Windows credentials are valuable to hackers because it allows them to gain access to a company's internal network to steal data or do ransomware attacks.
Hackers often steal these passwords through phishing attacks or because users store passwords in insecure applications, such as word processors, word processors, and spreadsheets. .
In some cases, just entering the password in the login phishing form and not pressing submit has been stolen by the hacker.
To prevent this, Microsoft has introduced a new feature called Enhanced Phishing Protection on Windows 11 22H2 with the ability to warn users when they enter Windows passwords into unsafe applications or on websites.
"SmartScreen identifies and protects against password entry on phishing sites or apps that connect to phishing sites, password reuse on any app or website, and entered passwords into Notepad, Wordpad, or Microsoft 365 apps," explains Microsoft Security Product Manager Sinclaire Hamilton.
"IT admins can set up which situations need to send alerts to end users via CPS/MDM or Group Policy".
At the moment, this new feature is only available on Windows 11 22H2, and it is not enabled by default. It also requires you to sign in to Windows with your Windows password instead of using Windows Hello.
Therefore, when you use a PIN to sign in to Windows, the feature will not work.
When enabled, Microsoft will detect when you enter your Windows password and then issue a warning prompting you to remove the password from an unsafe file or, when entered on a website, to change your Windows password .
How to enable Enhanced Phishing Protection
Although Windows 11 22H2 turns on phishing protection by default, your password protection option is turned off.
To enable this option, you need to go to Start > Settings > Privacy & security > Windows Security > App & browser control > Reputation-based protection settings.
In the Phishing protection section, you will see two new options, "Warn me about password reuse" and "Warn me about unsafe password storage".
When enabled, the "Warn me about password reuse" option will display a warning when you enter your Windows password on a website whether it's a phishing site or a legitimate one.
Meanwhile, the "Warn me about unsafe password storage" option will display a warning when you enter a password into applications like Notepad, Wordpad, and Microsoft Office and then press Enter.
To protect your password, tick both of these options to enable them. As you enable each option, Windows 11 displays a UAC prompt for you to confirm the setting.
In Bleeping Computer's test below, Windows 11 displays a warning when entering a password into Notepad and pressing Enter. Attached to the warning is the advice that users should remove the password from the file. Other apps that also show warnings include WordPad and Microsoft Word 2019.
However, it does not show a warning when entering passwords in Excel 2019, OneNote and Notepad 2. This needs to be reviewed and corrected because Excel is often used if it is necessary to create a list of passwords.
Another thing to note is that Windows 11 only shows warnings when using Google Chrome and Microsoft Edge. Same test on Mozilla Firefox, the warning doesn't appear.
Overall, this is a great security feature for Windows users, and you should use it to protect yourself from phishing attacks and to avoid saving your passwords in insecure applications.
However, there is still a lot of room for improvement, and Microsoft needs to expand this security feature to support even more browsers and apps.
No comments:
Post a Comment