Microsoft Edge has been storing your saved passwords where anyone — or anything — could read them.
If you use Microsoft Edge and you’ve ever clicked “Save password” when a website asked, I have some unsettling news. In certain situations, Edge was storing those passwords in a way that anyone with access to your computer — including malicious software — could read them as easily as reading a text file. No cracking required. No special tools. Just open and read.
This isn’t about hackers in hoodies breaking through firewalls. It’s much simpler and scarier than that.
“It’s not that the lock was picked. There was no lock.”
What This Means for Regular People
Think about the passwords you’ve saved in your browser. Your bank. Your email. Amazon. Maybe your work login. Now imagine a piece of malware — the kind that arrives through a sketchy email attachment or a bad download — silently scooping up all of those passwords in seconds and sending them somewhere overseas. That’s not a hypothetical. That’s exactly what credential-stealing software does, and plain-text password storage makes it trivially easy.
Even without malware, the risks are real. A stolen laptop. A nosy coworker at an unlocked desk. A family member who stumbles across the wrong file. Passwords that are supposed to be secret become anything but.
Businesses Have Even More to Lose
For companies, one compromised employee’s browser can become a doorway into the entire organization. Work credentials, internal systems, client data — all potentially exposed from a single machine. And in industries like healthcare or finance, that kind of exposure doesn’t just cost money. It can trigger legal consequences and regulatory investigations.
⚠️ Microsoft has released patches addressing this issue. But this post is a reminder that a browser’s built-in password manager — no matter who makes it — was never really designed to be a fortress.
What You Should Do Right Now
Switch to a dedicated password manager. Apps like Bitwarden, 1Password, or Dashlane exist for exactly this purpose and are built with security as the entire point — not as an afterthought bolted onto a browser. Make sure your devices are updated. And turn on two-factor authentication wherever you can, so that even if a password does leak, it’s not enough on its own to get in.
Convenience is a feature browsers are great at. Keeping secrets is a different skill. Use the right tool for the job.