Earlier this week, we reported that a researcher found Microsoft Edge saves passwords in cleartext in the memory of your machine. This means you can seemingly bypass even the likes of 2FA if you have access to someone's rig. At the time, Microsoft said this was 'by design', and it has affirmed the same statement in a correspondence with me.
I've been told, "Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised."
This is true. Being able to get into the terminal to find the passwords on Edge does require having admin access on the machine, and that's already a severe breach of your security. However, this technique gets around many security restrictions already in place, should someone get hold of your machine, so it seems like a heightened risk for little reward.
English (US)