news.volyx.in

Microsoft Edge stores all passwords in memory in clear text, even when unused (twitter.com)

644 points by cft · 71 days ago · 234 comments on HN

Article summary

The article discusses how Microsoft Edge stores passwords in memory in clear text, even when unused. This has sparked a discussion about password security and the use of password managers. The conversation also touches on the topic of passkeys and their potential benefits and drawbacks. The security implications of storing passwords in memory are being debated.

Main themes

  • Password Security
  • Password Managers
  • Passkey Authentication
  • Browser Security
  • Data Storage

What commenters say

  • Storing passwords in memory in clear text, even when unused, is a significant security risk that should be addressed by browser developers.
  • The use of passkeys can provide an additional layer of security, but it also introduces new challenges, such as the potential for device loss or theft.
  • Password managers are a more convenient and secure solution than passkeys, which can be cumbersome to set up and use.
  • The security benefits of passkeys outweigh the potential drawbacks, and they should be adopted as a replacement for traditional passwords.
  • The discussion around password security is not just about the technical aspects, but also about the trade-offs between security and usability.
  • The use of hardware-bound passkeys can provide strong security, but it also requires careful management of devices and backup procedures.
  • Some argue that the push for passkey adoption is premature and that traditional passwords with two-factor authentication are still a viable option.
  • Others believe that passkeys are the future of authentication and that the industry should focus on improving their usability and adoption.