Seamless Single Sign-On

There are many different authentication primitives built into browsers. The most common include Web Forms authentication, HTTP authentication, client certificate authentication, and the new WebAuthN standard. Numerous different authentication frameworks build atop these, and many enterprise websites support more than one scheme. Each of the underlying authentication primitives has different characteristics: client certificate authentication isContinue reading “Seamless Single Sign-On”

Revealing Passwords

The Microsoft Edge browser, Edge Legacy, and Internet Explorer all offer a convenient mechanism for users to unmask their typing as they edit a password field: Clicking the little eye icon disables the masking dots so that users can see the characters they’re typing: This feature can be very useful for those of us whoContinue reading “Revealing Passwords”

“Can I… in the new Edge?” (Non-FAQ)

This post is intended to collect a random set of questions I’ve been asked multiple times about the new Chromium-based Edge. I’ll add to it over time. I wouldn’t call this a FAQ because these questions, while repeated, are not frequently asked. Last Update: Sept 30, 2020 Can I get a list of all ofContinue reading ““Can I… in the new Edge?” (Non-FAQ)”

Microsoft’s Three Browsers

It’s an interesting time. Microsoft now maintains three different web browsers: Internet Explorer 11 Microsoft Edge Legacy (Spartan, v18 and below) Chromium-based Microsoft Edge (v79+) If you’re using Internet Explorer 11, you should stop; sometimes, this is easier said than done. If you’re using Legacy Microsoft Edge, you should upgrade to the new Microsoft EdgeContinue reading “Microsoft’s Three Browsers”

Security Zones in Edge

Browsers As Decision Makers As a part of every page load, browsers have to make dozens, hundreds, or even thousands of decisions — should a particular API be available? Should a resource load be permitted? Should script be allowed to run? Should video be allowed to start playing automatically? Should cookies or credentials be sentContinue reading “Security Zones in Edge”