Like most browsers, Microsoft Edge has a built-in password manager. Can you trust it, though? Is Microsoft Edge password manager safe?
Overall, while Microsoft Edge password manager seems safe at first, there are some issues with the way it handles bugs, even serious ones. On top of that, it’s hard to say how the program works, as Microsoft is not transparent and does not use open-source code. As a result, we recommend you use another password manager instead.
What is Microsoft Edge password manager?
If you use the Microsoft Edge browser, you’re probably familiar with the little pop-up from Microsoft Edge to save your password whenever you create a new online account.
Clicking “got it” means you won’t have to remember this password anymore. Edge will do it for you, which will likely be a big convenience. This is a huge benefit to using a password manager(new window): The fact that a program will now remember your passwords for you so you don’t have to write them down or reuse passwords.
Using a password manager means you can use longer passwords(new window) integrating more random characters. This will increase your security significantly, as the longer and more random a password, the harder it is for an attacker to crack. However, while password managers are great for these reasons, not all password managers are equally secure.
Is Microsoft Edge’s password manager safe?
If you leave all your passwords in a password manager, you’re reducing the number of vulnerabilities you have: For example, if you have 100 online accounts with weak passwords, you have 100 vulnerabilities. Put the information from all those 100 accounts into a single password manager, you’ve reduced the vulnerability to just one, namely the manager itself.
Because of this, you want to make sure you’re using the best, most secure password manager out there. This is where Microsoft Edge password manager is lacking.
The biggest strike against Microsoft Edge’s password manager — and any Microsoft product, really — is that it’s closed-source. In simple terms, this means that only Microsoft and its engineers have access to the code that makes up the program. While this is great for any company that wants to protect its code, it’s bad for transparency and thus for its users.
Open-source programs will work the same way as closed-source ones. But with an open-source program, security experts can check the code for themselves and verify it has no security vulnerabilities and operates the way the developers say it does. This is great for any kind of program, but especially vital for programs that need to be extra secure, like password managers.
With Edge’s password manager, you’re taking Microsoft at its word that everything is secure. When using Proton products, however, you don’t have to take our word for it. That said, Microsoft could have been partially transparent by authorizing a third-party security audit. Microsoft has declined to do so.
What makes it worse is that Microsoft has a habit of not fixing bugs very quickly. A good example is a recent announcement(new window) by the company that it will use advanced techniques to fight issues, coming months or even years after attacks that laid waste to users’ systems. Even when the company responds relatively quickly — relative for Microsoft, that is — there’s no guarantee the fix will not be worse than the bug(new window).
What to use instead of Edge password manager?
It stands to reason, then, that if you’re worried about security, you may want to look elsewhere. Thankfully, all you need to do is disable Microsoft Edge password manager and install a new, better password manager instead.
We developed Proton Pass as an alternative password manager for Microsoft Edge that you can install with just a few clicks. As a cloud-based password manager, we store data and the keys with end-to-end encryption(new window) on secure servers, meaning that nobody, not even Proton, can see your passwords. In fact, we can’t see your data or keys at all.
Other reasons to use Proton Pass
Besides security, there are plenty of other reasons to use Proton Pass, most of them to do with ease of use. For one, Proton Pass has a richer interface than Microsoft Edge password manager, letting you organize passwords and manage them as you’d like. It’s also a lot more versatile, letting you store credit card details and secure notes, as well as passwords.
Proton Pass also has a free plan, meaning you can switch to it from Microsoft Edge password manager without having to spend a penny. The free plan lets you save as many passwords as you want, plus offering hide-my-email aliases, special email addresses that you can use to hide your identity when creating online accounts.
On top of that, Proton Pass is part of our suite of privacy tools that puts your privacy first. That starts with our business model. Instead of profiting off of your data, Proton is entirely community supported from subscriptions. Founded by scientists who met at CERN, our mission is to create a better internet where privacy is the default. If you’d like to join us and help make this goal a reality, sign up for a free Proton Pass account today.