The topic Microsoft Edge just killed its master password, here’s what unlocks your saved… is currently the subject of lively discussion — readers and analysts are keeping a close eye on developments.
This is taking place in a dynamic environment: companies’ decisions and competitors’ reactions can quickly change the picture.
It’s no secret that Microsoft wants to get rid of the password. This time last year, we saw Microsoft scrap passwords as the default option for new Microsoft accounts. You could still add one if you wanted, but the company would initially push for you to use a passkey or biometrics before you set one. Now, Microsoft Edge will no longer use a master password to unlock its password manager, and its alternatives should be a lot more secure.
If you use Microsoft Edge’s built-in password manager, there’s a good chance you’ve unlocked it using your Custom Primary Password. This is a ‘master password’ which you use to unlock your manager and access all of your online account details. It’s really convenient to have, but if anyone learns of your Custom Primary Password, they could use it to access your account details.
A few months ago, Microsoft published an article titled “Keep your saved passwords private in Microsoft Edge.” In it, the company announced that it was planning to get rid of the Custom Primary Password altogether:
On June 4, Custom Primary Password will be fully removed for opted‑in users. After this date, Microsoft Edge will automatically use device‑based authentication (such as Windows Hello, device password, or OS‑level authentication) to protect saved passwords.
Well, today’s the day. Now that June 4th has arrived, people on Edge should now be moved over to Windows Hello (which includes biometric logins) or log in using OS-level authentication. Going the Windows Hello route makes your account a lot more resilient to attacks than a Custom Primary Password, as it lets you use a fingerprint, face, or iris scan to access your account, which can’t be phished or leaked. However, if you don’t use Windows Hello, you’ll instead use your Windows device’s login, which is bound to your computer’s hardware and doesn’t need to send data over the internet to authenticate you. Sounds like a win-win to me.