Edge Dev (latest version) crashes when autofill tries to open
Hey there, Yesterday i spoke with a guy from Microsoft's Support (the official one ofcourse) for like.. 4 hours... trying to resolve my Microsoft Edge crashing and the autofill on several websites (including microsoft.com itself) to not function, like.. it pops up but i can't press any of the saved items. Does anyone.. have a clue at all? The Support person already tried reinstalling, clearing cookies, cache, extensions etc etc.. it's just not working. I'm honestly clueless.Saved Passwords in Edge are now available to All apps on Mobile - System Wide Password Manager
I've been using Microsoft Authenticator Beta app for a while on my Android phone, today I received an update and now the app works as a system-wide password manager (Password filler), for all websites and apps. This should work on IOS too. Links to Google play https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_US&gl=US And App store. https://apps.apple.com/us/app/microsoft-authenticator/id983156458 (remember you have to enroll in Beta for now until this is rolled out to the public) Q: How are my passwords protected by the Authenticator app? A: Authenticator app already provides a high level of security for multi-factor authentication and account management, and the same high security bar is also extended to managing your passwords. More info, Q&A and explanation here: https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-auth-app-faq#autofill-for-consumers[Bug] Password manager exposes the password length and decrypts without a private key!
This is a security issue that is out in the wild, though I do not think it is that so severe that it poses a risk to mention it here. The page edge://settings/passwords allows the person in front of the computer to reveal passwords after they convince the browser about their ownership by entering their account's password, or their PIN on that device. That's cool! The problem is, it also displays their actual lengths of the passwords without any proof of ownership! The problem here is two fold: How, even? How is it even able to do that in the first place? I would expect the passwords to be encrypted in such ways that even the browser itself cannot decipher the passwords, nor their lengths, without the private key, which should have been a derivative of the credential that the user should be entering. A premature hint! Exposing the length of the password is too much of a hint to tell someone who hasn't yet provided their proof of ownership. The browser is reluctant to expose the password as a whole; it asks for an authentication before doing that. Then, why is the browser even giving this piece of hint out? To convince the person in front of the computer that it really has the actual password? Aesthetics? Just now I realized that the auto-fill somehow also enters my password in plain text to the websites, without asking any private key or sorts... I guess then being the person in front of an unlocked computer is enough to get the passwords deciphered (and entered via auto-fill). Then my question is in reverse: What is the point of keeping them censored on edge://settings/passwords at all, if we trust this person so much? Windows in and of itself does not trust so easily: Fire up the "Credential Manager" (type that onto Start menu search). It displays the censored passwords with the dummy length of 8 or something. They are revealed only after authentication. I hope that, without authentication, it does not decipher the passwords nor give them away either. Why does a the browser give in? Could you provide an option on edge://settings/passwords to let us choose to require authentication before auto-filling the passwords? Just like the one that pops up when you hit the "peek" button to reveal the passwords. I personally find the auto-fill as it is kind of insecure. I would rather enter my PIN every time I log in (with cookies, this doesn't happen so frequently anyway), than to have the equivalent of keeping my passwords in a passwords.txt that I hid deep in my Documents. Sincerely, UtkanNew Feature: Ability to Delete single autocomplete form data in Edge browser
A new Feature was added in Microsoft Edge Version 81.0.413.0 (Official build) canary (64-bit) that lets you Delete single autocomplete form data. such as these: also a related post from another user that requested this feedback and probably resulted in this great feature to be implemented. Thanks for listening
