Microsoft Edge Faces Security Concern Over Plain Text Passwords in Memory
Microsoft Edge has come under scrutiny in the cybersecurity community after researchers discovered a concerning behavior involving saved passwords. According to the report, the browser may store saved passwords in plain text inside a computer’s memory while the program is running, potentially putting user data at risk.
The discovery has raised concerns because passwords are among the most sensitive pieces of information handled by any browser. Security experts generally expect software to protect this kind of data through encryption or other safeguards, especially when the information is being processed in memory.
Saved Passwords May Be Exposed While Edge Is Running
The issue centers on how Microsoft Edge handles saved passwords during active use. Researchers found that passwords stored in the browser can appear in plain text format in system memory while Edge is open.
This means that if malware, a malicious process, or an attacker gains access to the device’s memory, there may be a chance to extract those saved passwords. While this type of attack still requires access to the system, the finding has alarmed security professionals because plain text exposure lowers the barrier for stealing sensitive information once a device is compromised.
For many users, browsers have become the default place to save passwords for email, banking, shopping, social media, work tools, and other online accounts. Any weakness in how that information is handled can have serious privacy consequences.
Microsoft Says the Behavior Is By Design
What makes the situation more controversial is Microsoft’s reported explanation that this behavior is “by design.” In other words, the plain text handling is not being described as an accidental bug, but as part of how the browser is intended to function.
That response has triggered criticism and questions from users and security experts. If the behavior is intentional, many are asking why such sensitive information needs to be exposed in memory in a readable form, and whether stronger protections should be added to reduce risk.
The statement has also led to broader concerns about Microsoft’s security standards and how much responsibility major technology companies have when handling personal data at scale.
Security Experts Urge Caution
Following the discovery, security experts have advised Microsoft Edge users to be cautious, especially if they rely on the browser’s built-in password saving feature. The main concern is that saved credentials could become easier to steal if the user’s computer is already infected with malware or if an attacker has gained access to system memory.
One possible precaution is to avoid storing important passwords directly in the browser. Users may instead consider using a dedicated password manager with strong encryption and additional security features. These tools are designed specifically to protect login credentials and may provide a safer option for people who manage many accounts.
Users who are especially concerned may also review which passwords are saved in Edge, remove sensitive entries, and enable extra protections such as two-factor authentication wherever possible.
A Reminder of Browser Security Risks
The incident highlights how important browser security has become in everyday digital life. Modern browsers are no longer just tools for opening websites. They also store passwords, payment details, browsing history, personal data, work sessions, and account access across many services.
Because of that, even a single questionable design decision can create real trust issues. Users expect major technology companies to treat sensitive information with the highest level of care, especially when millions of people rely on these browsers every day.
The situation also shows that users need to remain proactive about their own security. Keeping systems clean from malware, using strong unique passwords, enabling two-factor authentication, and limiting where passwords are stored can all help reduce risk.
What Edge Users Can Do Now
For Microsoft Edge users who are worried about the issue, the safest approach is to review saved passwords and consider whether the browser should continue storing them. A dedicated password manager may be a better choice for users who want stronger control over their login data.
Those who continue using Edge should keep the browser updated, monitor Microsoft’s future responses, and watch for any security changes related to password handling. If Microsoft addresses the behavior in a future update, users should install the update as soon as it becomes available.
For now, the issue serves as another reminder that convenience and security often need to be balanced carefully. Saving passwords in a browser may be easy, but users should understand the risks and choose the protection method that best fits their needs.
Origin: Forbes
