Windows 11 now warns when typing your password in Notepad, websites
Home windows 11 22H2 was simply launched, and with it comes a brand new safety characteristic referred to as Enhanced Phishing Safety that warns customers after they enter their Home windows password in insecure functions or on web sites.
Home windows login credentials are worthwhile to risk actors as they permit them to entry inside company networks for information theft or ransomware assaults.
These passwords are generally acquired by phishing assaults or by customers saving their passwords in insecure functions, equivalent to phrase processors, textual content editors, and spreadsheets.
In some instances, merely typing your password in a phishing login kind, and never submitting them, is sufficient for them to be stolen by risk actors.
To fight this habits, Microsoft launched a brand new characteristic referred to as ‘Enhanced Phishing Safety’ that warns customers after they enter their Home windows password on an internet site or enter it into an insecure software.
“SmartScreen identifies and protects towards company password entry on reported phishing websites or apps connecting to phishing websites, password reuse on any app or web site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps,” explains Microsoft Safety Product Supervisor Sinclaire Hamilton.
“IT admins can configure for which eventualities finish customers see warnings by CSP/MDM or Group Coverage.”
This new characteristic is simply obtainable in Home windows 11 22H2 presently, and it’s not enabled by default. It additionally requires you to log into Home windows along with your Home windows password somewhat than use Home windows Hiya.
So in the event you use a PIN to log in to Home windows, this characteristic won’t work.
When enabled, Microsoft will detect if you enter your Home windows password after which problem a warning prompting you to take away the password from an insecure file or, if entered on a web site, to vary your Home windows password.
The way to allow Enhanced Phishing Safety
Whereas Home windows 11 22H2 has Phishing safety enabled by default, the choices to guard your passwords are disabled.
To allow these choices, go to Begin > Settings > Privateness & safety > Home windows Safety > App & browser management > Status-based safety settings.
Beneath the Phishing safety part, you will notice two new choices labeled ‘Warn me about password reuse’ and ‘Warn me about unsafe password storage.’
When enabled, the ‘Warn me about password reuse’ choice will trigger an alert to be displayed if you enter your Home windows password on an internet site, whether or not it is a phishing web site or a official web site.
The ‘Warn me about unsafe password storage’ choice will warn you if you sort your password into an software like Notepad, Wordpad, and Microsoft Workplace after which press enter.
To guard your passwords, put a checkmark in each choices to allow them, as proven within the picture under. While you allow every choice, Home windows 11 will show a UAC immediate, which it’s best to settle for.
BleepingComputer created a check account on our Home windows 11 22H2 machine and entered our password into Notepad to check this characteristic.
As you may see under, as soon as we typed the password and pressed enter, Home windows 11 displayed a warning stating, “It is unsafe to retailer your password on this app,” and beneficial we take away it from the file.
We additionally examined this characteristic in different functions, equivalent to WordPad, Microsoft Phrase 2019, Excel 2019, OneNote, and Notepad2. We weren’t capable of check this in Microsoft 365, which Microsoft claims is supported by the characteristic.
Whereas Home windows 11 warned us about our password in WordPad and Microsoft Phrase, it surprisingly didn’t warn us when typing it into Excel, OneNote, and Notepad2, which must be mounted.
That is very true for Microsoft Excel, because it’s identified for use to create password lists.
We additionally examined the password reuse characteristic by attempting to log in to Twitter with our Home windows password utilizing Google Chrome and Microsoft Edge. As soon as we entered our password, Home windows 11 displayed the next alert warning us to vary our Home windows password.
Nonetheless, the Enhanced Phishing Safety characteristic didn’t work when testing Mozilla Firefox.
Total, this is a wonderful new safety characteristic for Home windows customers, and it’s strongly beneficial that you simply use it to guard your self from phishing assaults and from saving your passwords in insecure information.
Nonetheless, there may be nonetheless loads of room for enchancment, with Microsoft needing to broaden the safety characteristic to assist extra browsers and functions.