Home

Saving passwords

%3CLINGO-SUB%20id%3D%22lingo-sub-721257%22%20slang%3D%22en-US%22%3ESaving%20passwords%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-721257%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20another%20conversation%2C%20I%20asked%20why%20passwords%20saved%20in%20Dev%20or%20Canary%20weren't%20also%20saved%20in%20the%20Windows%20Credential%20Manager.%20Eric%20Lawrence%20replied%20thus%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3EFWIW%2C%20the%20lack%20of%20Windows%20Credential%20Manager%20support%20is%20intentional.%20The%20challenge%20with%20mixing%20your%20new%20Edge%20browser%20credentials%20in%20the%20Windows%20credential%20manager%20is%20that%20the%20Windows%20Credential%20manager%20is%20per-Windows-Login-Account%20while%20the%20Edge%20Credential%20manager%20is%20per-Browser-Profile.%20There%20can%20be%20a%20one-to-many%20relationship%20between%20these%20accounts%20and%20profiles%2C%20and%20things%20get%20even%20messier%20when%20you%20consider%20the%20impact%20of%20roaming%20across%20multiple%20machines.%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%3CFONT%20color%3D%22%23000000%22%3EI%20accepted%20this%20because%20the%20concept%20of%20browser%20profile%20was%20new%20to%20me.%20Now%2C%20a%20few%20weeks%20later%2C%20I'm%20looking%20at%20the%20question%20again%20and%20admitting%20bafflement.%20It%20seems%20obvious%20that%20a%20specific%20Windows%20user%20can%20have%20more%20than%20one%20browser%20profile%2C%20but%20I%20can't%20see%20how%20there%20can%20be%20a%20one-to-many%20relationship%20between%20browser%20profile%20and%20Windows%20user%20account.%20How%20can%20Windows%20user%20B%20use%20Edge%20with%20Windows%20user%20A's%20profile%3F%20If%20there%20is%20a%20way%2C%20then%20there%20are%20some%20really%20serious%20implications!%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%3CFONT%20color%3D%22%23000000%22%3ESuppose%20I%20have%20two%20profiles%2C%20Burgess%201%20for%20business%20and%20Burgess%202%20for%20personal%20stuff.%20Whichever%20one%20I'm%20using%20at%20a%20particular%20time%2C%20I%20might%20want%20to%20sign%20in%20to%20Google%20using%20my%20burgess%40gmail.com%20address%20as%20the%20username.%20Am%20I%20correct%20in%20thinking%20that%20if%20I%20then%20change%20the%20password%20for%20the%20Google%20account%20and%20ask%20Edge%20to%20save%20it%2C%20it%20will%20not%20be%20updated%20on%20the%20other%20profile%3F%20So%20I%20could%20potentially%20have%20many%20saved%20passwords%20for%20the%20same%20site%2C%20with%20no%20way%20of%20knowing%20which%20of%20them%20is%20the%20current%20one%3F%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%3CFONT%20color%3D%22%23000000%22%3EWhen%20I%20view%20the%20list%20of%20saved%20passwords%20at%26nbsp%3B%3CA%20href%3D%22edge%3A%2F%2Fsettings%2Fpasswords%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eedge%3A%2F%2Fsettings%2Fpasswords%3C%2FA%3E%2C%20I%20have%20the%20ability%20to%20reveal%20each%20one.%20However%2C%20to%20do%20so%2C%20I%20have%20to%20complete%20a%20Windows%20Security%20form%20asking%20for%20the%20Windows%20user%20account%20credentials.%20So%20there%20clearly%20is%20already%20a%20link%20between%20the%20profile%20and%20the%20user%20account.%20So%20what%20is%20the%20objection%20to%20updating%20the%20Windows%20Credential%20Manager%20each%20time%20Edge%20saves%20a%20password%20in%20one%20of%20its%20profiles%3F%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%3CFONT%20color%3D%22%23000000%22%3EEach%20of%20my%20two%20profiles%20is%20associated%20with%20a%20different%20Microsoft%20Account.%20They%20are%20syncing%20to%20burgess1%40msn.com%20and%20burgess2%40msn.com%20respectively.%20While%20browsing%20as%20Burgess%201%20and%20signed%20in%20as%20burgess1%40msn.com%20at%20a%20Microsoft%20property%2C%20I%20can%20select%20Burgess%202%20to%20open%20a%20new%20browser%20session.%20If%20I%20then%20visit%20a%20different%20Microsoft%20property%20in%20the%20new%20session%20and%20%3CSPAN%20style%3D%22font-style%3A%20italic%3B%22%3ESign%20in%3C%2FSPAN%3E%2C%20I%20find%20that%20I'm%20automatically%20signed%20in%20with%20Burgess%201's%20credentials.%20Where%20did%20the%20second%20site%20find%20the%20access%20token%20to%20let%20me%20in%20without%20submitting%20any%20credentials%3F%20%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20'Segoe%20UI'%3B%20font-size%3A%2011.0pt%3B%22%3E%3CFONT%20color%3D%22%23000000%22%3EIs%20this%20working%20as%20designed%3F%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-782769%22%20slang%3D%22en-US%22%3ERe%3A%20Saving%20passwords%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-782769%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9548%22%20target%3D%22_blank%22%3E%40Noel%20Burgess%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20an%20interesting%20question%20and%20I%20am%20surprised%20it%20hasn't%20been%20addressed%20sooner.%26nbsp%3B%20Is%20this%20issue%20still%20present%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGabriel%3C%2FP%3E%3C%2FLINGO-BODY%3E
Noel Burgess
Contributor

