06-26-2019 01:32 AM
06-26-2019 01:32 AM
In another conversation, I asked why passwords saved in Dev or Canary weren't also saved in the Windows Credential Manager. Eric Lawrence replied thus:
FWIW, the lack of Windows Credential Manager support is intentional. The challenge with mixing your new Edge browser credentials in the Windows credential manager is that the Windows Credential manager is per-Windows-Login-Account while the Edge Credential manager is per-Browser-Profile. There can be a one-to-many relationship between these accounts and profiles, and things get even messier when you consider the impact of roaming across multiple machines.
I accepted this because the concept of browser profile was new to me. Now, a few weeks later, I'm looking at the question again and admitting bafflement. It seems obvious that a specific Windows user can have more than one browser profile, but I can't see how there can be a one-to-many relationship between browser profile and Windows user account. How can Windows user B use Edge with Windows user A's profile? If there is a way, then there are some really serious implications!
Suppose I have two profiles, Burgess 1 for business and Burgess 2 for personal stuff. Whichever one I'm using at a particular time, I might want to sign in to Google using my email@example.com address as the username. Am I correct in thinking that if I then change the password for the Google account and ask Edge to save it, it will not be updated on the other profile? So I could potentially have many saved passwords for the same site, with no way of knowing which of them is the current one?
When I view the list of saved passwords at edge://settings/passwords, I have the ability to reveal each one. However, to do so, I have to complete a Windows Security form asking for the Windows user account credentials. So there clearly is already a link between the profile and the user account. So what is the objection to updating the Windows Credential Manager each time Edge saves a password in one of its profiles?
Each of my two profiles is associated with a different Microsoft Account. They are syncing to firstname.lastname@example.org and email@example.com respectively. While browsing as Burgess 1 and signed in as firstname.lastname@example.org at a Microsoft property, I can select Burgess 2 to open a new browser session. If I then visit a different Microsoft property in the new session and Sign in, I find that I'm automatically signed in with Burgess 1's credentials. Where did the second site find the access token to let me in without submitting any credentials?
Is this working as designed?