Overview
- A Norwegian researcher showed that Edge loads every saved password into RAM as readable text.
- Reporters reproduced the finding by dumping Edge’s process memory and locating a test password that had not been used in that session.
- The researcher says Microsoft told him the behavior was an intentional design choice, according to Itavisen.no.
- Edge prompts for Windows Hello to view the password list, but that check does not stop someone who can create a memory dump.
- Security outlets urge users to delete any saved Edge passwords and move to a separate password manager, and the researcher plans a GitHub tool to help people check their systems.