"Never save password websites" group policy needed
We just deployed Edge to 1000+ devices in our organization but have discovered unwanted save password suggestions from the Password Manager. When users access an internal webpage that uses some kind of integrated windows authentication/SSO/NTLM/Kerberos etc. meaning the user is not prompted for a username and password - the password manager still suggests to save the username and password! There could be many other scenarios in an enterprise where you do not wish passwords on certain internal (or external) websites to be saved, but allow it for others. It looks like Edge automatically populates a list of websites or URL's where passwords are "never saved" and when a website is on that list Edge doesn't prompt if the user want to save the password. It would be very useful for an enterprise to have a Group Policy where we could prepopulate this list with websites we do not want the browser to save passwords for. The browser should of course still fill websites on this list that the user clicks "Never" to save, but so that the list could consist of both websites populated from the group policy and websites added by the user.Introducing Edge Master Password | New feature
it's this feature: it's controlled feature rollout available in Edge canary, was added few versions ago. this helps your passwords stay safe, by requiring you to enter your Windows Pin/Password when you want to autofill your credentials on a web page. using the same strong authentication method Windows uses to secure your login screen, secure your disks pre-logon etc. next in line is this I'm already seeing some bits of it in Edge canary, but not fully implemented just yet.
Ter uma senha diferente para acessar as senhas
O edge poderia colocar um segunda senha para ver as senhas, não a do dispositivo; pois se por algum motivo a senha de desbloqueio do sistema for descoberta, todas as senhas salvas no edge ficam vulneráveis. Deveria ter uma senha para desbloquear um sofre próprio de senhas do egde. O Firefox já tem esse recurso.New improvement on Strong password suggestion feature in Edge
It's a controlled feature rollout, Edge has got a new option in right-click that will let you generate strong password when you right-click on a password field. Edge is already using Machine Learning to automatically suggest strong passwords on sign up pages but this option is there for pages that it doesn't happen on automatically, yet. There is also a form where you can submit web pages where Edge doesn't automatically suggest strong password on. https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR123cdFSKdZItI7mcVwhTx1UM1FNWDRQVk9CTUFMU09DUkVaTjdETzIzNS4uHow to view and manage your Microsoft passwords on Linux/Chrome/ChromeOS (Without Edge or mobile)
1. install Google Chrome (or other Chromium based browsers, including Edge itself) 2. install Microsoft Autofill extension 3. Sign into your Microsoft account in the extension 4. Access your Passwords safely and hassle-free * you do Not need to sign in to Google account for this. ** this works on Mac and Windows too, basically any environment where you can install this extension in. The extension also has Import feature, so you can import your passwords at once from a file and save them to your Microsoft account. Questions & answers about Microsoft Authenticator app - Azure AD | Microsoft Docs Q: How are my passwords protected by the Authenticator app? A: Authenticator app already provides a high level of security for multi-factor authentication and account management, and the same high security bar is also extended to managing your passwords. Strong authentication is needed by Authenticator app: Signing into Authenticator requires a second factor. This means that your passwords inside Authenticator app can't be accessed even if someone has your Microsoft account password. Autofill data is protected with biometrics and passcode: Before you can autofill password on an app or site, Authenticator requires biometric or device passcode. This ensures that even if someone else has access to your device, they cannot fill or see your password, as they’d be unable to provide the biometric or device PIN. Furthermore, a user cannot open the Passwords page unless they provide biometric or PIN, even if they turn off App Lock in app settings. Encrypted Passwords on the device: Passwords on device are encrypted, and encryption/decryption keys are never stored and always generated on-the-fly. Passwords are only decrypted when user wants to, that is, during autofill or when user wants to see the password, both of which require biometric or PIN. Cloud and network security: Your passwords on the cloud are encrypted and decrypted only when they reach your device. Passwords are synced over an SSL-protected HTTPS connection, which ensures no attacker can eavesdrop on sensitive data when it is being synced. We also ensure we check the sanity of data being synced over network using cryptographic hashed functions (specifically, hash-based message authentication code).Saved Passwords in Edge are now available to All apps on Mobile - System Wide Password Manager
I've been using Microsoft Authenticator Beta app for a while on my Android phone, today I received an update and now the app works as a system-wide password manager (Password filler), for all websites and apps. This should work on IOS too. Links to Google play https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_US&gl=US And App store. https://apps.apple.com/us/app/microsoft-authenticator/id983156458 (remember you have to enroll in Beta for now until this is rolled out to the public) Q: How are my passwords protected by the Authenticator app? A: Authenticator app already provides a high level of security for multi-factor authentication and account management, and the same high security bar is also extended to managing your passwords. More info, Q&A and explanation here: https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-auth-app-faq#autofill-for-consumersIs this really an expected behavior? Edge automatically adds MSFT account to Windows 10
So yesterday I grabbed the latest Windows 10 ISO file and did a clean install of Windows 10 20H2. After installation finished and I entered the desktop for the first time, saw Edge stable (version 84) preinstalled; it was nice. I went ahead and clicked on sign in on Edge to start syncing and access my data (favorites, passwords etc.) I used my personal Microsoft account Email and Pass (SMS code for 2FA) and successfully signed in. I also clicked on the option that said allow this account to be used by other apps in Windows. after a minute or two, I watched my desktop background change, Windows theme change from default white to dark, so then I went to Windows 10 settings and saw the account I used to login into Edge was set as the main administrator account in Windows 10 and in fact Windows 10 used it to bring back my synced data, OneDrive used it to bring back my data. so far so good, it's all what I expected, this is what I was going to do anyway after all, but here is the worrying part and I don't think is right. Windows 10 used my Microsoft account from Edge for sign in, but my Microsoft password wasn't automatically set on Windows 10! If I wanted to manually sign into Windows 10 myself, It would ask me to login to my Microsoft account (same process as in Edge) and then Set my Microsoft account password as my Windows 10 password. so my Windows 10 was left password less and Pin less. I went to the Windows 10 settings to set a Pin and then It asked me to set a password first! I wanted Windows 10 password to be automatically tied to my Microsoft account password, as always, so that whenever I change my MSFT account password, my Windows 10 password changes too. but now I had to enter a custom password for Windows 10 manually that is not tied to my MSFT account password. so, I think this is clearly wrong and shouldn't happen. if Edge wants to pass over my MSFT account credentials to Windows 10 for sign in, it should do it properly and pass over my Password to Windows 10 as well to be used as my Windows password, do not only pass over my Email address to Windows 10 and leave my Windows 10 unprotected, while my account is set as an administrator.Windows credential manager and Edge password manager
I want to suggest to sync passwords saved in Edge with Windows credential manager in order for them to be accessible to all other apps and programs in Windows and also operate as a system wide password manager. Windows credential manager stores passwords from Internet explorer and legacy Edge but not the new Edge browser, the link is broken and the two components don't talk to each other anymore. the problem at the moment is that some passwords are stored in my Edge browser password manager, some others are stored in Windows credential manager by other apps, If i want to change password of a website, I have to manually update it in both places. also the apps i use on Windows 10 only talk to Windows credential manager and they don't use Edge password manager, so this creates the need to save password in 2 places and duplicate them. Such a great secure encrypted native feature in Windows that is rarely paid attention to. this is the system-wide password manager of Windows, just like the one in Android and Mac.
