What Is the Syntax for Typing a Username & Password in Internet Explorer's Address Bar?

Disabled by Default

• Internet Explorer versions three through six included a feature that allowed users to specify a username and password in the address box when connecting to a website. This feature was disabled by default in security update 832894 for Internet Explorer, released in February 2004. You can re-enable this feature by editing the Windows registry if you want to type username and passwords into the address bar.

Editing the Registry

• The “HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE” key in the Registry Editor must be edited to allow usernames and passwords in the address box. In this key, create a new “DWORD Value” with the name “iexplore.exe” and a value of “0”. Repeat this process to create a value named “explorer.exe” in the same folder.

Syntax

• The syntax for typing a username and password into Internet Explorer’s address bar is “http://username:password@example.com” or “https://username:password@example.com,” depending on whether you’re connecting over the insecure HTTP or secure HTTPS protocols. You can also omit the password and type “http://username@example.com” or “https://username@example.com”; Internet Explorer will prompt you for the user’s password.

Security Problems

• This feature was disabled for security reasons. A website could direct a user to the URL “www.bank.com@evilwebsite.org,” misleading users into thinking they’re at “www.bank.com” when they’re actually at a malicious website. By disabling this feature, Microsoft removed this method of tricking users. You can still log in to a website by visiting it directly. For example, type “example.com” instead of “http://username:password@example.com.” Internet Explorer will prompt you for your username and password.