Browser autofill can save an inordinate amount of time, but it can also be a real security concern. Microsoft users have noted their worry over the feature, which can let a local attacker with access to your browser sign into your account even if you logged out previously and access the plaintext password. Now, the company has responded.
Though it was considering the use of a master password before each autofill but worried that would lull users into a false sense of security and compound the issue. The main threat in this scenario comes from family members borrowing a device, and Microsoft doesn't believe a single layer of protection is sufficient.
“Requiring entry of a master password prior to autofill has been proposed as a solution for this in the past,” said Microsoft Edge's engineers. “There is ongoing debate around whether a master password feature that's not backed by either per-credential or complete credential store encryption lures users into a false sense of security because local attackers are generally outside of the browser threat model.”
Instead, it proposes a toggle for an ‘OS reauthentication hook'. This could take the form of an OS-level password, or use biometrics like Windows Hello face/fingerprint recognition. Importantly, Microsoft doesn't appear to be targetting its OS only for this solution – it looks like it wants to support authentication across platforms.
“Whether, and if so how, user agents choose to build UI around this reauthentication hook to ensure that their users can clearly understand the threat model and its limitations is beyond of the scope of this explainer,” added the company.
This only really addresses issues with browser password managers in shared device scenarios, but the company is looking at improvements in other areas.