TweakTown
News
Software & Apps

Microsoft reverses controversial Edge password design after backlash

Microsoft is removing a major security flaw in Edge after researcher Tom Jøran Sønstebyseter Rønning exposed how passwords were stored in plaintext RAM.

Microsoft reverses controversial Edge password design after backlash
Comment IconFacebook IconX IconReddit Icon
Tech and Science Editor
Published
1 minute & 15 seconds read time
TL;DR: Microsoft will stop loading saved Edge passwords in plaintext memory starting with version 148, addressing a security flaw exposed by a researcher who showed all passwords were decrypted at startup. This change reduces risks from malware or insiders and urges users to switch to more secure password managers.
Voice: Jak Connor
0:00 / 2:02
Use left and right arrow keys to seek audio.

Microsoft is pulling the plug on a controversial security flaw in Edge after a researcher exposed how it was storing user passwords in plaintext in RAM, raising security concerns and subsequent backlash that followed after the discovery.

Starting with version 148 of the browser, Edge will no longer load saved passwords into memory in cleartext at startup, effectively removing the risk of malware or malicious insiders siphoning credentials with minimal effort. The issue came to light when Norwegian security researcher Tom Jøran Sønstebyseter Rønning demonstrated that all stored Edge passwords were decrypted and loaded into memory as soon as the browser launched, even if they weren't actively being used.

Other Chromium-based browsers don't behave this way, and Rønning found Edge to be the only browser among those he tested that kept all passwords in plaintext at once. Microsoft initially defended the behavior, calling it a deliberate design choice. But with the public outcry and the potential for real-world exploitation, the company has seemingly reversed its course.

Microsoft reverses controversial Edge password design after backlash 2
2

The change is now live in Edge 148, and users are advised to migrate their passwords to a more secure password manager to avoid future vulnerabilities. The incident highlights the growing scrutiny around browser security and how even major tech companies can make critical mistakes in credential management. With more users relying on built-in password managers, this fix is a necessary step, but it also raises more questions about what other potentially problematic design choices that might be hiding in plain sight.

Photo of the PlayStation 5 Disc Edition Console (slim)
Best Deals: PlayStation 5 Disc Edition Console (slim)
Today7 days ago30 days ago
$578.73 USD
$559.99 USD$555.49 USD
Buy
$672.99 USD
$672.99 USD$549.99 USD
Buy
$578.73 USD
$559.99 USD$555.49 USD
Buy
-
-£693.87
Buy
$578.73 USD
$559.99 USD$555.49 USD
Buy
Check Price
Check PriceCheck Price
Buy
* Prices last scanned 5/18/2026 at 1:46 pm CDT - prices may be inaccurate. As an Amazon Associate, we earn from qualifying purchases. We earn affiliate commission from any Newegg or PCCG sales.
News Source:pcworld.com

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined TweakTown in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News

Similar News Stories

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles