this post was submitted on 06 May 2026
573 points (98.6% liked)

Technology

84597 readers
4548 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
573
Microsoft Edge loads your passwords into memory in plaintext, but Microsoft says not to worry (www.windowscentral.com)
submitted 1 week ago by Itwasntme223@discuss.online to c/technology@lemmy.world
110 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] rmrf@lemmy.ml 7 points 6 days ago (1 children)

This is why gamers should reject kernel anti cheats. A single dev at a single company that requires one could read them as easily as any other file. I'm not exaggerating, unless I'm misinformed

[–] E_coli42@lemmy.world -1 points 6 days ago (2 children)

Just use a separate boot for games

[–] SkaveRat@discuss.tchncs.de 5 points 6 days ago

One that is not Windows, yes

[–] rmrf@lemmy.ml 2 points 6 days ago

I think instead I will choose to both A) not install a rootkit on my desktop B) avoid an OS that handles passwords in plaintext

[–] afporritt1001@lemmy.today 4 points 6 days ago* (last edited 6 days ago)

Fuck Microslop Fuck windows 11

[–] baronvonj@piefed.social 123 points 1 week ago (2 children)

Microsoft SSH agent persistently stores your unencrypted private keys in the registry. They're still there unlocked and usable after you reboot.

https://github.com/PowerShell/Win32-OpenSSH/issues/1487

[–] mbp@slrpnk.net 24 points 1 week ago (1 children)

God, the final comment in that thread makes my blood boil.

load more comments (1 replies)
load more comments (1 replies)
[–] quantumvoid0@programming.dev 78 points 1 week ago (3 children)

does this company intentionally want users to stop using it? cuz day by day either theres a new windows bug or just shittier softwares

[–] Senseless@feddit.org 13 points 1 week ago (1 children)

Not to worry, the next update will fix it. (And make 12 others things worse. Also it will make your printer stop working. Again.)

load more comments (1 replies)
load more comments (2 replies)
[–] GainGround@kopitalk.net 36 points 1 week ago (2 children)

Our lives are in the hands of morons. What the fuck.

[–] Teppa@lemmy.world 9 points 1 week ago

Theres an AI for that.

load more comments (1 replies)
[–] FosterMolasses@leminal.space 35 points 1 week ago

Everytime I read a Microsoft headline these days

[–] Reygle@lemmy.world 34 points 1 week ago (2 children)

HOLY @#%^ WHAT IN THE @#%^ DO THEY MEAN "NOT TO WORRY"?????????????????

[–] XLE@piefed.social 23 points 1 week ago (1 children)

Well, hold on now, maybe Microsoft has a reasonable explanation for how they actually do secure their passwords...

This is an expected feature of the application.

... Never mind.

[–] JohnAnthony@lemmy.dbzer0.com 9 points 1 week ago (1 children)

Design choices in this area involve balancing performance, usability, and security

Nothing to do with usability since decrypting your passwords one by one is perfectly fine. So they are saying this is about performance ? Holy fuck...

load more comments (1 replies)
load more comments (1 replies)
[–] Passerby6497@lemmy.world 30 points 1 week ago (6 children)

Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats.

"We value user safety and usability, but if you're already compromised you can go fuck yourself"

load more comments (6 replies)
[–] SeductiveTortoise@piefed.social 24 points 1 week ago

altr

[–] 58008@lemmy.world 23 points 1 week ago (12 children)

2026 is gonna be the year I finally move to Linux. I have huge concerns about many aspects of switching, but they're being overtaken by concerns about staying with Windows. I don't even mind if my overall user experience is a bit worse on Linux (I am trying to have reasonable expectations that it won't be the walk in the park Linux advocates on Lemmy like to claim), I just have much more faith in its security, privacy, customisability and - most importantly - the motivations and intentions of its developers.

[–] BozeKnoflook@lemmy.world 13 points 1 week ago

Best of luck! If you've got questions or problems feel free to DM me (or reply here) and I'll try to help as best I can. I've been using linux since the mid 90s, so I have a decent idea of how it all works :)

load more comments (10 replies)
[–] JackbyDev@programming.dev 18 points 1 week ago (7 children)

This is sort of like saying "I leave my valuables in plain sight by my door because it has a lock on it and door locks are trustworthy." I'm not super into cyber security and stuff but it seems like one of the most common problems is programs managing to get access to memory they shouldn't have access to. It seems to happen all the time! Just like many locks for you door are trash.

[–] quack@lemmy.zip 3 points 6 days ago

Defense in depth is a concept they teach you in cybersecurity 101. But that's expensive and time consuming, so you end up with shit like this.

[–] partofthevoice@lemmy.zip 2 points 6 days ago

It’s ridiculous. It presupposes that cybersecurity doesn’t value or employ defense in depth. Completely untrue.

Look at the attack vector researchers were trying to solve when they created OAuth2.0 w/ PKCE.

load more comments (5 replies)
[–] zerofk@lemmy.zip 18 points 1 week ago (2 children)

Access to browser data as described in the reported scenario would require the device to already be compromised.

Yes you can open our safe with just a good yank but if a thief can do that they’re already in your house.

load more comments (2 replies)
[–] azvasKvklenko@sh.itjust.works 18 points 1 week ago (1 children)

I don’t worry, I just don’t use Edge or Windows or any MS software really (except for Teams at work)

load more comments (1 replies)
[–] pwxd@lemmy.zip 16 points 1 week ago (1 children)

"Yeah totally secure! Just trust me!.." basically

This is LITERALLY isn't secure; they should atleast make it encrypted. This is just the same as using your notes app as password manager! But it's microsoft, and they're willingly giving your bitlocker encryption key to the FBIs for your drives. So I'm not surprised..

load more comments (1 replies)
[–] goatinspace@feddit.org 14 points 1 week ago

[–] Quazatron@lemmy.world 13 points 1 week ago (1 children)

Microsoft - So secure we ROT13 encode everything... TWICE!

[–] LeFrog@discuss.tchncs.de 11 points 1 week ago

Ah yes, the good old ROT26 encryption. Some say its unbreakable

[–] AbsolutelyNotAVelociraptor@piefed.social 12 points 1 week ago (3 children)

They say not to worry because they know nobody uses that dumpster fire of a browser so there's no actual risk of your passwords being leaked since you're not using it anyways.

load more comments (3 replies)
[–] weaponG@lemmy.world 12 points 1 week ago (2 children)

Nothing in this timeline surprises me any more.

load more comments (2 replies)
[–] darkmogool@feddit.org 11 points 1 week ago

Why did I read "Microsoft Edge lords"?

[–] SCmSTR@lemmy.blahaj.zone 9 points 1 week ago

And this is why you don't give microslop anything

load more comments
view more: next ›