Not in the Brief, Episode 02 Open Microsoft Edge. The browser silently decrypts every password it has ever saved for you, and keeps the entire collection in process memory, in cleartext, for as long as the browser is running. The credentials for the site you visit today are decrypted; so are the credentials for the site you have not visited since 2021. Microsoft's response, when this was reported by the security community, was that the behaviour is intentional, and that the design "balances performance, usability, and security". This is an architectural review of a default the user did not configure, written from the point of view of the user who can find it on their own machine in about five minutes. The Feature Edge's password manager is, in surface terms, the standard browser-built-in vault: enter a credential on a site, the browser offers to remember it, the next visit autofills the field. That part is in the brief. The part that is not in the brief is what happens at startup.…