By Lance Whitney
Publication Date: 2026-05-06 17:36:00
Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Microsoft Edge stores your passwords in plaintext in RAM.
- This behavior occurs if you use Edge as your password manager.
- Microsoft says that this behavior is a feature, not a bug.
Do you use Microsoft Edge to save and manage your website passwords? If so, a new finding raises questions about the safety and security of your stored passwords.
A security researcher found that Edge stores your plaintext passwords in memory when you use the browser to manage them. In a social media post, researcher Tom Jøran Sønstebyseter Rønning explained how the process works and posted a video showing it in action.
Also: Trojan abuses Microsoft Phone Link app to steal your passwords
“When you save passwords in Edge, the browser decrypts every credential at startup and keeps them resident in process memory,” Rønning said. “This happens even if you never visit a site that uses those credentials. At the same…
