Microsoft is working on two new security features for Chromium Edge – Automatic HTTPS and Windows Hello authentication for saved passwords.
Currently, when you type URLs into the address bar, Edge attempts to open the insecure HTTP version of the website before redirecting users to the HTTPS (if available). Starting with version 92, Microsoft Edge will automatically connect to the HTTPS versions of URLs when you type into the address bar.
Initially, Edge’s Automatic HTTPS feature will be optional and users can configure it by navigating to the Settings. Once enabled, Microsoft’s HTTPS-only rule mode will upgrade HTTP connections to HTTPS, which means the browser will first attempt to connect to the HTTPS URL.
If you don’t see the option, you can also enable it using the “Automatic HTTPS” flag.
The downside to HTTPS-only mode is that it may break websites and result in HTTP errors if the website is still using the insecure protocol. If the site doesn’t support secure protocol, Edge will try to connect to the HTTP version after a few failed attempts.
Google has also enabled support for HTTPS-only mode in Chrome to improve the performance and security of the browser.
Windows Hello integration in Microsoft Edge
Like Google Chrome or Firefox, Microsoft Edge can also access and autofill your passwords synced to the Microsoft account.
Microsoft’s password manager makes it easy to log in to websites like Twitter or Reddit by auto-filling the username and passwords. You can also manage and edit your passwords from the browser’s settings page.
To improve the security and privacy of users, Microsoft recently started testing support for Windows Hello in Edge Canary. The feature is now available for everyone on the Dev Channel and users can enable it to improve the security of the autofill feature.
To test this feature, open Microsoft Edge Dev or Canary and navigate to Settings > Profile > Passwords. Enable the option “required authentication” to force Windows Hello authentication each time you try to sign in using the saved passwords.
As you can see in the above screenshot, Microsoft Edge currently offers three options:
- Always – This will require authentication each time you try to sign in.
- Once every minute.
- Once every session.
It’s important to remember that Windows Hello doesn’t always require special hardware for Micorosft Edge. You can use methods such as PIN, fingerprint or iris scan to authenticate Edge’s password manager.
Once configured, a security prompt will appear every time when you attempt to use one of the saved passwords.
In addition, Microsoft Edge is also getting support for Office Viewer, Windows Search integration and more in the next big update.