Forum Discussion

CristinaC's avatar
CristinaC
Copper Contributor
Apr 30, 2019

Access to Saved Passwords

Is there a way that we can access our saved passwords if we aren't using the browser.  For example, in Chrome you can go to passwords.google.com to access saved passwords and I would love something s...
room225_vms@outlook.com
Noel Burgess's avatar
Noel Burgess
Iron Contributor
Apr 30, 2019

CristinaC 

 

I'm not sure how you visit passwords.google.com without using a browser ;)

 

Passwords stored by Edge Chromium are managed at edge://settings/passwords. My experiments seem to show, though, that changes here are not reflected in the Windows Credential Manager. I'll be submitting feedback about this.

Noel Burgess's avatar
Noel Burgess
Iron Contributor
Apr 30, 2019
Passwords stored by Edge Chromium are managed at edge://settings/passwords

It looks as if this TechCommunity platform doesn't support the use of the edge:// protocol. Since this is likely to figure largely in these discussions, could the Edge Insider team Elliot Kirk please make whatever representations are necessary to get this to work?

Dev tools reveal this: 
false#M2512:1 Not allowed to load local resource: edge://settings/passwords
so this is probably a security setting somewhere, but where Eric_Lawrence ?

  • Eric_Lawrence's avatar
    Eric_Lawrence
    Icon for Microsoft rankMicrosoft
    Apr 30, 2019
    It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

    This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).
    • Noel Burgess's avatar
      Noel Burgess
      Iron Contributor
      Apr 30, 2019

       

      Eric_Lawrence wrote:
      It is deliberate that the browser blocks navigation to edge:// protocol links for security reasons.

      This forum software probably SHOULD NOT try to convert such links into hyperlinks (making them clickable).

      Thanks for the quick response. Can you explain in simple words why they're blocked? Does the same apply to similar new protocol prefixes like ms-settings

      Sure, my link is clickable, but nothing happens when I click it for the reason you gave ...

       

      This looks suspiciously like a measure to protect users from themselves, thus denying them a very useful feature.

      • Eric_Lawrence's avatar
        Eric_Lawrence
        Icon for Microsoft rankMicrosoft
        Apr 30, 2019
        Navigation to privileged URLs is blocked because they're commonly used as a stepping stone in multi-stage security vulnerabilities. e.g. a HTTPS page directs the user to a privileged page (e.g. edge:// something) and induces it to undertake a dangerous action.

        You can visit edge://edge-urls/ to see a list of the most common such URLs. Some of these, you'll notice, will do very deliberately bad things (e.g. blow away the browser and all of its content).

        As you've noticed, some "Application Protocol Handlers" (e.g. ms-settings) can be launched; these run outside of the browser. (It turns out that these are a significant source of attacks [https://blogs.msdn.microsoft.com/ieinternals/2011/07/13/understanding-protocols/] too, but attempts to retire the system have been fruitless).

Resources