this post was submitted on 06 May 2026
749 points (98.7% liked)

Technology

84413 readers
3831 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
749
Microsoft Edge loads your passwords into memory in plaintext, but Microsoft says not to worry (www.windowscentral.com)
submitted 1 day ago by Itwasntme223@discuss.online to c/technology@lemmy.world
117 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] iglou@programming.dev 2 points 1 day ago* (last edited 1 day ago) (1 children)

Chrome's handling is barely more secure. A compromised device will have a much easier time reading Chrome's encrypted store than scanning your RAM to find passwords.

Remember that if you don't need to input a password to open the store, then anything with access to your device can also read it.

Wether it's encrypted in your RAM or not barely makes any difference in how difficult the task is.

The only solution is: Browsers should require a password. Or even better: Use a dedicated, properly secured password manager.

[–] Passerby6497@lemmy.world 2 points 1 day ago* (last edited 1 day ago) (1 children)

Chrome's handling is barely more secure. A compromised device will have a much easier time reading Chrome's encrypted store than scanning your RAM to find passwords.

Regardless, they're still loading them into memory in plain text, and knowing this exists, is going to be an easier task to grab than dealing with the encrypted store chromium uses. At least chromium uses the in built credential api to try to protect the secrets, the fact edge doesn't is an egregious security hole.

I don't disagree that users need to have to enter a password to view their stored passwords, but you're hand waving a massive and intentional decrease in security on Edge's part. No matter how easy it is to get out of another browser, this is a violation of basic secure development practices. Security is only as strong as the weakest link, and edge is determined to not even close one of the easiest links in the chain.

[–] iglou@programming.dev 1 points 1 day ago

I will disagree on the RAM scanning being easier. It is my opinion that the weakest link here is the password store.

The security hole here is a password management system that can work without external secret. It is shocking that this is still common practice and that people use them.