Microsoft Edge Loads All Saved Passwords in Plain Text Upon Launch

Laurent Giret
May 06, 2026
10

Microsoft Edge

If you’re using Microsoft’s Edge browser to save your passwords, you may want to think again. Security researcher Tom Jøran Sønstebyseter Rønning revealed this week that the browser loads all saved passwords in the browser’s memory in plain text upon launch, and this unencrypted data could potentially be accessed by attackers.

“When you save passwords in Edge, the browser decrypts every credential at startup and keeps them resident in process memory. This happens even if you never visit a site that uses those credentials,” the security researcher explained. “If an attacker gains administrative access on a terminal server, they can access the memory of all logged‑on user processes.”

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them. pic.twitter.com/ci0ZLEYFLB

— Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) May 4, 2026

The researcher also analyzed the behaviour of other Chromium-based browsers and discovered that Edge is the only one to load passwords in memory in an unencrypted state. “By contrast, Chrome uses a design that makes it far harder for attackers to extract saved passwords by simply reading process memory. It decrypts credentials only when needed, instead of keeping all passwords in memory at all times,” he explained.

After reporting the issue to Microsoft, the security researcher was told that this behaviour was “by design.” A company spokesperson also shared a more detailed statement with Windows Central:

“Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats. Browsers access password data in memory to help users sign in quickly and securely – this is an expected feature of the application. We recommend users install the latest security updates and antivirus software to help protect against security threats.”

Microsoft said two years ago that it was making security its “top priority,” so it’s very surprising to see the company treat very sensitive data such as passwords this way. If you’re concerned about the security of your saved passwords in Edge, I would recommend moving all of them to a more secure password manager.

Tagged with

About author

Laurent Giret

Laurent is a Senior News Editor at Thurrott.com, helping Paul Thurrott with daily news coverage. He's been writing about the technology industry for 10 years, mainly focusing on Big Tech companies. He also was the Editorial Manager of the Petri IT Knowledgebase from 2022 to 2023. You can follow Laurent on LinkedIn, X (Twitter), Threads, Bluesky, and Mastodon.

View Articles

Currently on Forums
Visit the forums
- Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch
  Posted by Christian Gaeng
  
  16
  comments
- Dynamically remove apps from managed Windows 11 devices
  Posted by Christian Gaeng
  
  3
  comments
- Advice on Laptop purchase
  Posted by simard57
  
  11
  comments
- [CLOSED] Ask Paul for Friday May 1
  Posted by Paul Thurrott
  
  6
  comments
Podcasts
Podcast Hub
- First Ring Daily 1959: Think of the Bandwidth
  
  Aired on May 06, 2026 by Brad Sams with 0 Comments
- First Ring Daily 1958: SCUBA TV
  
  Aired on May 05, 2026 by Brad Sams with 0 Comments
- First Ring Daily 1957: It’s NAS A
  
  Aired on May 04, 2026 by Brad Sams with 0 Comments
- First Ring Daily 1956: The Right Config
  
  Aired on May 01, 2026 by Brad Sams with 0 Comments
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

Tagged with

Share post