May 2026

Edge Password Flaw

What's the deal, Microsoft?

Last week a researcher in Norway discovered a security flaw in the Microsoft Edge browser that exposed all of the passwords in plaintext in the computer's memory. Microsoft's response? "Yes, we know. That's by design." This highlights a key security principle that most people get wrong:

​Microsoft Edge Security Flaw is "by design"?​

Go Deeper: A lot of Big Tech companies have the difficult challenge of balancing security and usability. They want people to love using their products, so most of the security and privacy features are "opt-in" instead of "opt-out". Here are some you should know about:

11 iPhone Tips These 11 iPhone security tips are ones you've probably never heard of before. ​Watch the full Video →​

Contact Verify? Learn about the Apple feature that allows you to verify your contacts. ​Watch the Video →​

Critical Security Principle

Hi [CORRECTED_NAME GOES HERE], this week I shared a quick video with my take on the latest Microsoft Edge password fiasco. In short, the Edge browser loads all of your passwords onto your computer in plaintext, meaning that anybody with access to your computer could theoretically see all of your passwords.

The imminent risk isn't high, but the response by Microsoft is concerning.

But at the end of the day, this highlights two big things for me:

• Use 2FA: Using 2-factor authentication (i.e. an authenticator app or a security key) minimizes the risk of any kind of password breach, including this one from Microsoft.
• Don't use browsers as password managers: The general principle is actually this: don't use a product or service that wasn't specifically designed for privacy and security, for that purpose. An internet browser is designed to access the internet, so just use it for that. Use a good password manager to store passwords because that is what it was designed to do.

This same principle applies to other areas as well. For example, I don't think you should use SMS text for security codes. Or your browser's incognito mode.

Can you think of other areas where you might be using a product or service where security or privacy wasn't initially part of the design?

This Week in Privacy News

​A major breach...and a ransom paid?​

The company behind the popular Canvas software, which was hacked last week causing major disruption at thousands of universities and colleges, has paid the hackers not to publish stolen data online. Is it ever the right move to trust cyber criminals to delete the data they've stolen?

--> Cybermagazine.com/news/canvas-hack-why-did-instructure-pay-ransom-to-shinyhunters

​Fake CAPTCHA Scam​

Researchers have documented a long‑running campaign that uses fake CAPTCHA pages to trick mobile users into sending dozens of international SMS messages in the background.

--> Malwarebytes.com/blog/news/2026/04/fake-captcha-scam-turns-a-quick-click-into-a-costly-phone-bill

​Even Homeland Security needs help​

The Department of Homeland Security failed to effectively secure smartphones used by staff in its intelligence office, raising the risk of cyberattacks and unauthorized access to sensitive information, the department’s inspector general said in a report.

--> NYTimes.com/2026/05/04/us/politics/homeland-security-smartphones-inspector-general.html

Your Thoughts?

Do you use Edge, Chrome or even Safari to store your passwords? If so, what's stopping you from migrating to a better password manager?

✌️

Josh

​​​

3824 Cedar Springs Rd #801-8170, Dallas, TX 75219
​Unsubscribe · Preferences​