It is being reported that Microsoft Edge keeps passwords unencrypted and that is by design.
From https://proton.me/business/blog/microsoft-edge-passwords-exposed
Just say no to Edge?
From https://proton.me/business/blog/microsoft-edge-passwords-exposed
Quote:
If you save passwords in Microsoft Edge, there's a security risk you should know about. According to a new disclosure, whenever you open Edge, the browser immediately loads all saved passwords into memory in readable form not just the password for the website you're logging into. That means credentials for every account saved in Edge could be exposed if malware, a compromised admin account, or another attacker gains access to your device or user session[/.b].
...
Security researcher Tom Jran Snstebyseter Rnning says Microsoft Edge loads all saved passwords into the browser's memory in plaintext as soon as it launches, instead of only decrypting a specific password when it's needed. This includes all passwords saved in the Edge password manager, even those for websites you don't visit or autofill during the current browsing session.
...
If an attacker gains sufficient access to the device or user session, they may be able to inspect the browser's memory. If only one password is decrypted when needed, the attacker has a smaller window and less data to capture. But if every saved password is already sitting in memory unprotected by encryption, memory scraping becomes far more valuable.
Just say no to Edge?
