MS Fights Phishing, Revamps URLs

In an attempt to do away with spoofed urls all together, Microsoft posted a Knowledge Base Article this week outlining its plans to simply do away with user name and authentication information within urls. With a soon-to-be-released update, your IE...

January 30, 2004

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

In an attempt to do away with spoofed urls all together, Microsoft posted a Knowledge Base Article this week outlining its plans to simply do away with user name and authentication information within urls. With a soon-to-be-released update, your IE browser and Windows Explorer will no longer support login urls like this. Problem solved, right?

http(s)://username:password@server/resource.ext

With no end in sight to the terrors of Phishing, it is good to see Microsoft take some sort of action, even if extreme. But isn't this a standard supported by other browsers like Mozilla and built into many applications as a means for allowing users to log in via http sans a log in prompt? Well, at least it's a better plan than the company's previous advice.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights