Should your users be using Microsoft Edge Password Manager?

In this blog, our team considers another of Microsoft’s technologies bundled with your Microsoft 365 subscription and asks: should your users be using Microsoft Edge Password Manager?

Browser password managers are not new. However, there remains a lot of uncertainty around whether or not they are a good idea. 

The main advantage of password manager tools is that they help users to use passwords effectively. There’s no need to keep your password written on a post-it note on your monitor, for one thing!

Users who make use of tools such as Microsoft Edge Password Manager can (and typically do) use stronger passwords because they don’t need to remember them or type them frequently. They are also less likely to reuse passwords. That alone is a huge boost to user security and a pretty good reason for using Microsoft Edge Password Manager.

The benefits of Microsoft Edge Password Manager

Another huge benefit of Microsoft Edge Password Manager is that it is convenient to use and easy to distribute to users. And anything that makes it easier for your IT admins and users to implement good cyber security practice has to be a good idea.

In Microsoft Edge Password Manager, password management can be controlled fully by your IT admins using Group Policy. Within this, can also offer users automated assistance and prompts.

It also means that you can offer users the convenience of a password tool without introducing third-party solutions or suppliers. This has cost, ease of management and security benefits.

How does password management work in Microsoft Edge?

Passwords are stored locally on encrypted disk. They are encrypted in AES and the encryption key is saved in an operating system storage area (DPAPI on Windows; Keychain on Mac; Gnome Keyring or KWallet on Android). This local encryption does not encrypt all the browser’s data. Only the sensitive data – such as passwords, credit card numbers and cookies – are encrypted when saved. 

Microsoft Edge Password Manager encrypts this information so that an attacker cannot get access to plaintext passwords of a user who isn’t logged in. Even an attacker with admin rights can’t get access to the plain text versions of the encrypted data.

The password manager will autofill passwords on websites to which users have subscribed. This adds another layer of security. If the autofill doesn’t work, then users will know that they are using a new link. This will help to reduce the likelihood of falling victim to a phishing attempt that involves a spoofed website.

The downsides of using Microsoft Edge Password Manager

Microsoft Edge Password Manager doesn’t solve every problem, of course. 

If the device has been compromised locally, the encrypted data is vulnerable. For example, if a user downloads malware to the local device, an attacker would get decrypted access to the browser’s storage areas. 

It’s important, therefore, to use multiple layers of protection. For example, Windows Defender will alert admins if the device is compromised. This way, you have notice that the browser’s encrypted data is vulnerable to being compromised.

If you have concerns about specific passwords or sites being compromised, Microsoft recommends that you take additional precautions. It suggests Single Sign On via Azure Active Directory and multi-factor authentication via Microsoft Authenticator for additional layers of sign-on security.

Should your users be using Microsoft Edge Password Manager?

There are some strong arguments for using Microsoft Edge Password Manager – mostly around convenience and ease of use.

There may be other third-party password management products that could offer equal or maybe even better password management. However, the advantages of Microsoft Edge Password Manager are its convenience for users and its ease of distribution for your IT administrators. User acceptance and continual use is probably more advantageous here than any other feature.

What next?

For more information about cyber security, Microsoft Edge Password Manager, or any other aspect of Microsoft technologies, feel free to reach out to our team. We are always happy to answer your questions and help you find solutions.

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us 

Further reading

Find more cyber security and Microsoft topics elsewhere on our blog:

•    How to minimise the risk from phishing

•    What is Microsoft Intune? And do I need it?

•    The 2023 cyber threats for which you should prepare

•    Do I need the Premium version of Microsoft Teams?

•    Is your organisation doing enough on supply chain security?