Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.


TairikuOkami said:
Using a browser to save passwords has been a big no no for several decades, extensions are not better either.
I use Bitwarden desktop app, it is a bit cumbersome to copy/paste, but it is much more safer in a long term.
Click to expand...
The problem is the public here, not the people who know better or dont care.

All the more reason why passkeys need to be implemented asap everywhere.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    4TB Western Digital nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Keyboard
    Logitech G213
    Mouse
    Logitech G203
    Internet Speed
    1.2gbps Fiber 😎
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
I use 1Password with end-to-end encryption. Passwords are encrypted at all times, even locally.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 DA16260
    CPU
    Intel Series 3 Core Ultra X9 388H
    Memory
    64GB LPDDR5x 9600 MT/s
    Graphics Card(s)
    Intel Arc graphics B390 Panther Lake
    Monitor(s) Displays
    16" 3.2K Tandem OLED Infinity Edge
    Screen Resolution
    3200 x 2000 16:10 236 PPI
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    NPU delivering 67 TOPS
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Dell Support Assist
    Dell Command | Update
    Macrium Reflect X subscription
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Laptop 7
    CPU
    Snapdragon® X Elite (12 Core) with Hexagon NPU delivering 45 TOPS
    Memory
    32GB LPDDR5x 8448 MT/s
    Graphics card(s)
    Integrated Adreno GPU
    Sound Card
    Omnisonic speakers with Dolby Atmos spatial sound
    Monitor(s) Displays
    13.8″ PixelSense Flow touchscreen 120 Hz 600 NIT
    Screen Resolution
    2304 × 1536 (201 PPI), 3:2 aspect ratio
    Hard Drives
    1 TB PCIe NVMe Gen 4 SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio 2026
    Microsoft Visual Studio Code
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
    1Password Password Manager
    Microsoft Sysinternals
    Amazon Kindle for PC
    Microsoft BitLocker
    Microsoft Copilot
What's lost in this discussion is whether your password manager (native to the browser or an extension), caches passwords in memory or eventually throws them out after a preset time period.

For absolute security, a password manager needs to keep a decrypted password in memory only for the shortest amount of time. Long enough to copy into a web form and be submitted. Any longer, a process risks the possibility of being snooped or someone invoking a process exception, which causes Windows to create a crash dump.

A crash dump is simply a copy of the failed process's entire memory footprint at the time of the error. It may contain decrypted passwords stored in memory. So a secure program needs to throw away (or zero out) the decrypted passwords as soon as possible.

It could be you use a very strong encryption method for protection, or you own a lot of passwords. The time to unlock the database may be noticeable and annoying to the user. Many password managers can end up caching the unlocked passwords in memory for a long time (relative to the fact you stopped needing to fill in a form several minutes ago).

I use 1Password myself, and it times out after a while. You're forced to enter your 1Password password to unlock the database again. Presumably what 1Password is doing is throwing away the in-memory results and starting over. This means it's slow, but more secure. Other password managers might be keeping the unlocked password in memory until the browser exits.

That's the real question to ask your software maker. Do they properly dispose of in-memory passwords after an idle period?
 

My Computer

System One

  • OS
    Windows 7
garlin said:
What's lost in this discussion is whether your password manager (native to the browser or an extension), caches passwords in memory or eventually throws them out after a preset time period.

For absolute security, a password manager needs to keep a decrypted password in memory only for the shortest amount of time. Long enough to copy into a web form and be submitted. Any longer, a process risks the possibility of being snooped or someone invoking a process exception, which causes Windows to create a crash dump.

A crash dump is simply a copy of the failed process's entire memory footprint at the time of the error. It may contain decrypted passwords stored in memory. So a secure program needs to throw away (or zero out) the decrypted passwords as soon as possible.

It could be you use a very strong encryption method for protection, or you own a lot of passwords. The time to unlock the database may be noticeable and annoying to the user. Many password managers can end up caching the unlocked passwords in memory for a long time (relative to the fact you stopped needing to fill in a form several minutes ago).

I use 1Password myself, and it times out after a while. You're forced to enter your 1Password password to unlock the database again. Presumably what 1Password is doing is throwing away the in-memory results and starting over. This means it's slow, but more secure. Other password managers might be keeping the unlocked password in memory until the browser exits.

