Overview
- Microsoft rolled out the change in the Edge 145 update, and on Thursday it removed the browser’s Custom Primary (master) password for opted-in users so saved credentials must be unlocked by the device.
- Edge now uses device-level authentication such as Windows Hello, a device password, or other OS-level methods to gate access to the browser password manager.
- The company frames this as part of a wider shift away from SMS and traditional passwords toward passkeys, authenticator apps, and verified email to reduce fraud tied to SMS codes.
- Although security experts say biometrics and PINs lower the risks of reused or weak master passwords, Windows Hello has known limits such as requiring IR sensors and a usable camera in low light that can block sign-in for some users.
- People who want a master-password workflow can still use third-party password managers like LastPass, and the change may push some users to adopt hardware with biometric support or to move credentials into dedicated password apps.