Microsoft promises to keep saved passwords out of Edge browser until needed

Published: 19 May 2026
microsoft edge blue-greenish icon in white background on black screen, finger tip
Microsoft Edge App displayed on the screen of a smartphone. Thomas Trutschel/Photothek/Getty.

Microsoft Edge will no longer load saved passwords into its memory as soon as the web browser is launched.

Earlier this month, security researcher Tom Jøran Sønstebyseter Rønning publicly disclosed that Edge loads saved passwords into process memory in cleartext at startup and keeps them in cleartext for the entire duration of the session.

This also happens when a user never visits a site that uses those credentials, the security researcher found out. However, this becomes a security risk if an attacker with administrative access on a terminal server can access the memory of all logged-on user processes.

ADVERTISEMENT

In response, Microsoft acknowledged that this behavior happens intentionally.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“Safety and security are foundational to Microsoft Edge. Access to browser data, as described in the reported scenario, would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats,” a Microsoft spokesperson explained.

In a blog post, the Redmond-based tech company says it’s addressing the reported issue and will no longer load passwords into memory when launching Edge.

“This defense-in-depth change will come to every supported version of Edge (Stable, Beta, Dev, Canary, and the Extended Stable channel our enterprise customers run), and we’re prioritizing the rollout. The change is live now in Edge Canary and included in the next update for all Edge releases, build 148 and newer,” Gareth Evans, Microsoft Edge Security Lead, states in a recently published blog post.

Users of Microsoft Edge’s password manager don’t need to take any action: the change will reach them through the normal update channel.

Tom Jøran Sønstebyseter Rønning reacted with surprise when Microsoft announced it was canceling the loading of passwords in memory on startup.

ADVERTISEMENT

“Microsoft has changed their mind! They say that Edge ‘will no longer load passwords into memory on startup’. I have to admit, I did not think they would change their mind on this matter. Hats off to @MicrosoftEdge,” he wrote on X.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked