Microsoft Edge might be storing your passwords as plain text, and yes, that's as bad as it sounds

Buckle up, password people. If you've been using Microsoft Edge as your go-to browser because it felt like the "responsible adult" choice compared to Chrome, you might want to sit down for this one.

According to Mashable, a cybersecurity researcher has claimed that Microsoft Edge's built-in password manager could be storing your login credentials in plain text. As in, not encrypted. As in, just... sitting there. Like a Post-it note on your monitor that says "my bank password is hunter2."

Why plain text storage is a massive deal

Here's a quick nerd explainer for the uninitiated: when apps store passwords properly, they encrypt them - scrambling the data so that even if someone breaks into the system, all they see is gibberish. Plain text storage means the opposite. Anyone who gets access to the relevant file on your device could potentially read your passwords like a grocery list.

This isn't a theoretical "well, technically" kind of vulnerability. It's the digital equivalent of leaving your house key under the doormat and then being surprised when someone lets themselves in.

So what does Microsoft actually say?

Microsoft, for its part, hasn't exactly been rushing to hand out panic kits. The company's response, as reported by Mashable, suggests that the issue involves a level of access that would already require some degree of compromise on the user's device. Essentially, their position leans toward "if someone already has that kind of access to your machine, you have bigger problems."

Which is... technically not wrong? But also feels a little bit like saying "well, if your front door is already open, why are you worried about the window lock?"

What you should probably do right now

Whether or not you're convinced this is a five-alarm fire, it's a decent reminder that browser-based password managers - while convenient - aren't always the fortress of digital solitude we'd like them to be. A dedicated password manager (think Bitwarden, 1Password, or similar) typically offers much stronger security guarantees.

Researchers poking holes in big tech products is genuinely how this stuff gets fixed, so credit where it's due. The cybersecurity community doing its thing in public keeps companies accountable in ways that internal memos never quite manage.

Keep an eye on this one. And maybe, just maybe, now is the time to finally set up that dedicated password manager you've been putting off since 2019.