Autofill in Microsoft Edge

Microsoft

Autofill of forms is a feature familiar to most Microsoft Edge customers (or for that matter, users of most modern browsers). In the next version of Microsoft Edge too, you can expect the browser to remember your passwords for all your favorite websites and help you fill in your address and credit card details with one-click whenever you come across these forms online. In this post, we will cover some of these features that you’ve come to depend on and use in your everyday life.

 

View and Delete passwords within Microsoft Edge itself
Earlier, one needed to go to Windows Settings > Credentials Manager to view and delete saved passwords. Now this functionality is available within Microsoft Edge browser itself. You can View (after authenticating) and Delete your saved passwords in Settings > Profiles > Passwords.

autofill01.png

 

Autofill suggestions made more usable
These changes have been made to improve the form suggestions experience.

 

Full preview of address data with field highlighting
Filling an address form can sometimes involve effort even with autofill, especially when you have multiple similar addresses saved. Microsoft Edge lets you preview your autofill data for all suggestions within the same dropdown itself, making it easier to choose the right address to fill. 
autofill02.png
To help you quickly select the autofill suggestion, the value corresponding to the field currently in focus is highlighted in the suggestions.

autofill03.png

Ease of access for credentials
In login forms, Microsoft Edge now offers the ability to choose a credential pair both from the username field as well as the password field.


autofill04.pngautofill05.png

 

Browser data import for a seamless transition 

A possible roadblock to try out a new browser is the unavailability of data that’s important to you, such as your favorites, passwords and other autofill data. Microsoft Edge smoothly overcomes this hurdle by making your passwords, payment info and addresses available right from the first launch.

 

Upon browser setup, you may choose to keep your data from another browser. If so, you will find all your form data under Settings > Profile and you can manage your data as needed. If you have credit cards that are linked to your Microsoft account, you will not be able to view them yet in the autofill interface. This will be available soon.

autofill06.png

There is also an option to import all your autofill data on-demand, again through Settings > Profile. Remember that your existing data set will be replaced by the new data you import.

 

Sync autofill data across your devices
Work on syncing data across different devices is currently underway – expect these changes to reflect in the upcoming builds.

 

Control over your autofill data
As a Microsoft Edge user, you have full control on the autofill feature as well as your autofill data. It is important to us that you can easily view, delete and manage your personal data at any point of time. You can also enable/disable the whole feature for passwords, payment info and addresses, respectively.

autofill07.png

 

Looking ahead
This is just the beginning. We know that your time is super valuable. And every second that we spare you from typing out your details each time you shop online, or every bit of mind space we free up from remembering a complex password, counts. Which is why, in the new Microsoft Edge it is important that you get a reliable autofill experience that works intuitively whenever you come across a form on the web.


And to get there, we need your help. You can help us by sharing examples of areas where autofill in Microsoft Edge can do better.

 

We look forward to your inputs!

76 Replies

@Elliot Kirk 

I like what i see so far, but i kind of wish this would work more like a password manager. When i go to a website i have to log onto the password manager before it will fill the password. So it provides a second login. I suppose logging into Windows is a similar control but if you leave your computer on someone else would be able to get to all your websites that have saved passwords in Edge. 

 

It would be nice to have a password generator button on a website when you want to change a password. Is that something you plan on adding? Enpass password manager has a nifty setup for specifying how complicated you want passwords to be, how long, include upper and lower case, numbers, symbols, pronounceable words or just nonsense. Any password generator would be a great addition.

Thanks @leon_h for your inputs. Understand your preference for having an additional login. However as of today, you would be able to sign in and sign out of the browser independently of Windows login. We will look into your feedback. Thanks again for sharing your thoughts.

@Elliot Kirk This may sound counter-intuitive, but I think you should consider investing in integration with popular password / autofill managers such as LastPass and Dashlane. Basically, the ideal scenarios would be like this:

 

At official release of Edge C, I will be able to link my current LastPass / Dashlane to my Windows account.

