SOLVED

New security feature: Passwords Length are now Hidden in Edge Password Manager

Highlighted
Honored Contributor

Microsoft Edge Version 83.0.474.0 (Official build) canary (64-bit)

 

Now the Password Length is hidden in Edge browser's password manager: edge://settings/passwords

 

Previously even if you couldn't see the characters, you could still see how long the password is:

 

 

1.png

 

2.png

 

 

 

 

 

Now the Password Length is also hidden

 

 

3.png

 

4.png

 

5.png

 

6.png

 

11 Replies
Highlighted

Why it was dangerous to have masked passwords with visible length?

 

If an attacker has unrestricted physical access to your computer, they can just convert the password fields to text fields or use DevTools to read them as plaintext.

 

Chrome's security model didn't include this so I'm happy Microsoft implemented this feature. Thank you

Highlighted

@HotCakeX I love this feature! It also landed on Chrome Canary recently. But, are you sure it isn't a bug that Edge Canary shows empty characters in the password fields instead of fixed-width bullets? Because in Chrome Canary — regardless of the length of the password — it shows the same number of bullets for every password.

 

Here you can see the proof in the latest build of Chrome Canary (version 84.0.4104.0):

 

Before showing the passwordBefore showing the password

 

After showing the passwordAfter showing the password

Highlighted

Alright — I just compared the stable releases of Edge and Chrome, and yes they both do show the same number of characters as the actual length of the password: 

Chrome 80.0.3987.163 (Stable)Chrome 80.0.3987.163 (Stable)

 

Edge 80.0.361.109 (Stable)Edge 80.0.361.109 (Stable)

 

However, I prefer the approach of Chrome Canary though: instead of showing empty characters, it fills them with fixed length of blocks. It suits my OCD more. :smile:

Highlighted

@S-Dey 

Spoiler

@S-Dey wrote:

@HotCakeX Are you sure it isn't a bug that Edge Canary shows empty characters in the password fields instead of bullets? Because in Chrome Canary — regardless of the length of the password — it shows the same number of bullets. 

 

Here you can see the proof in the latest build of Chrome Canary (version 84.0.4104.0):

Before showing the passwordBefore showing the password

 

After showing the passwordAfter showing the password

 


Do you know what a bug is in a software? an unexpected behavior. that's it

 

I don't see how it is an unexpected behavior. users before asked to hide and don't show the actual length of passwords in Edge password manager and now that has exactly happened. so no it's not a bug.

 

Highlighted

@S-Dey 

Spoiler

@S-Dey wrote:

Alright — I just compared the stable releases of Edge and Chrome, and yes they both do show the same number of characters as the actual length of the password: 

Chrome 80.0.3987.163 (Stable)Chrome 80.0.3987.163 (Stable)

 

Edge 80.0.361.109 (Stable)Edge 80.0.361.109 (Stable)

 

However, I prefer the approach of Chrome Canary though: instead of showing empty characters, it fills them with fixed length of blocks. It suits my OCD more. :smile:


if you have a problem with OCD you can seek medical care for medications and therapies.

Highlighted

@HotCakeX You didn't have to personally attack me for that — I just told my preference that I don't like the idea of showing empty characters, and rather prefer how Google handles it with Chrome Canary: showing a fixed length of blocks for every password that doesn't necessarily match the actual length of the password. 

 

Moreover, the reason why I said it could be a bug is: perhaps Edge devs wanted to do the same approach as Chrome Canary, because showing a column "Password" and having nothing in there doesn't look good if UX has to be concerned.

 

 

Highlighted
Best Response confirmed by HotCakeX (Honored Contributor)
Solution

@S-Dey 

Spoiler

@S-Dey wrote:

@HotCakeX You didn't have to personally attack me for that — I just told my preference that I don't like the idea of showing empty characters, and rather prefer how Google handles it with Chrome Canary: showing a fixed length of blocks for every password. 

 

Moreover, the reason why I said it could be a bug is: perhaps Edge devs wanted to do the same approach as Chrome Canary, because showing a column "Password" and having nothing in there doesn't look good if UX has to be concerned.

 

 


Jesus..who is attacking you?!

 

you said you have OCD problem which is a health related issue and I only said: "if you have a problem with OCD you can seek medical care for medications and therapies."

 

that's NOT an attack. but if you still think it is an attack then report it to moderator.

 

I'm not sure what's wrong with some people in here recently, they just wanna fight and guard against others while the rest are just trying to be helpful. it's making me tired and reluctant to even post and do anything in this community anymore.

Highlighted

@HotCakeX you are our source for all things Edge! Keep up the spirit and just ignore such people... :)

Highlighted
Highlighted

@HotCakeX @S-Dey Hey there!

 

Online communication can be tough and while I don't believe in this instance @HotCakeX intended this comment as a personal attack, I can also see how it can come off that way. Let's be careful about our language going forward, be kind to each other and try to talk out these differences, and move on to the topic at hand.

Highlighted

@S-Dey 

 

As Edge is now showing a fixed length of blocks in the password field rather than just a blank, I guess we can take it that the previous behaviour just showing a blank was indeed a bug.