{"id":209033,"date":"2026-05-05T10:48:00","date_gmt":"2026-05-05T14:48:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/05\/microsoft-edge-storing-passwords-as-plain-text-microsoft-responds\/"},"modified":"2026-05-05T11:25:09","modified_gmt":"2026-05-05T15:25:09","slug":"microsoft-edge-storing-passwords-as-plain-text-microsoft-responds","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/05\/microsoft-edge-storing-passwords-as-plain-text-microsoft-responds\/","title":{"rendered":"Microsoft Edge storing passwords as plain text? Microsoft responds."},"content":{"rendered":"

Microsoft Edge storing passwords as plain text? Microsoft responds.<\/a><\/p>\n

https:\/\/sea.mashable.com\/tech\/45031\/microsoft-edge-is-storing-passwords-as-plain-text-heres-what-microsoft-says<\/a><\/p>\n

Publish Date: 2026-05-05 10:48:00<\/a><\/p>\n

Source Domain: sea.mashable.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\n Password managers are supposed to make life easier for users by remembering their passwords and keeping them secure.However, one cybersecurity researcher has discovered a quite concerning development regarding Microsoft Edge and how the web browser’s password manager behaves.According to researcher Tom J\u00f8ran S\u00f8nstebyseter R\u00f8nning, Microsoft Edge loads every saved password into memory at startup \u2014 in plaintext.
\nIn a thread on X, R\u00f8nning detailed how the credentials are decrypted even if a user doesn’t visit a site that uses the password manager during the user session.<\/p>\n

This Tweet is currently unavailable. It might be loading or has been removed.<\/p>\n

“If an attacker gains administrative access on a terminal server, they can access the memory of all logged\u2011on user processes,” \u200b\u200bR\u00f8nning writes.<\/p>\n

Mashable Light Speed<\/p>\n

Edge is Microsoft’s proprietary web browser based on the Chromium open-source project, the code base developed and maintained by Google. However, as R\u00f8nning shared, this issue involving plain text credentials does not appear in other Chromium-based browsers like Google Chrome.”Edge is the only Chromium\u2011based browser I\u2019ve tested that behaves this way,” says \u200b\u200bR\u00f8nning. “By contrast, Chrome uses a design that makes it far harder for attackers to extract saved passwords by simply reading process memory.”\u200b\u200bR\u00f8nning says he first reached out to Microsoft regarding his findings before publicly disclosing the issue. According to the cybersecurity researcher, Microsoft responded by saying this behavior in Microsoft Edge was “by design.” The German tech website Heise Online replicated the password issue. The site also noted that, according to well-established cybersecurity best practices, “passwords should only be decrypted at the time of use and deleted from memory very shortly thereafter.”Given Microsoft’s alleged response to R\u00f8nning, users concerned about the potential issue should consider alternative password managers.Mashable has reached out to Microsoft for more information regarding the recent findings. We will update this piece if we hear back.<\/p>\n

Topics
\n Cybersecurity
\n Microsoft<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft Edge storing passwords as plain text? Microsoft responds. https:\/\/sea.mashable.com\/tech\/45031\/microsoft-edge-is-storing-passwords-as-plain-text-heres-what-microsoft-says Publish Date: 2026-05-05 10:48:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":209034,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/helios-i.mashable.com\/imagery\/articles\/005tiQXiqsuWyQ8nKXW6DWS\/hero-image.fill.size_1200x675.v1777992482.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-209033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209033"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209033"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209033\/revisions"}],"predecessor-version":[{"id":209035,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209033\/revisions\/209035"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209034"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}