Forum Discussion

Don_Warren's avatar
Don_Warren
Copper Contributor
Mar 24, 2023

Edge "Choose an Account" Autofill Security Risk

I have seen several instances where Edge has saved and retained the login credentials for someone simply because they might have logged on to their microsoft account on that PC at some point in the past. Example:  On one of my customer's PC's, my login information is prefilled & available to anyone who uses that PC. I've checked all options listed under Windows Settings/Accounts but my account is not shown there... and I have no way to delete it. Removing the account from the Edge Profile does nothing... it appears to delete it, HOWEVER, if you click the profile icon in the top right corner, my login information is still there, and it DOESNT REQUIRE A PASSWORD to log back into that profile, which appears to expose them to all my saved profile info including passwords, links, etc.  

Every post I've read on this has not addressed this issue... they say to delete the profile, or to remove it from Windows Settings / Accounts... but my account is not listed there. So there's nothing to delete.  I've cleared cache, searched the registry for my email address, searched various Edge settings, but no luck.  I have one of the managers at a customer site who is extremely concerned because one of her employees has access to her profile. This is a PROBLEM.  Anyone have a clue on this?  

  • I would make sure that you are clearing the cache including cookies and other site data, passwords, and autofill form data. You can find this under privacy, search, and services. When you click choose what to clear, make sure you have All Time selected. You can also open the browser again, go to the same page, and select choose what to clear every time you close the browser, and it will show if there are any items still there. There have been times that the browser crashes instead of clearing everything, so it has to be done more than once.

Resources