise for broader threat mitigation. It reduces the data exposure window against latent malware or local attackers. However, a master password is not a panacea, and local attackers and dedicated malware have different strategies to bypass the protection of a master password.

Leave a Comment