Even though web browsers like Microsoft Edge have long allowed users to store passwords within the browsers, doing so has always seemed to me like a bad idea. After all, countless varieties of attacks target web browsers. If a browser became compromised, then the user’s passwords could potentially be leaked.
Not too long ago, reports indicated that Redline malware had successfully exploited the built-in Edge password manager. Such reports underscore the dangers of using browser-native password managers. Even so, Microsoft is taking steps to enhance its browser’s security capabilities. When all is said and done, Microsoft Edge might in fact be a safe place to store passwords.
Custom Primary Password Option
One step Microsoft has taken is to offer a custom primary password option. The basic idea behind this feature is that, when enabled, an Edge user will be prompted to enter their device credentials before they can auto-fill a web form. The Edge browser can be configured to require authentication every time a user wants to auto-fill a form or, alternatively, only once per session.
In theory, this feature should go a long way toward preventing the unauthorized use of passwords and other data that is stored within the browser.
Addressing Risky Password Behavior
According to Microsoft, improvements to the Edge password manager might actually make it one of the safer options for handling user passwords. To understand why this could be the case, it’s necessary to recognize the risks traditionally associated with website passwords.
The average user has numerous websites that they visit on a regular basis. Most of these websites require an account. Because users have difficulty remembering so many different sets of account credentials, they will typically engage in risky behavior, such as reusing the same credentials on multiple sites, using unsafe and easy-to-remember passwords, or compiling their passwords into a document.
With that in mind, consider how the enhanced Edge password manager could change the way that users handle their passwords.
For starters, the browser contains a built-in password generator, which can create strong passwords that are unique for each site. This eliminates the problem of passwords being reused on multiple sites. It also prevents users from choosing weak passwords.
However, the password generator also does something else. Because both the password generator and the password manager are built into the browser, they can collectively free the user from having to remember, or even care about, what their web passwords are. In other words, there won’t be any reason for a user to write down a password because the password will be chosen by and stored within the web browser. The browser will then synchronize the password manager’s contents to any of the user’s devices.
Other Password Security Features
Incidentally, Microsoft also built a password health indicator into the Edge browser. Even though the browser will automatically generate passwords, most users will already have accounts they have chosen passwords for. The browser’s password health feature can assess a user’s existing passwords and issue warnings if any of those passwords are weak or used on multiple sites.
Additionally, Edge’s password monitoring can detect if a password has been exposed in an online leak, which would prompt the user to change that password if necessary.
It remains to be seen how well these security capabilities will perform over time. Regardless, the enhancements that Microsoft is adding to its Edge browser seem like a major step in the right direction.