search

ASD-Blueprint / ASD-Blueprint-for-Secure-Cloud

Website for ASD's Blueprint for Secure Cloud
Other
54 stars 16 forks source link

Edge hardening guidance for using Edge password manager #7

Open ejazr83 opened 5 months ago

ejazr83 commented 5 months ago

Hi, Currently the guidance is that his should be disabled.

Enable saving passwords to the password manager | Disable | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance.

However, Microsoft's more recent guidance is recommending that this be turned on and the increasing incidents of users storing passwords insecurely, using the edge password manager is as good as a commercial password manger solution that is available out of the box. https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-password-manager-security

Can this be evaluated to suggest this setting to be enabled given the additional security improvements that Microsoft has provided and based on the vendor guidance?

RebelliousBadger commented 4 months ago

Hi ejazr83,

We are reviewing the existing guidance in the Blueprint on Microsoft Edge hardening and will continue to update our advice on password managers in future releases – watch this space.