With the recent release of Windows 11 22H2, a new security feature known as Enhanced Phishing Protection was added. This function alerts users when they enter their Windows password in unsecure programmes or websites. The ability to access internal business networks for data theft or ransomware assaults makes Windows login credentials important to threat actors.
These credentials are obtained via phishing attacks or users saving their passwords in insecure apps such as word processors, text editors, and spreadsheets. In some cases, threat actors can steal passwords just by putting them into a phishing login form.
Microsoft unveiled a new feature called “Enhanced Phishing Protection”. This program addresses this practice. It also alerts users when entering Windows passwords on unsecure websites or programs. Currently, this new capability is accessible only in Windows 11 22H2 and is not turned on by default. Additionally, Windows Hello must be used to log in rather than your Windows password.
How to activate Enhanced Phishing Protection
While Windows 11 22H2 includes Phishing protection by default, the settings to secure the passwords are deactivated. Here individuals will come across two new choices titled “Warn me about password reuse” and “Warn me about dangerous password storage” in the Phishing protection area.
Whenever a user visits a website, the “Warn me about password reuse” option will prompt them to enter their Windows password. Whether it is a phishing site or a legitimate one, an alert will be displayed. Put a checkbox next to both options to make them active in order to safeguard the passwords, as seen in the image below. Windows 11 will present a UAC prompt when an user enables each option, which should accept.
In order to test this capability, BleepingComputer created a test account on o the Windows 11 22H2 machine and input the password into Notepad. After entering the password, Windows 11 prompted a warning that stated, “It’s risky to store your password in this app,” and advised removing it.
Additionally, after examining this function in WordPad, Microsoft Word 2019, Excel 2019, OneNote, and Notepad 2. Although Microsoft claims that the capability is supported by Microsoft 365, we were unable to test it there.
While Windows 11 alerted us when we entered WordPad and Microsoft Word passwords. It did not do so in Excel, OneNote, or Notepad2.
When testing Mozilla Firefox, the Enhanced Phishing Protection function did not function. In conclusion, this is a fantastic new security tool for Windows users.
Therefore, it is highly advised that the users make use of it to safeguard themselves from phishing attempts. It, at the same time, will save passwords in unsecure files. However, Microsoft needs to broaden the security feature’s support for other browsers and programmes since there is still a lot of space for development.
Only the most recent Windows 11 upgrades contain this new function, which is activated by default. Therefore, it is uncertain whether Windows 10 users will also receive it.