All true, but it is still bad style. There is no need to keep decrypted password... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		slow_typist 25 days ago \| parent \| context \| favorite \| on: Microsoft Edge stores all passwords in memory in c... All true, but it is still bad style. There is no need to keep decrypted passwords in memory the user hasn’t even used in the session (or after they logged in to a certain website).

netrap 25 days ago [–]

So you decrypt each time you need it? What is the difference in the attack surface?

slow_typist 21 days ago | [–]

What I don’t need doesn’t need to live unencrypted in my RAM. Of course I do. It is standard behaviour of iOS, and of a lot of password managers. If someone grabs my laptop and runs, at least they can’t capture my hn account.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact