Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.

With Microsoft Edge 88.0.705.50 now rolling out, users get a built-in strong password generator that allows them to easily set up new passwords when signing up for new accounts or when changing the old passwords.

A browser-suggested password drop down will be displayed in the password field to help users automatically save the credentials to the browser and have then synced across multiple devices.

Microsoft Edge also alerts users when any of the saved passwords has appeared in a list of leaked credentials, and allows users to edit their saved passwords directly in Microsoft Edge Settings.

“User passwords are checked against a repository of known-breached credentials and sends the user an alert if a match is found. To ensure security and privacy, user passwords are hashed and encrypted when they’re checked against the database of leaked credentials,” Microsoft explains.

The updated Edge browser also attempts to automatically upgrade any content that is served over an unencrypted connection when the page is loaded over HTTPS. Images that can’t be retrieved over HTTPS won’t be loaded.

Microsoft Edge 88 also makes management of site permissions easier than before, by allows users to view permissions by site, but also by recent activity. Furthermore, the new browser version allows users to delete third party cookies, with the operation having no impact on first party cookies.

With the new browser release, Microsoft makes Single Sign On (SSO) available on down-level Windows for Microsoft Account (MSA) and Azure Active Directory (Azure AD) accounts. Users will be automatically signed into websites that allow SSO with Work and Microsoft accounts.

Support for the FTP protocol has been removed from Microsoft Edge. Thus, should the user attempt to open a FTP link in the browser, they will be prompted to choose an external application than can handle the FTP link.

“Alternatively, IT administrators can configure Microsoft Edge to use IE Mode for sites that rely on the FTP protocol,” Microsoft explains.

Around for nearly five decades, FTP is using a client-server architecture to allow for file transfers between computers. Considered insecure, however, it has been replaced with SFTP (SSH File Transfer Protocol).

Support for Adobe Flash is also being removed from Microsoft Edge, a move that started in the beta version of Edge 88. The move is not surprising, not only because Adobe themselves have dropped support for the plugin, but also because Google removed it from Chrome, and Microsoft Edge is based on Chromium.

Related: Chrome 88 Drops Flash, Patches Critical Vulnerability

Related: Chrome, Edge and Firefox May Leak Information on Installed Apps

Related: Millions of Users Downloaded 28 Malicious Chrome and Edge Extensions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.