Why Browser Password Managers Aren’t as Safe as You Think

And Why AMS IT Support Ltd Recommends Bitwarden Instead

Saving passwords in your web browser feels convenient. Microsoft Edge, Google Chrome, and others all offer built‑in password managers that promise security, simplicity, and seamless logins.

However, recent security research has highlighted serious weaknesses in how browser‑based password managers work — particularly in Microsoft Edge — raising important concerns for both businesses and individuals.

At AMS IT Support Ltd, we believe convenience should never come at the cost of security. That’s why we do not recommend using password managers built into any web browser, and instead trust a dedicated solution such as Bitwarden.

What’s the Problem with Browser Password Managers?

Security researchers recently confirmed that Microsoft Edge decrypts every saved password into readable (cleartext) memory as soon as the browser starts — not only when you visit a site or request autofill.

In simple terms:

• All saved passwords are unlocked immediately at browser startup

• They remain available in memory for the entire browsing session

• This happens even if you never visit those websites

Microsoft has confirmed this behaviour is “by design”, meaning it is intentional, not a bug.

Why This Is a Serious Security Risk

Any malicious software with sufficient access to your system could:

• Read browser memory

• Extract saved usernames and passwords

• Transmit them to attackers within minutes or hours

This risk is especially high on:

• Shared computers

• Remote Desktop / Terminal servers

• Systems infected with “infostealer” malware

According to security research, browser credential theft is already occurring at massive scale worldwide, feeding ransomware attacks and account takeovers.

Even Edge’s prompts such as “re‑enter your Windows password to view saved passwords” only protect the screen display — not the passwords already sitting in system memory.

“But My Passwords Are Encrypted” — Why That’s Not Enough

Browser vendors often emphasise that saved passwords are encrypted on disk. While true, this misses a key point:

Passwords must still be decrypted to be used — and when they are left in memory, encryption no longer protects them.

Edge decrypts all stored passwords at once and leaves them accessible. Chrome handles this better by decrypting passwords only when needed, but AMS IT Support still does not recommend browser‑based password storage at all.

Browsers were never designed to be full‑scale security vaults.

Why AMS IT Support Ltd Recommends Bitwarden

At AMS IT Support Ltd, we strongly advise using a dedicated password manager, specifically Bitwarden, instead of any browser‑built solution.

Why Bitwarden Is Different

Bitwarden:

• Keeps passwords locked behind a single master password

• Does not load all credentials into browser memory at startup

• Maintains separation between the browser and the encrypted vault

• Is independently audited and widely trusted in the security industry

• Works consistently across browsers, devices, and platforms

• Only when you unlock Bitwarden do your credentials become available — and even then, exposure is significantly reduced compared to browser‑native storage.

Our Recommendation for Businesses and Individuals

AMS IT Support Ltd best practice guidance:

• Do not save passwords in Edge, Chrome, or any browser

• Disable browser password managers where possible

• Use Bitwarden for secure password management

• Protect Bitwarden with a strong, unique master password

• Always enable multi‑factor authentication

For shared systems, servers, and business environments, this is not optional — it is essential.