Microsoft has removed a security feature in its Edge browser that impacts how password managers work. This change affects users who rely on third-party password managers like Bitwarden, Dashlane, or 1Password.
The feature in question was the automatic ‘Save Password’ option, which allowed Edge to store login credentials securely. Now, this option is disabled by default, requiring users to manually input passwords or update their password managers to maintain security.
The ‘Save Password’ feature was part of Edge’s built-in security system. It worked by encrypting stored passwords and using a secure vault to protect them. However, Microsoft recently updated Edge’s security policies, deactivating this feature to address potential privacy risks.
The company stated that the change was made to align with stricter data protection regulations and to prevent unauthorized access to user credentials. While this decision aims to enhance privacy, it has created challenges for password managers that depend on Edge’s automatic saving functionality.
Password managers typically integrate with browsers to automatically fill login fields and store credentials securely. When the ‘Save Password’ feature was active, Edge would prompt users to save their login details after entering them for the first time. This process was seamless and secure, as Edge encrypted the data using advanced algorithms.
However, with the feature disabled, password managers can no longer rely on Edge to trigger the saving process. Users must now manually input passwords, which increases the risk of errors and reduces convenience.
This change has sparked concerns among users and security experts. Some argue that disabling the ‘Save Password’ feature undermines the purpose of password managers, which are designed to simplify password management. Others suggest that the decision may be a response to recent security vulnerabilities in Edge’s password storage system.
For example, a 2022 report revealed that Edge’s encryption method had flaws that could be exploited by malicious actors. Microsoft’s update likely addresses these issues by removing the feature entirely and redirecting users to alternative solutions.
To adapt to this change, password managers like Bitwarden and Dashlane have released updates that bypass Edge’s new restrictions. These updates include manual prompts to save passwords or alternative encryption methods that work independently of Edge’s system.
However, users must ensure their password managers are updated to the latest version to avoid compatibility issues. If a password manager is not updated, it may fail to save passwords automatically, forcing users to rely on less secure methods like plain text storage or re-entering passwords repeatedly.
Microsoft has also introduced a new built-in password manager in Edge, which users can enable through the browser’s settings. This tool stores passwords locally on the device and uses biometric authentication (e.g., fingerprint or facial recognition) for access.
While this option provides a level of security, it is not as robust as third-party managers, which often use end-to-end encryption and cross-device synchronization. Users who prioritize security may prefer to continue using third-party managers but must ensure they are compatible with Edge’s updated policies.
The removal of the ‘Save Password’ feature highlights the ongoing tension between privacy and convenience in browser security. Microsoft’s decision reflects a broader industry trend toward stricter data protection, but it also underscores the importance of user education.
Users must understand how these changes affect their password management habits and take proactive steps to secure their accounts. For example, enabling two-factor authentication (2FA) for online services, using strong, unique passwords, and regularly updating password managers can mitigate the risks associated with this change.
In addition to updating password managers, users can explore other workarounds to maintain security. One option is to use Edge’s built-in password manager alongside third-party tools, ensuring that both systems are configured to store passwords securely.
Another approach is to disable Edge’s automatic login prompts entirely and rely on the password manager to handle all login processes. This method requires users to manually input passwords but eliminates the risk of Edge’s system being exploited.
Ultimately, the removal of the ‘Save Password’ feature is a reminder that browser security is an evolving field. Users must stay informed about changes to their tools and adjust their habits accordingly. For password manager users, this means staying updated with the latest software versions, understanding how browsers handle password storage, and implementing additional security measures to protect their accounts. By taking these steps, users can navigate the complexities of browser security while maintaining the convenience and protection offered by password managers.