Forum Discussion
Autofill in Microsoft Edge
I'm not a fan of saving sensitive information automatically. But I understand that sometimes simplifies life.
With respect to the first section, it seems fundamental to me that you can not see the memorized passwords. It requires a minimum of security or at least put it a little difficult to see those keys. As long as you do not put a master key (like firefox does) I will never use this option. It always seemed like a big security hole on Google's part. Microsoft should not follow that line. Anyone can be absent from his post for a minute (no more) and someone can see all the keys in a very simple way.
Thank you.
---------------------
En español:
No soy fan de guardar informacion sensible de forma automatica. Pero entiendo que en ocasiones simplifica la vida.
Con respeto al primer apartado, me parece fundamental que NO se puedan ver las password memorizadas. Se pide un minimo de seguridad o al menos ponerselo un poco dificil al que quiera ver esas claves. Mientras no se ponga una clave maestra (como hace firefox) yo no utilzare nunca esta opcion. Siempre me parecio un gran agujero de seguridad por parte de google. Microsoft no deberia seguir esa linea. Cualquiera se puede ausentar de su puesto un minuto (no mas) y alguien poder ver todas las claves de forma muy sencilla.
Muchas gracias.
- AmineIJun 04, 2019Brass Contributor
ppnacho wrote:
With respect to the first section, it seems fundamental to me that you can not see the memorized passwords. It requires a minimum of security or at least put it a little difficult to see those keys. As long as you do not put a master key (like firefox does) I will never use this option. It always seemed like a big security hole on Google's part. Microsoft should not follow that line. Anyone can be absent from his post for a minute (no more) and someone can see all the keys in a very simple way.Doesn't it ask for the Windows account password though ppnacho ? For me it does - and it makes sense to me since the browser is only as protected as the account it's on. If you're "away from your post", then since they don't have your Windows password you're fine.
- Drew1903Jun 05, 2019Silver Contributor
AmineI
I'm chuckling, in a nice way, from your last paragraph... coincidentally, had just recently had an exchange with someone trying to say something about local account vs MS Account. And, here we go with, yet, another one of the plethora of reasons for using YOUR User Account (Email & P/W). The timing made me smile 😊 Who says there is no such thing as coincidence 😉
Cheers,
Drew - ppnachoJun 05, 2019Iron Contributor
Apologies for my English!
Leaving the security of the passwords of your favorite sites in the hands of your computer's windows account is an option ... but it does not seem the most appropriate, or at least it does not seem enough. I think that there where you keep passwords should have a layer of security and this is the suggestion I make in this section. Firefox and thunderbird do it with a master key. I do not think he's asking for anything absurd.
In any case, it is a suggestion that I make and that I think is positive for everyone. It is not my intention to create any discussion.
Thank you!
------------------------------------------------------------
(En español)
Disculpas por mi ingles!!
Dejar la seguridad de las contraseñas de tus sitios favoritos en manos de la cuenta de windows de tu equipo es una opcion ... pero no me parece la mas apropiada, o al menos no me parece suficiente. Creo que alli donde tu guardes contraseñas deberia tener una capa mas de seguridad y esto es la sugerencia que hago en este apartado. Firefox y thunderbird lo hacen con una clave maestra. No creo que este solicitando nada absurdo.
En cualquier caso, es una sugerencia que hago y que creo que es positiva para todo el mundo. No es mi intencion crear ninguna discusion.
Gracias
- Drew1903Jun 05, 2019Silver ContributorAlso, keep in mind, before browser even comes info play... The security in the OS is strong With 2 stage authentication and more. For it to be suggested that products might not be safe and secure... Seems unlikely in 2020 from MS. Would be a given, in this day and age. MS, certainly know threat mitigation is critical. Computing must be done without fear.
Cheers,
Drew
- scrblJun 19, 2019Iron ContributorI'm with Elliot. I currently use LastPass as my Password Manager, due to the security. It's good to find out that Firefox has a master key. Edge (Chromium) should adopt something similar...
In fact, it would be nice to see Windows Hello security implemented in Edge (Chromium) - rfmarvesJun 27, 2019Copper Contributor
ppnacho There is a master password for Chrome, and now for Edge (Dev). It currently requires you to re-authenticate with you Windows Credentials, so being absent from post without locking your computer (a very bad practice, by the way) will still require the malicious passerby to authenticate access again through Windows.
- Drew1903Jun 27, 2019Silver Contributor
rfmarves
Win+L, never leave home without it. If that is ever used as an ad slogan, I'll be rich 😉
@Mary Branscombe wrote:... the Windows account is protected by multiple layers of security,
Thanks Mary. This, of course, jibes with what some of us have been striving to convey.
Cheers,
Drew
- Hubert DaubmeierJul 18, 2019Copper Contributor> I'm not a fan of saving sensitive information automatically. I think it requires the clarification that passwords are not saved automatically. Each one requires the user to confirm each password to be saved. And it think nobody should take that control away - neither by never saving nor by always saving pwds. In my experience a concious decision is required for every site. Some I trust, others I don't. And that is what I end up with: the list shows where I never saved a pwd. Looking thru my list, the list is about right. Only desire I would have is to enable better mass deletion. Just posted that response a min ago.