No extensions needed to be installed. I can access (read & write) passwords / personal info stored in LastPass / Dashlane via native Edge C user experience.

As Edge C password / autofill manager features mature, particularly syncing across devices and sharing among family members, I'm provided a way to import from LastPass / Dashlane into Edge C and retire my LastPass / Dashlane accounts. When browsing, I will continue to use the native Edge C user experience I will have grown familiar with by then.

@ppnacho There is a master password for Chrome, and now for Edge (Dev).  It currently requires you to re-authenticate with you Windows Credentials, so being absent from post without locking your computer (a very bad practice, by the way) will still require the malicious passerby to authenticate access again through Windows.


@Mary Branscombe wrote:

... the Windows account is protected by multiple layers of security, 

 


@Mary Branscombe , @Eric_Lawrence 

I apologize for writing a long post on this topic yesterday; this article is well hidden and I hadn't seen it before1.

 

The article answers many of my questions, but not this one: what is the objection to updating the Windows Credential Manager each time Edge saves a password in one of its profiles? Windows Credentials are protected by yet another layer of security on top of the multiple layers you mention: passwords can only be revealed by entering the user's Windows username and password.

 

It is tiresome to have to maintain multiple lists of saved passwords when we used only to have one to deal with.

 

 

  1. I customarily open the Discussions bit of this community to see what's new. I hadn't realized that there was a second, busy section called Articles, many of which also have a long tail of comments, questions and answers. Could I suggest that an article author post briefly in Discussions to alert users to a new article's existence? And perhaps suggest that users discuss its subject matter in Discussions?
"what is the objection to updating the Windows Credential Manager each time Edge saves a password in one of its profiles?"

The most immediate problem is that Windows Credential Manager is a per-Windows-user-account feature, while a single Windows User Account may have multiple unrelated Edge Profiles, each of which is designed to have a separate set of unshared credentials.

"passwords can only be revealed by entering the user's Windows username and password"

It's not quite as simple as that. As soon as any password is filled in the browser, it is trivial to retrieve it. https://textslashplain.com/2017/10/16/stealing-your-own-password-is-not-a-vulnerability/

@Eric_Lawrence 

 


@Eric_Lawrence wrote:

... a single Windows User Account may have multiple unrelated Edge Profiles, each of which is designed to have a separate set of unshared credentials.


I'm probably being particularly dense, but I still don't get it.

 

I have spent years of my life - since XP days - trying to persuade people not to share their Windows user account with anyone who they don't want to be able to read their documents, see their pictures, read their email and see their passwords.

 

Each set of credentials is unique. A particular site - login.live.com, for example - may allow for multiple usernames for a single account (any number of aliases, a phone number and a Skype name), but the password is (or should be) unique to that account. So the Windows Credential Manager stores this unique password for each of the usernames whenever it's used in IE or Edge. There is no possibility (or ought not to be) of being able to sign in at a particular site with a specific username and more than one password.

 

So where does unshared come from? Of course credentials are not (normally) shared with different Windows user accounts, although it's quite possible for, say, a whole family to share an Outlook.com's calendar and contacts simply by having a 'family account' expressly for that purpose.

 


"passwords can only be revealed by entering the user's Windows username and password"
It's not quite as simple as that. As soon as any password is filled in the browser, it is trivial to retrieve it.


Sorry, I was referring solely to being able to reveal passwords in Credential Manager.  

 

The article you referred to only talks about 'stealing' your own password from the browser. That password may be stored by the browser in the browser profile, but that profile is only accessible by the Windows user concerned. If the Windows user account is properly protected with a strong password or biometric data as Mary explained, then the browser profile and its stored passwords are equally well protected. ¿No?

It's absolutely a best practice for each person who uses a computer to use their own Windows login account. That good hygiene is unfortunately not universally practiced.

