Forum Discussion

CristinaC's avatar
CristinaC
Copper Contributor
Apr 30, 2019

Access to Saved Passwords

Is there a way that we can access our saved passwords if we aren't using the browser.  For example, in Chrome you can go to passwords.google.com to access saved passwords and I would love something s...
room225_vms@outlook.com
Eric_Lawrence's avatar
Eric_Lawrence
Icon for Microsoft rankMicrosoft
Apr 30, 2019
It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).
Noel Burgess's avatar
Noel Burgess
Steel Contributor
Apr 30, 2019

 

Eric_Lawrence wrote:
It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).

Thanks for the quick response. Can you explain in simple words why they're blocked? Does the same apply to similar new protocol prefixes like ms-settings

Sure, my link is clickable, but nothing happens when I click it for the reason you gave ...

 

This looks suspiciously like a measure to protect users from themselves, thus denying them a very useful feature.

  • Eric_Lawrence's avatar
    Eric_Lawrence
    Icon for Microsoft rankMicrosoft
    Apr 30, 2019
    Navigation to privileged URLs is blocked because they're commonly used as a stepping stone in multi-stage security vulnerabilities. e.g. a HTTPS page directs the user to a privileged page (e.g. edge:// something) and induces it to undertake a dangerous action.

    You can visit edge://edge-urls/ to see a list of the most common such URLs. Some of these, you'll notice, will do very deliberately bad things (e.g. blow away the browser and all of its content).

    As you've noticed, some "Application Protocol Handlers" (e.g. ms-settings) can be launched; these run outside of the browser. (It turns out that these are a significant source of attacks [https://blogs.msdn.microsoft.com/ieinternals/2011/07/13/understanding-protocols/] too, but attempts to retire the system have been fruitless).
    • Noel Burgess's avatar
      Noel Burgess
      Steel Contributor
      May 02, 2019

      Eric_Lawrence 

      Thanks very much. Clear and informative as usual. I subscribed to IE Internals back in the day, but your excellent 2011 article must have gone in one ear and out the other, probably because I'd never come across any of the more esoteric protocols. mailto: was about my limit.

       

      I'll be looking to see what the benefits of different browser profiles might be. It's an entirely new concept for me.

       

      Thanks again.

Resources