MICROSOFT EDGE STORES PASSWORDS IN CLEAR TEXT

Security researchers have identified a significant vulnerability in Microsoft Edge where passwords are stored in system memory without encryption. The browser maintains credentials in clear text format regardless of whether users are actively using the application. This storage method creates a potential security gap. If a device is compromised—through malware, physical access, or memory dumps—attackers could extract stored passwords directly from RAM. The issue affects all passwords Edge stores, persisting as long as the browser remains in memory. The finding has gained attention in the security community, with discussion on Hacker News highlighting concerns about the implementation. While password managers typically encrypt sensitive data at rest and decrypt it only when needed, Edge's approach keeps credentials perpetually vulnerable during active sessions. Microsoft has not yet released a public statement addressing the vulnerability or timeline for fixes. The company typically handles security issues through its vulnerability disclosure process, though the severity and scope of this particular issue remain points of discussion. The discovery raises questions about Edge's password management security model compared to competitors. Other browsers implement encryption layers for stored credentials, reducing exposure if memory is accessed without authorization. Users who rely on Edge's built-in password storage may want to consider using dedicated password managers that employ stronger encryption practices. This includes applications like Bitwarden, 1Password, or LastPass, which use client-side encryption to protect credentials. The vulnerability underscores the ongoing tension between convenience and security in browser-based password management. While storing passwords locally offers speed and accessibility, implementation details significantly impact actual security.