Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Microsoft upgrades Windows 11’s phishing protection feature

Software giant Microsoft has rolled out a new addition to its Enhanced Phishing Protection in Microsoft Defender SmartScreen feature, with an update to the latest development build of the operating system.

user icon David Hollingworth
Mon, 24 Jul 2023
Microsoft upgrades Windows 11’s phishing protection feature
expand image

Windows 11, version 22H2, will now flag when users copy and paste their password into a site deemed unsafe by Windows Defender.

Previously, the feature, when turned on, would only warn users when they were manually typing their credentials into a website, but that doesn’t protect users who have trouble remembering their passwords. For these users – and yes, guilty as charged in this case – it’s easier to look up their passwords in whatever password manager they use and then simply copy the details from there.

Enhanced Phishing Protection in Microsoft Defender SmartScreen is only a recent enhancement to the operating system, first introduced in June 2023, and it works on all Chromium-based browsers. It also warns users against storing passwords in plain text files, and if they are reusing a password from work or school.

============
============

“We are trying out a change starting with this build,” Microsoft said in a blog post, “where users who have enabled warning options for Windows Security under App & browser control > Reputation-based protection > Phishing protection will see a UI warning on unsafe password copy and paste, just as they currently see when they type in their password”.

The feature will throw up the following dialog:

Password reuse is a security risk

If your password is stolen from this site, attackers will try to use it at other sites too. Use strong, unique passwords to keep your personal information safe.

Microsoft recommends changing your local Windows account password.

In addition, the current development build will introduce a new passwordless feature in Windows Hello for Business (WHFB), though only for enterprise-level customers.

“Enterprise customers can now set the EnablePasswordlessExperience policy that promotes a user experience on AAD joined machines for core authentication scenarios without requiring a password,” Microsoft said. “This new experience hides passwords from certain Windows authentication scenarios and leverages passwordless recovery mechanisms, such as WHFB PIN reset, if necessary.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.