Reusing Windows 11 Password Will Be Flagged

John Lister's picture

Microsoft has added a new feature to warn users when they type their Windows password into a scam site. It's particularly aimed at people who reuse passwords, a particularly risky approach.

"Enhanced Phishing Protection" is available to both consumer and business users who've installed 22H2, the first major update for Windows 11. However, it's not yet switched on by default and instead users must enable it in settings menus.

The relevant menus are Start, Settings, Privacy & Security, Windows Security, App & Browser Control, and then Reputation-based Protection Settings, with the options to enable being "Warn me about password reuse" and "Warn me about unsafe password storage." (Source:

Phishing Sites On Blacklist

The feature will warn the user if they type their Windows 11 password into a range of places other than the actual Windows login screen. Depending on the chosen options, the warning will show up on any website other than Microsoft, or only on sites known or suspected to be part of a phishing scam. The warning will also appear if the user tries to type the password into Notepad, Wordpad or Microsoft's 365 (formerly Office) applications such as Word and Excel.

The setup should have three main benefits. First, it will warn users who are intentionally reusing their Windows password on another site, something that puts them at added risk if that other site is breached. Second, it will warn users who are intentionally storing (and potentially sharing) their password in a document, something that clearly increases security risks.

Weak Passwords Weeded Out

Finally, it will act as an indirect warning if a user has picked an ordinary single word as a password and then happens to type that word into a document. Those are some of the simplest passwords to crack or spot in an encrypted password database as hackers can simply look for words in a dictionary rather than try every possible combination of letters.

Businesses that enable the feature will also be able to set Windows 11 to not only warn the user in these scenarios, but also send an alert to IT administrators or managers. They can then remind users about secure password policies. (Source:

What's Your Opinion?

Should this feature be enabled by default? Do you use your Windows password anywhere else? How likely is it that you would (intentionally or otherwise) type your Windows password into a document?

Rate this article: 
Average: 4.8 (5 votes)


doulosg's picture

Why not warn users if they type ANY password on a scam site? Or maybe that's not what you meant.