A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords.
That is one way an attacker can gain access to the browser’s memory. It’s not the only way.
Besides, administrative access does not necessarily mean that the attacker has complex attack code for every possible scenario included with whatever they’re running. The more work they have to do to access your data, the less likely it is that they’re doing that specific work.
Leaving stuff lying around in the open because an attacker potentially could have a specific countermeasure to more strict safety measures is equivalent to giving up. At that point you can just forego security at all because whatever you have might potentially have an exploit.
Files containing login credentials should be encrypted, yes. You will also find that password managers tend to relock their database after a period of time in order to limit the opportunity for an attack. That’s not the controversial action you think it is.
Besides, I find it interesting how Microsoft disabling a protection mechanism Chromium ships with has turned into a debate about the applicability of layered defense to cybersecurity in general.
That is one way an attacker can gain access to the browser’s memory. It’s not the only way.
Besides, administrative access does not necessarily mean that the attacker has complex attack code for every possible scenario included with whatever they’re running. The more work they have to do to access your data, the less likely it is that they’re doing that specific work.
Leaving stuff lying around in the open because an attacker potentially could have a specific countermeasure to more strict safety measures is equivalent to giving up. At that point you can just forego security at all because whatever you have might potentially have an exploit.
Should every single file on every computer be encrypted and require a password and 2FA to open every time? Why not?
Because if you’re logged in it’s assumed you have the right to be there and open them. Same with passwords in a browser.
Files containing login credentials should be encrypted, yes. You will also find that password managers tend to relock their database after a period of time in order to limit the opportunity for an attack. That’s not the controversial action you think it is.
Besides, I find it interesting how Microsoft disabling a protection mechanism Chromium ships with has turned into a debate about the applicability of layered defense to cybersecurity in general.