Forum Discussion
Autofill in Microsoft Edge
I'm not a fan of saving sensitive information automatically. But I understand that sometimes simplifies life.
With respect to the first section, it seems fundamental to me that you can not see the memorized passwords. It requires a minimum of security or at least put it a little difficult to see those keys. As long as you do not put a master key (like firefox does) I will never use this option. It always seemed like a big security hole on Google's part. Microsoft should not follow that line. Anyone can be absent from his post for a minute (no more) and someone can see all the keys in a very simple way.
Thank you.
---------------------
En español:
No soy fan de guardar informacion sensible de forma automatica. Pero entiendo que en ocasiones simplifica la vida.
Con respeto al primer apartado, me parece fundamental que NO se puedan ver las password memorizadas. Se pide un minimo de seguridad o al menos ponerselo un poco dificil al que quiera ver esas claves. Mientras no se ponga una clave maestra (como hace firefox) yo no utilzare nunca esta opcion. Siempre me parecio un gran agujero de seguridad por parte de google. Microsoft no deberia seguir esa linea. Cualquiera se puede ausentar de su puesto un minuto (no mas) y alguien poder ver todas las claves de forma muy sencilla.
Muchas gracias.
ppnacho wrote:
With respect to the first section, it seems fundamental to me that you can not see the memorized passwords. It requires a minimum of security or at least put it a little difficult to see those keys. As long as you do not put a master key (like firefox does) I will never use this option. It always seemed like a big security hole on Google's part. Microsoft should not follow that line. Anyone can be absent from his post for a minute (no more) and someone can see all the keys in a very simple way.
Doesn't it ask for the Windows account password though ppnacho ? For me it does - and it makes sense to me since the browser is only as protected as the account it's on. If you're "away from your post", then since they don't have your Windows password you're fine.
- ppnachoJun 05, 2019Iron Contributor
Apologies for my English!
Leaving the security of the passwords of your favorite sites in the hands of your computer's windows account is an option ... but it does not seem the most appropriate, or at least it does not seem enough. I think that there where you keep passwords should have a layer of security and this is the suggestion I make in this section. Firefox and thunderbird do it with a master key. I do not think he's asking for anything absurd.
In any case, it is a suggestion that I make and that I think is positive for everyone. It is not my intention to create any discussion.
Thank you!
------------------------------------------------------------
(En español)
Disculpas por mi ingles!!
Dejar la seguridad de las contraseñas de tus sitios favoritos en manos de la cuenta de windows de tu equipo es una opcion ... pero no me parece la mas apropiada, o al menos no me parece suficiente. Creo que alli donde tu guardes contraseñas deberia tener una capa mas de seguridad y esto es la sugerencia que hago en este apartado. Firefox y thunderbird lo hacen con una clave maestra. No creo que este solicitando nada absurdo.
En cualquier caso, es una sugerencia que hago y que creo que es positiva para todo el mundo. No es mi intencion crear ninguna discusion.
Gracias
- MaryBJun 05, 2019Steel Contributor
ppnacho the Windows account is protected by multiple layers of security, including biometrics if they're on your device; so when I go to view a credential, it uses Windows Hello facial recognition because that's how I sign in. If you use a PIN, it's encrypted and stored in the TPM. no need to make security inconvenient because if it is, users will turn it off.
- Noel BurgessJun 27, 2019Steel Contributor
MaryB wrote:
... the Windows account is protected by multiple layers of security,
MaryB , Eric_Lawrence
I apologize for writing a long post on this topic yesterday; this article is well hidden and I hadn't seen it before1.The article answers many of my questions, but not this one: what is the objection to updating the Windows Credential Manager each time Edge saves a password in one of its profiles? Windows Credentials are protected by yet another layer of security on top of the multiple layers you mention: passwords can only be revealed by entering the user's Windows username and password.
It is tiresome to have to maintain multiple lists of saved passwords when we used only to have one to deal with.
- I customarily open the Discussions bit of this community to see what's new. I hadn't realized that there was a second, busy section called Articles, many of which also have a long tail of comments, questions and answers. Could I suggest that an article author post briefly in Discussions to alert users to a new article's existence? And perhaps suggest that users discuss its subject matter in Discussions?
- Drew1903Jun 05, 2019Silver ContributorAlso, keep in mind, before browser even comes info play... The security in the OS is strong With 2 stage authentication and more. For it to be suggested that products might not be safe and secure... Seems unlikely in 2020 from MS. Would be a given, in this day and age. MS, certainly know threat mitigation is critical. Computing must be done without fear.
Cheers,
Drew
- Drew1903Jun 05, 2019Silver Contributor
AmineI
I'm chuckling, in a nice way, from your last paragraph... coincidentally, had just recently had an exchange with someone trying to say something about local account vs MS Account. And, here we go with, yet, another one of the plethora of reasons for using YOUR User Account (Email & P/W). The timing made me smile 😊 Who says there is no such thing as coincidence 😉
Cheers,
Drew