Microsoft SSH agent persistently stores your unencrypted private keys in the registry. They're still there unlocked and usable after you reboot.
God, the final comment in that thread makes my blood boil.
does this company intentionally want users to stop using it? cuz day by day either theres a new windows bug or just shittier softwares
Not to worry, the next update will fix it. (And make 12 others things worse. Also it will make your printer stop working. Again.)
I think it's more than they just don't care. Microsoft cornered the business world decades ago because they've got wot C-levels crave....or something. End users have no say in it.
Our lives are in the hands of morons. What the fuck.
Theres an AI for that.
HOLY @#%^ WHAT IN THE @#%^ DO THEY MEAN "NOT TO WORRY"?????????????????
Well, hold on now, maybe Microsoft has a reasonable explanation for how they actually do secure their passwords...
This is an expected feature of the application.
... Never mind.
Design choices in this area involve balancing performance, usability, and security
Nothing to do with usability since decrypting your passwords one by one is perfectly fine. So they are saying this is about performance ? Holy fuck...
They mean that it won't affect them.
Everytime I read a Microsoft headline these days
Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats.
"We value user safety and usability, but if you're already compromised you can go fuck yourself"
2026 is gonna be the year I finally move to Linux. I have huge concerns about many aspects of switching, but they're being overtaken by concerns about staying with Windows. I don't even mind if my overall user experience is a bit worse on Linux (I am trying to have reasonable expectations that it won't be the walk in the park Linux advocates on Lemmy like to claim), I just have much more faith in its security, privacy, customisability and - most importantly - the motivations and intentions of its developers.
Best of luck! If you've got questions or problems feel free to DM me (or reply here) and I'll try to help as best I can. I've been using linux since the mid 90s, so I have a decent idea of how it all works :)
If you move to one of the big supported distributions, you'll be extremely surprised how easy it is.
If you just want things to stay consistent and easy, I can't recommend Linux mint enough. I installed it on my son's laptop almost two years ago and he's never needed my help to fix anything since.
The installation walks you through everything, just like Windows, but it'll only take about the third of the time. Everything just works and there's no trash to uninstall or debloat scripts to run when you're done.
If you do any gaming you might want to run Fedora or bazzite (fedora with training wheels), but if you're using KDE for the desktop that's almost as easy and seamless.
This is sort of like saying "I leave my valuables in plain sight by my door because it has a lock on it and door locks are trustworthy." I'm not super into cyber security and stuff but it seems like one of the most common problems is programs managing to get access to memory they shouldn't have access to. It seems to happen all the time! Just like many locks for you door are trash.
"Yeah totally secure! Just trust me!.." basically
This is LITERALLY isn't secure; they should atleast make it encrypted. This is just the same as using your notes app as password manager! But it's microsoft, and they're willingly giving your bitlocker encryption key to the FBIs for your drives. So I'm not surprised..
I feel it may be worse than using your notes app.
A malicious attack doesn't know which notes app, nor the filename.
This has every browser opening the exact same passwords.txt in root.
Access to browser data as described in the reported scenario would require the device to already be compromised.
Yes you can open our safe with just a good yank but if a thief can do that they’re already in your house.
If the thief is already in your house, he can also eat your meal and steal your furniture.
I don’t worry, I just don’t use Edge or Windows or any MS software really (except for Teams at work)
Microsoft - So secure we ROT13 encode everything... TWICE!
Ah yes, the good old ROT26 encryption. Some say its unbreakable
Why did I read "Microsoft Edge lords"?
And this is why you don't give microslop anything
They say not to worry because they know nobody uses that dumpster fire of a browser so there's no actual risk of your passwords being leaked since you're not using it anyways.
Nothing in this timeline surprises me any more.
Eh. To be honest it indeed does not matter much. Scanning your RAM for passwords is much harder than simply reading them off the browsers files. Sure, it is encrypted and the key is not necessarily on your computer, but remember that if the software can decrypt your passwords without you inputting a password or similar, then anything with access to your device can as well.
Don't use your browser's password manager.
we will take your data but don't worry be happy 😁 🇯🇲 we will not use it. Because we are smoking ganja and smiling to each other in our office. We are so happy; Thanks to AI. Peace ☮️✌️😁🕶️
Microslop Edge Team
How will the NSA spy on you if Microsoft doesn't hand them your passwords?
You guys are using edge?
I am not worried, cause I'm not dumb enough to use Edge or Windows for that matter.
This is why gamers should reject kernel anti cheats. A single dev at a single company that requires one could read them as easily as any other file. I'm not exaggerating, unless I'm misinformed
phew it’s an expected feature, thank goodness!!!
if they patch this, they should be dragged through the town square after that comment
Trust me bro
Wow, that's bad.
M365 chat also fetches a copy of whatever secured file links you send to each other. Goes without saying, but never use Microsoft products if you value security.
Btw, don't ever copy&paste from your password manager, if that's a problem. That's what memory protection mechanisms in hardware and software are for.
The problem is, the weird way it is implemented in Edge and how MS handles the issue.
Btw, don't ever copy&paste from your password manager, if that's a problem
Maybe, but at least with my password manager, they'd only get passwords as I use them and not the keys to the kingdom when I open it.
The problem is, the weird way it is implemented in Edge and how MS handles the issue.
"Handles the issue" is a weird way to say they don't give a shit about protecting your passwords. They had to change this behavior, because chromium doesn't do this by default, so it's not really even negligence in Microsoft at that point. They chose to do this.
This is a most excellent place for technology news and articles.