In another conversation, I asked why passwords saved in Dev or Canary weren't also saved in the Windows Credential Manager. Eric Lawrence replied thus:

 


@ericlaw wrote:
FWIW, the lack of Windows Credential Manager support is intentional. The challenge with mixing your new Edge browser credentials in the Windows credential manager is that the Windows Credential manager is per-Windows-Login-Account while the Edge Credential manager is per-Browser-Profile. There can be a one-to-many relationship between these accounts and profiles, and things get even messier when you consider the impact of roaming across multiple machines.

I accepted this because the concept of browser profile was new to me. Now, a few weeks later, I'm looking at the question again and admitting bafflement. It seems obvious that a specific Windows user can have more than one browser profile, but I can't see how there can be a one-to-many relationship between browser profile and Windows user account. How can Windows user B use Edge with Windows user A's profile? If there is a way, then there are some really serious implications!

 

Suppose I have two profiles, Burgess 1 for business and Burgess 2 for personal stuff. Whichever one I'm using at a particular time, I might want to sign in to Google using my burgess@gmail.com address as the username. Am I correct in thinking that if I then change the password for the Google account and ask Edge to save it, it will not be updated on the other profile? So I could potentially have many saved passwords for the same site, with no way of knowing which of them is the current one? 

 

When I view the list of saved passwords at edge://settings/passwords, I have the ability to reveal each one. However, to do so, I have to complete a Windows Security form asking for the Windows user account credentials. So there clearly is already a link between the profile and the user account. So what is the objection to updating the Windows Credential Manager each time Edge saves a password in one of its profiles?

 

Each of my two profiles is associated with a different Microsoft Account. They are syncing to burgess1@msn.com and burgess2@msn.com respectively. While browsing as Burgess 1 and signed in as burgess1@msn.com at a Microsoft property, I can select Burgess 2 to open a new browser session. If I then visit a different Microsoft property in the new session and Sign in, I find that I'm automatically signed in with Burgess 1's credentials. Where did the second site find the access token to let me in without submitting any credentials?

 

Is this working as designed? 

 

1 Reply

@Noel Burgess 

 

This is an interesting question and I am surprised it hasn't been addressed sooner.  Is this issue still present?

 

Gabriel

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies