MS Fights Phishing, Revamps URLs
In an attempt to do away with spoofed urls all together, Microsoft posted a Knowledge Base Article this week outlining its plans to simply do away with user name and authentication information within urls. With a soon-to-be-released update, your IE...
January 30, 2004
![Network Computing logo Network Computing logo](https://eu-images.contentstack.com/v3/assets/bltde8121fc52c5c8f3/blt3f3d0318f746b1c2/65a530e4187606040a1d8b8c/placeholder.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
In an attempt to do away with spoofed urls all together, Microsoft posted a Knowledge Base Article this week outlining its plans to simply do away with user name and authentication information within urls. With a soon-to-be-released update, your IE browser and Windows Explorer will no longer support login urls like this. Problem solved, right?
http(s)://username:password@server/resource.ext
With no end in sight to the terrors of Phishing, it is good to see Microsoft take some sort of action, even if extreme. But isn't this a standard supported by other browsers like Mozilla and built into many applications as a means for allowing users to log in via http sans a log in prompt? Well, at least it's a better plan than the company's previous advice.
You May Also Like