the wrong way to use a browser


May 2026

Edge Password Flaw


What's the deal, Microsoft?

Last week a researcher in Norway discovered a security flaw in the Microsoft Edge browser that exposed all of the passwords in plaintext in the computer's memory. Microsoft's response? "Yes, we know. That's by design." This highlights a key security principle that most people get wrong:

โ€‹Microsoft Edge Security Flaw is "by design"?โ€‹

Go Deeper: A lot of Big Tech companies have the difficult challenge of balancing security and usability. They want people to love using their products, so most of the security and privacy features are "opt-in" instead of "opt-out". Here are some you should know about:


Looking at a book called Logo Modernism

11 iPhone Tips

These 11 iPhone security tips are ones you've probably never heard of before.

โ€‹Watch the full Video โ†’โ€‹

A type specimen of Google Fonts

Contact Verify?

Learn about the Apple feature that allows you to verify your contacts.

โ€‹Watch the Video โ†’โ€‹


Critical Security Principle


Hi [CORRECTED_NAME GOES HERE], this week I shared a quick video with my take on the latest Microsoft Edge password fiasco. In short, the Edge browser loads all of your passwords onto your computer in plaintext, meaning that anybody with access to your computer could theoretically see all of your passwords.

The imminent risk isn't high, but the response by Microsoft is concerning.

But at the end of the day, this highlights two big things for me:

  • Use 2FA: Using 2-factor authentication (i.e. an authenticator app or a security key) minimizes the risk of any kind of password breach, including this one from Microsoft.
  • Don't use browsers as password managers: The general principle is actually this: don't use a product or service that wasn't specifically designed for privacy and security, for that purpose. An internet browser is designed to access the internet, so just use it for that. Use a good password manager to store passwords because that is what it was designed to do.

This same principle applies to other areas as well. For example, I don't think you should use SMS text for security codes. Or your browser's incognito mode.

Can you think of other areas where you might be using a product or service where security or privacy wasn't initially part of the design?


This Week in Privacy News

โ€‹A major breach...and a ransom paid?โ€‹

The company behind the popular Canvas software, which was hacked last week causing major disruption at thousands of universities and colleges, has paid the hackers not to publish stolen data online. Is it ever the right move to trust cyber criminals to delete the data they've stolen?

--> Cybermagazine.com/news/canvas-hack-why-did-instructure-pay-ransom-to-shinyhunters

โ€‹Fake CAPTCHA Scamโ€‹

Researchers have documented a longโ€‘running campaign that uses fake CAPTCHA pages to trick mobile users into sending dozens of international SMS messages in the background.

--> Malwarebytes.com/blog/news/2026/04/fake-captcha-scam-turns-a-quick-click-into-a-costly-phone-bill

โ€‹Even Homeland Security needs helpโ€‹

The Department of Homeland Security failed to effectively secure smartphones used by staff in its intelligence office, raising the risk of cyberattacks and unauthorized access to sensitive information, the departmentโ€™s inspector general said in a report.

--> NYTimes.com/2026/05/04/us/politics/homeland-security-smartphones-inspector-general.html

Your Thoughts?

Do you use Edge, Chrome or even Safari to store your passwords? If so, what's stopping you from migrating to a better password manager?

โœŒ๏ธ

Josh


3824 Cedar Springs Rd #801-8170, Dallas, TX 75219
โ€‹Unsubscribe ยท Preferencesโ€‹

Upgrade your Online Privacy & Security

Join thousands of individuals and small businesses who understand the value of protecting their important accounts and online privacy. ๐Ÿ“ท Popular YouTube host ๐Ÿ”‘ Simple security ๐Ÿ”’Privacy advocate โœ… Get the free "Security Priorities Checklist" here ๐Ÿ‘‡ ๐Ÿ‘‡

Read more from Upgrade your Online Privacy & Security
OpenAI Advanced Account Security

July 2026 ChatGPT Security Advanced Security for OpenAI Regardless of how you feel about OpenAI or AI in general, the fact is that almost 1 BILLION people use ChatGPT on a monthly basis. That means that either you or somebody you know needs to enroll in this new security program just announced recently: NEW ChatGPT Security Feature (explanation + tutorial) Note: For those who would rather read through an explanation of OpenAI's Advanced Account Security instead of watching a video, you can...

Apple Passwords AI announcement

June 2026 Apple did What? Agentic AI + Security = ??? Apple made a bunch of announcements last week, most of it related to their upgraded Siri AI. In the middle of all that, they quietly shared a new Apple Passwords feature that was, well...it was interesting. It represents a HUGE shift, and you'll want to learn how it works. You Won't Believe What Apple Just Announced Apple Security Tips If you missed it a few weeks ago, I published a video explaining some of my favorite iPhone security tips...

Privacy tools I no longer use

May 2026 A Waste of Money? Privacy Tools I No Longer Use Over the past 10 years I've had the privilege of testing quite a few privacy products and services. I talk about the ones I like and usually just ignore the ones I don't. Today, though, I thought it might be interesting to share a set of popular products that I just no longer use: 11 Privacy Products I No Longer Use Going Live next Monday On Monday, May 25th, I'm going to be doing a live training on how to secure your files in the...