Microsoft Edge is rolling out a significant security enhancement that changes how the browser handles saved passwords. Starting with the latest update, Edge will no longer automatically load saved passwords when users visit login pages. Instead, users must manually select the saved password from a dropdown menu, adding an extra layer of protection against unauthorized access.
Why the Change?
This move comes in response to growing concerns over password theft and browser vulnerabilities. Previously, Edge would automatically fill in saved credentials, which could be exploited by malicious websites or scripts to steal login information. By requiring explicit user action, Microsoft aims to reduce the risk of credential harvesting attacks.
How It Works
When you visit a website with saved login details, Edge will now display a prompt asking you to choose a saved password from a list. The password field remains blank until you manually select an entry. This ensures that even if a website attempts to trick the browser into auto-filling, it cannot happen without your consent.
Additional Security Features
Alongside this change, Edge is also introducing enhanced monitoring for compromised passwords. The browser will now alert users if any of their saved passwords have been exposed in known data breaches. It also encourages the use of strong, unique passwords by generating and suggesting complex ones when you sign up for new services.
User Impact
While the change may slightly inconvenience users accustomed to automatic logins, the security benefits are substantial. For those who share devices, this update prevents others from easily accessing your accounts. It also protects against “credential stuffing” attacks where attackers use stolen passwords from one site to access others.
How to Update
The feature is being rolled out gradually through Edge’s automatic updates. Users can check for the latest version by navigating to Settings > About Microsoft Edge. The update is available on Windows, macOS, and Linux platforms.
Microsoft’s commitment to security is evident in this update, which aligns with broader industry trends toward user-consent-based authentication. As cyber threats evolve, such proactive measures are essential to safeguarding personal data.
