Threat actors use Windows login credentials to access internal corporate networks to steal data or launch ransomware attacks. So Microsoft has introduced a new security feature, “Enhanced Phishing Protection,” in Windows 11 22H2 that warns users when they enter their Windows password in insecure applications (such as word processors, text editors, and spreadsheets) or websites.
As of right now, this feature is only available in Windows 11 22H2, and it is not enabled by default. It requires you to log into Windows with your password rather than Windows Hello or PIN.
As soon as you enter your Windows password, Microsoft issues a warning asking you to remove the password from an insecure file or to set a new Windows password if entered on a website.
According to Microsoft, “SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps.”
How to Enable Password Reuse and Unsafe Password Storage Warning in Windows 11?
To turn on password reuse and unsafe password storage warning in Windows 11, use these steps:-
Step 1. Click on the Start button and type Windows Security.
Step 2. In the search results, click on Windows Security to open it.
Step 3. Select App & browser control in the left sidebar of “Windows Security.”
Step 4. On the right sidebar, click on the link “Reputation-based protection settings” under the “Reputation-based protection” section.
Step 5. In the following window, check the following checkboxes:-
- Warn me about password reuse.
- Warn me about unsafe password storage.
That’s it. You can now close the Windows Security window.
In conclusion, with the rise of cyber attacks that use Windows login credentials to gain access to internal corporate networks, Microsoft has introduced a new security feature in Windows 11 22H2 called “Enhanced Phishing Protection.” This feature warns users when they enter their Windows password in insecure applications or websites. However, it is currently not enabled by default and requires the user to log in with their password instead of Windows Hello or PIN. To turn on this feature, users can follow the steps outlined above to enable warnings for password reuse and unsafe password storage. With these added security measures, users can better protect their sensitive information from potential cyber threats.