Microsoft Edge stores your passwords securely encrypted on your hard disk. However, someone else with access to your computer may be able to sign into your accounts using your stored passwords with autofill.
This new update for Microsoft Edge gives you the option to enable a setting that requires you to authenticate yourself using your device credentials before you can use the saved password to autofill for a website. To access this control,
Go to edge://settings/passwords.
Under Sign in, select With device password. You'll be asked to authenticate using your device credentials.
From the dropdown, select the frequency you want:
Once every session
How it works
After you turn on this setting, every time you visit a website for which you have your password saved, you’ll be asked to authenticate with your device credentials before the saved password is autofilled. So, someone else trying to use your saved passwords with autofill won't be able to, unless they have the device password.
Understanding the capability and limitations
Requiring authentication before password autofill adds an additional layer of privacy. Now, no one who doesn’t know the device password can slip in with autofill. Any intentional or accidental sign-ins using your saved passwords is no longer possible.
If you leave an unlocked computer in the presence of other people, you can be more confident that your passwords are safe. This feature also protects you against malicious sites that might try to steal your credentials. Other actions, such as revealing a password in plain text in the Settings page, or exporting the whole list of passwords as an Excel file, will also require authentication using the device password, same as before.
However, this latest update isn't a fix-all. It's very important to understand what this feature can do and what it can't. This is only a basic level of deterrence that provides an additional safeguard for your stored passwords. To best protect the passwords you’ve saved in Microsoft Edge while others are using your device, Microsoft recommends that those users sign in with their own user account on your device.
Important: This setting can't guarantee protection against malicious hackers or protect you against a motivated attacker. Malware or keyloggers installed on your device will still be able to read your passwords and attackers who can access your device can also turn off this setting if they know the device password.
A peek into the future
With this helpful first step, you get additional privacy for your passwords stored in Microsoft Edge. However, in certain scenarios where a device is shared among multiple people, the device password is likely known to all of them as well. In such situations, there is greater peace of mind in having password autofill guarded with a dedicated custom password that isn't shared with others. This capability is in the works, and will be brought to Microsoft Edge in the near future.