That's the real question to ask your software maker. Do they properly dispose of in-memory passwords after an idle period?
Click to expand...
I also use 1Password. It's my understanding that 1Password only decrypts long enough to do password entry. I use fairly fast hardware as you can see by clicking on My Computers. My Internet connection is close to gigabit speed. I don't detect any slowness. I use the 1Password browser extension, do you? You don't fill out your forum computer specs.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 DA16260
    CPU
    Intel Series 3 Core Ultra X9 388H
    Memory
    64GB LPDDR5x 9600 MT/s
    Graphics Card(s)
    Intel Arc graphics B390 Panther Lake
    Monitor(s) Displays
    16" 3.2K Tandem OLED Infinity Edge
    Screen Resolution
    3200 x 2000 16:10 236 PPI
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    NPU delivering 67 TOPS
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Dell Support Assist
    Dell Command | Update
    Macrium Reflect X subscription
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Laptop 7
    CPU
    Snapdragon® X Elite (12 Core) with Hexagon NPU delivering 45 TOPS
    Memory
    32GB LPDDR5x 8448 MT/s
    Graphics card(s)
    Integrated Adreno GPU
    Sound Card
    Omnisonic speakers with Dolby Atmos spatial sound
    Monitor(s) Displays
    13.8″ PixelSense Flow touchscreen 120 Hz 600 NIT
    Screen Resolution
    2304 × 1536 (201 PPI), 3:2 aspect ratio
    Hard Drives
    1 TB PCIe NVMe Gen 4 SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio 2026
    Microsoft Visual Studio Code
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
    1Password Password Manager
    Microsoft Sysinternals
    Amazon Kindle for PC
    Microsoft BitLocker
    Microsoft Copilot
TraderGary said:
I also use 1Password. It's my understanding that 1Password only decrypts long enough to do password entry. I use fairly fast hardware as you can see by clicking on My Computers. My Internet connection is close to gigabit speed. I don't detect any slowness. I use the 1Password browser extension, do you? You don't fill out your forum computer specs.
Click to expand...
I'm old school, I don't use the browser extension but the legacy 1Password desktop client. So my browser can't see anything I don't copy & paste. But that's just me.
 

My Computer

System One

  • OS
    Windows 7
Mark K said:
Microsoft wrote "We will no longer load passwords into memory on startup." What is changing in handling the password information in memory to web sites? I did not see any information on what is changing in handling the password/memory security concern.
Click to expand...

In Microsoft Edge 148.0.3967.70, Microsoft only changed the part of not loading password in memory at startup in plain text.

See: Version 148.0.3967.70: May 15, 2026 (Stable)
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell 16 Plus DB16255
    CPU
    AMD Ryzen AI 7 350 w/ Radeon 860M 50 TOPS
    Motherboard
    Dell 0PKMHG
    Memory
    32GB LPDDR5X 7500 MT/s
    Graphics Card(s)
    AMD Radeon 860M integrated (shared memory)
    Sound Card
    Stereo speakers (2.5 W x 2 = 5 W total peak)/Realtek SounzReal/Dolby Atmos
    Monitor(s) Displays
    Displays: 16" 1920 x 1200 (Full HD+/WUXGA) 300 nits 60Hz *** Samsung - 27” Odyssey FHD IPS 240Hz G-Sync Gaming Monitor
    Screen Resolution
    1920x1080 @ 60Hz
    Hard Drives
    EG6 KIOXIA 1TB NVME
    Case
    Ice Blue
    Cooling
    "dual-fan" or "enhanced" air-cooling system
    Mouse
    Logitech M650 Wireless/Bluetooth
    Internet Speed
    800/600 Fiber
BruceR said:
So now it works the same as all other browsers?
Click to expand...
That is what I am trying to find out. I thought Microsoft would provide that detail in the follow up.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell 16 Plus DB16255
    CPU
    AMD Ryzen AI 7 350 w/ Radeon 860M 50 TOPS
    Motherboard
    Dell 0PKMHG
    Memory
    32GB LPDDR5X 7500 MT/s
    Graphics Card(s)
    AMD Radeon 860M integrated (shared memory)
    Sound Card
    Stereo speakers (2.5 W x 2 = 5 W total peak)/Realtek SounzReal/Dolby Atmos
    Monitor(s) Displays
    Displays: 16" 1920 x 1200 (Full HD+/WUXGA) 300 nits 60Hz *** Samsung - 27” Odyssey FHD IPS 240Hz G-Sync Gaming Monitor
    Screen Resolution
    1920x1080 @ 60Hz
    Hard Drives
    EG6 KIOXIA 1TB NVME
    Case
    Ice Blue
    Cooling
    "dual-fan" or "enhanced" air-cooling system
    Mouse
    Logitech M650 Wireless/Bluetooth
    Internet Speed
    800/600 Fiber
If truly worried about it, host it yourself using PleasantPassword

pleasantpasswords.com

Purchase - Pleasant Password Server

Because we are hassle-free, our prices are openly listed and are a one-time payment with no required annual license fees. If these pricing packages don’t suit your current needs, we would be happy to provide a custom quote.
pleasantpasswords.com
 

My Computer

System One

  • OS
    Windows 11 Pro
You must log in or register to reply here.

Similar threads

  • Article Article
What Microsoft is changing and why for saved passwords in Microsoft Edge memory
Replies
3
Views
287
garlin
G

Latest Support Threads

Latest Tutorials

Back
Top Bottom