Windows Phone 8.1’s default web browser, Internet Explorer has a pretty serious security flaw. The browser always masks password fields on web pages with asterisks – for example, if your password is “banter123” and you type in the password on a password field, the browser will display “********”. Now, if you copy and paste the password somewhere else, it won’t reveal the password – that means it will still display ********.
However, a user has discovered a new security flaw on Internet Explorer which reveals the inputs from a password field. If you type a password in a password field and search it using the dedicated button, it will open Bing Search or Cortana and reveal the password. If you want to test this security flaw on your Windows Phone 8.1, follow this steps:
- Input a dummy password into a password field on any web page
- Select the password and Search
- …and you’ll see that the password gets revealed
It’s worth mentioning that Microsoft has fixed this issue on Windows Mobile 10 aka Windows 10 for Phones. However, we’re not sure if Microsoft will fix this issue for Windows Phone 8.1 users. Nonetheless, we’ll make sure to keep our readers updated with the latest info on this topic.