For computer fixated to office desk, how can Edge (Enterprise) Password feature be less secure and maintenance than Desktop App ① Open-Source for general public ② database in local computer?

Sunny Wong 1 Reputation point
2023-08-24T03:38:28.35+00:00

I prefer to use Edge password features and wonder if my computer can be an exception if reason for disabling password feature is typical laptop environment includes unprotected premise such as home or cafe; my computer stays locked in protected premise (company office - not home office); so I am hoping IT can enable password feature for Edge in my computer.

For Enterprise, how to know if Edge Password AutoSave is less secure than copy paste to Desktop Password App which is open source?

IMHO Edge should be more secure because of following reasons:

copy and paste has security drawbacks but my workplace disabled Edge Password Save yet enabled; browser plug-in did not come installed and my request for it is still unanswered (IT); which adds extra effort (copy/paste) and creates more security risk.  

from theft standpoint, I believe Edge surpass Desktop App when computer is restricted access outside protected premise thus preventing copy password database to an external device.

Edge (Enterprise grade) update is in general more frequent because it is paid by Corporates compared to donations to Open-Source Software.

Proprietary

database is in Cloud while Desktop App Database can be copied to external device.

another reason of this post is my App database is lost and I need to reset all passwords.

EXAMPLE

Is a password in the clipboard vulnerable to attacks?

Before asking IT to remove disable Edge Passwords feature, I need expert support before making such request.

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,223 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,820 questions
Microsoft Managed Desktop
Microsoft Managed Desktop
A cloud-based service that brings together Microsoft 365 Enterprise and adds these features: User device deployment; IT service management and operations; and Security monitoring and response.
47 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. XuDong Peng-MSFT 10,341 Reputation points Microsoft Vendor
    2023-08-25T02:49:49.08+00:00

    Hi @Sunny Wong

    For Enterprise, how to know if Edge Password AutoSave is less secure than copy paste to Desktop Password App which is open source?

    Yes, I basically agree with these points you mentioned.

    In my opinion, solving the security problem of open source desktop password APP may depend more on the interest (or dedication) of community members on how to solve this problem. Therefore, its update may not be as regular as Edge, which is convenient for enterprise management.

    And as far as I know, even if you want to copy the stored password in Edge, the system will ask you to use device credentials for authentication. Even if it is stored in a file under user profile, the password is saved with special encryption, so I think the security is certain protection.

    In addition, for the local database you mentioned. I think it's more up to you, since you have full responsibility for managing it, including how it's encrypted, access control, backups, updates, etc.

    Because of the two approaches mentioned here, you also need to consider factors such as the criticality of the stored data, the cost of maintaining that data, and the ability to take risks. So I'm afraid I can't give a clear choice for the two methods you mentioned, you need to evaluate it yourself.

    Best regards,

    Xudong Peng

    If the answer is the right solution, please click "Accept Answer" and kindly upvote. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments