Forum Discussion

CristinaC's avatar
CristinaC
Copper Contributor
Apr 30, 2019

Access to Saved Passwords

Is there a way that we can access our saved passwords if we aren't using the browser.  For example, in Chrome you can go to passwords.google.com to access saved passwords and I would love something s...
room225_vms@outlook.com
Noel Burgess's avatar
Noel Burgess
Steel Contributor
Apr 30, 2019
Passwords stored by Edge Chromium are managed at edge://settings/passwords

It looks as if this TechCommunity platform doesn't support the use of the edge:// protocol. Since this is likely to figure largely in these discussions, could the Edge Insider team Elliot Kirk please make whatever representations are necessary to get this to work?

Dev tools reveal this: 
false#M2512:1 Not allowed to load local resource: edge://settings/passwords
so this is probably a security setting somewhere, but where Eric_Lawrence ?

Eric_Lawrence's avatar
Eric_Lawrence
Icon for Microsoft rankMicrosoft
Apr 30, 2019
It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).
  • Noel Burgess's avatar
    Noel Burgess
    Steel Contributor
    Apr 30, 2019

     

    Eric_Lawrence wrote:
    It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

    This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).

    Thanks for the quick response. Can you explain in simple words why they're blocked? Does the same apply to similar new protocol prefixes like ms-settings

    Sure, my link is clickable, but nothing happens when I click it for the reason you gave ...

     

    This looks suspiciously like a measure to protect users from themselves, thus denying them a very useful feature.

    • Eric_Lawrence's avatar
      Eric_Lawrence
      Icon for Microsoft rankMicrosoft
      Apr 30, 2019
      Navigation to privileged URLs is blocked because they're commonly used as a stepping stone in multi-stage security vulnerabilities. e.g. a HTTPS page directs the user to a privileged page (e.g. edge:// something) and induces it to undertake a dangerous action.

      You can visit edge://edge-urls/ to see a list of the most common such URLs. Some of these, you'll notice, will do very deliberately bad things (e.g. blow away the browser and all of its content).

      As you've noticed, some "Application Protocol Handlers" (e.g. ms-settings) can be launched; these run outside of the browser. (It turns out that these are a significant source of attacks [https://blogs.msdn.microsoft.com/ieinternals/2011/07/13/understanding-protocols/] too, but attempts to retire the system have been fruitless).
      • Noel Burgess's avatar
        Noel Burgess
        Steel Contributor
        May 02, 2019

        Eric_Lawrence 

        Thanks very much. Clear and informative as usual. I subscribed to IE Internals back in the day, but your excellent 2011 article must have gone in one ear and out the other, probably because I'd never come across any of the more esoteric protocols. mailto: was about my limit.

         

        I'll be looking to see what the benefits of different browser profiles might be. It's an entirely new concept for me.

         

        Thanks again.

Resources