Access to Saved Passwords

Copper Contributor

Is there a way that we can access our saved passwords if we aren't using the browser.  For example, in Chrome you can go to passwords.google.com to access saved passwords and I would love something similar in the new Edge. 

13 Replies

@CristinaC 

 

I'm not sure how you visit passwords.google.com without using a browser ;)

 

Passwords stored by Edge Chromium are managed at edge://settings/passwords. My experiments seem to show, though, that changes here are not reflected in the Windows Credential Manager. I'll be submitting feedback about this.


Passwords stored by Edge Chromium are managed at edge://settings/passwords

It looks as if this TechCommunity platform doesn't support the use of the edge:// protocol. Since this is likely to figure largely in these discussions, could the Edge Insider team @Elliot Kirk please make whatever representations are necessary to get this to work?

Dev tools reveal this: 
false#M2512:1 Not allowed to load local resource: edge://settings/passwords
so this is probably a security setting somewhere, but where @Eric_Lawrence ?

It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).
At present, no, Edge doesn't have a viewer for your profile data (including passwords) that exists solely on a website. We've heard this feature request in the past and I understand why it's desirable. (Personally, I've been pushing for the ability to view my favorites on a web page, for similar reasons).
FWIW, the lack of Windows Credential Manager support is intentional. The challenge with mixing your new Edge browser credentials in the Windows credential manager is that the Windows Credential manager is per-Windows-Login-Account while the Edge Credential manager is per-Browser-Profile. There can be a one-to-many relationship between these accounts and profiles, and things get even messier when you consider the impact of roaming across multiple machines.

 


@Eric_Lawrence wrote:
It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).

Thanks for the quick response. Can you explain in simple words why they're blocked? Does the same apply to similar new protocol prefixes like ms-settings

Sure, my link is clickable, but nothing happens when I click it for the reason you gave ...

 

This looks suspiciously like a measure to protect users from themselves, thus denying them a very useful feature.

 


@Eric_Lawrence wrote:
FWIW, the lack of Windows Credential Manager support is intentional. The challenge with mixing your new Edge browser credentials in the Windows credential manager is that the Windows Credential manager is per-Windows-Login-Account while the Edge Credential manager is per-Browser-Profile. There can be a one-to-many relationship between these accounts and profiles, and things get even messier when you consider the impact of roaming across multiple machines.

OK, that makes some sort of sense, I suppose. However, I would really expect the same sort of treatment as I get when using a different browser, e.g. IE. The concept of 'browser profiles' is new to me, and I can't find any documentation about it. 

For example, I visit account.live.com and sign in with a different account from usual. I go ahead and change the password for the account, in the hope that I won't have to muck about with passwords when accessing that account in the future. Edge offers to save the password, which I accept. However, Credential Manager retains the old one, so when I next want to use that account in different circumstances, e.g. when using a different browser or an email client, I see a 'wrong password' message. That can't be in the user's best interests. 

Navigation to privileged URLs is blocked because they're commonly used as a stepping stone in multi-stage security vulnerabilities. e.g. a HTTPS page directs the user to a privileged page (e.g. edge:// something) and induces it to undertake a dangerous action.

You can visit edge://edge-urls/ to see a list of the most common such URLs. Some of these, you'll notice, will do very deliberately bad things (e.g. blow away the browser and all of its content).

As you've noticed, some "Application Protocol Handlers" (e.g. ms-settings) can be launched; these run outside of the browser. (It turns out that these are a significant source of attacks [https://blogs.msdn.microsoft.com/ieinternals/2011/07/13/understanding-protocols/] too, but attempts to retire the system have been fruitless).

@Eric_Lawrence 

Thanks very much. Clear and informative as usual. I subscribed to IE Internals back in the day, but your excellent 2011 article must have gone in one ear and out the other, probably because I'd never come across any of the more esoteric protocols. mailto: was about my limit.

 

I'll be looking to see what the benefits of different browser profiles might be. It's an entirely new concept for me.

 

Thanks again.

I would love to have a way to consult my saved Edge passwords from a web site. I recently lost access to my Windows partition and had some saved passwords there, so if there is some way to retrieve them (they were synchronized to my Microsoft account), I’d love to know.

@Noel Burgess Sorry, to clarify I meant if we aren't using the edge browser.  I can go to any computer or phone and access my google passwords, I was hoping for something similar for my Edge passwords. 

@CristinaC I thought it was pretty obvious from the start;), but just poking fun with that, no harsh-eties aimed at @Noel Burgess .  But in all seriousness, I relied (in Chrome) on the capability to go to my Google account website to retrieve previously-randomly-generated passwords from another device/browser all the time.

 

Most of the time, this need arises due to using Edge on my Android and EdgeDev on my computers (3 computers).  Since Edge doesn't sync passwords, the transition from Chrome has been bumpy in this regard.  A similar offering in Microsoft accounts / EdgeDev would be really nice to have, I assume it will come with the introduction of passwords being included in syncing.

 

However, just to be sure they have it on their radar I wanted to put this message here.

 

Google's password manager has been keeping me happy vs 3rd party offerings like 1Password, Dashlane, etc..  I'm crossing fingers the EdgeDev will copy this functionality like-for-like.

@Noel Burgess - To view saved passwords you would have to use the same profile across all installations of Edge on all devices. The main use case, for me at least, is to look at the passwords saved in other profiles, like my spouse's or a personal profile, when I have to access a web site in a browser window with creds not saved in mine. On desktop, Edge provides you the option to have multiple profiles but that is not the case with Mobile versions. So, the option to view passwords on a web site gives me flexibility. I am rooting for the time when everything becomes password less and authenticate using the Auth app.