That said, it remains "By-Design" that every profile running in the Edge browser, even within a single Windows User Account, has partitioned credentials that are not shared with any other profile.

I'm not clear on what benefit you'd obtain by having all profiles' credentials to be placed into the Windows User account's OS Credential Manager as well; the browser would still have to track which credential pairs belong to which browser profile, and the credentials in the Credential Manager would not be any better-protected if, in your design, the credentials are released to the browser for use.

@rfmarves 

Win+L, never leave home without it.  If that is ever used as an ad slogan, I'll be rich ;)

@Mary Branscombe wrote:

... the Windows account is protected by multiple layers of security, 

Thanks Mary.  This, of course, jibes with what some of us have been striving to convey.



Cheers,
Drew
thVY64FD02.jpg

@Noel Burgess 

That password may be stored by the browser in the browser profile, but that profile is only accessible by the Windows user concerned. If the Windows user account is properly protected with a strong password or biometric data as Mary explained, then the browser profile and its stored passwords are equally well protected. ¿No?

YES, Noel.  I will just add to what you have said & said well.  That is the whole nice point of single sign-on; the MS/Windows acc't with its VERY unique User name & P/W is a person's passport, allows travel and gets a visa stamp when they go anywhere with it so they can enter various 'countries' and be recognized. Plus, beyond & an addition to that, specific sites or heaps of things we do require their own unique User name & P/W to enter THAT place.  Just use strong P/Ws & let's move on :smiling_face_with_smiling_eyes:  Well, as long as you don't forget P/Ws ;) If everyone, really, knew the authentication processes & policies of MS & Windows there be less discussion or concern... to know them is to appreciate them.  It is, deep, wide & strong!

Cheers,
Drew
thVY64FD02.jpg


Sometimes there is a need to use 2 separate accounts for the same website/form.  Examples could include when dev/testing a website or service, or if you have one admin account and one regular account for something.

 

This is something that password managers such as LastPass support, but the browser (Edge C) doesn't (as far as I'm aware).

Sure, Edge (and all other Chromium-based browsers) support having multiple accounts for a single form field. The browser will autofill one (probably the most recently used) but you can easily just click into the field and select the other account from the dropdown.

Screenshot: https://snag.gy/Vt9Yx1.jpg

@kevmy21 

 


Sometimes there is a need to use 2 separate accounts for the same website/form...

This is something that password managers such as LastPass support, but the browser (Edge C) doesn't (as far as I'm aware).


Have another look. Here's (part of!) my list of credentials in Dev for https://login.live.com. I also wanted to show that the same account can have several different usernames - the one with a phone number is the same as two of those with email addresses (primary and secondary alias) and as one of those with just a Skype name. And they all appear in a dropdown from the username entry field when I visit the site.
  
ED-Passwords-multiple.png

 

 

@Noel Burgess thanks for sharing an example of how it works.

@Elliot Kirk When RoboForm extension is installed, integrated autofill is disabled. Why? It was working fine before. I want to save some passwords in RoboForm and some just in Edge. Why I have to choose?

robo-edge.png

@Elliot Kirk 

Do you intend to save (via end to end encryption or not) the OTP keys, currently I am obliged to use Authy for this while you propose one (but whose key backup is impossible).

If you're looking for a TOTP app you can already use the Microsoft Authenticator app

i'm not using it since it's very difficult to backup otp (encrypted or not) if i lost my phone

 

edit : i'm on android

@Deleted I do use it but agree we need to be able to back it up, unless it is backed up by the system and restored with a system reset. I would hate to rely on this for keeping all my user names and passwords and then have the system fail and lose them all.


@Deleted wrote:

i'm not using it since it's very difficult to backup otp (encrypted or not) if i lost my phone

 

edit : i'm on android


@Deleted I do use it but agree we need to be able to back it up, unless it is backed up by the system and restored with a system reset. I would hate to rely on this for keeping all my user names and passwords and then have the system fail and lose them all.