You are here

HomeJohn Lister › Reusing Windows 11 Password Will Be Flagged

Reusing Windows 11 Password Will Be Flagged

John Lister's picture
by John Lister on October, 7 2022 at 12:10PM EDT

Microsoft has added a new feature to warn users when they type their Windows password into a scam site. It's particularly aimed at people who reuse passwords, a particularly risky approach.

"Enhanced Phishing Protection" is available to both consumer and business users who've installed 22H2, the first major update for Windows 11. However, it's not yet switched on by default and instead users must enable it in settings menus.

The relevant menus are Start, Settings, Privacy & Security, Windows Security, App & Browser Control, and then Reputation-based Protection Settings, with the options to enable being "Warn me about password reuse" and "Warn me about unsafe password storage." (Source: mybroadband.co.za)

Phishing Sites On Blacklist

The feature will warn the user if they type their Windows 11 password into a range of places other than the actual Windows login screen. Depending on the chosen options, the warning will show up on any website other than Microsoft, or only on sites known or suspected to be part of a phishing scam. The warning will also appear if the user tries to type the password into Notepad, Wordpad or Microsoft's 365 (formerly Office) applications such as Word and Excel.

The setup should have three main benefits. First, it will warn users who are intentionally reusing their Windows password on another site, something that puts them at added risk if that other site is breached. Second, it will warn users who are intentionally storing (and potentially sharing) their password in a document, something that clearly increases security risks.

Weak Passwords Weeded Out

Finally, it will act as an indirect warning if a user has picked an ordinary single word as a password and then happens to type that word into a document. Those are some of the simplest passwords to crack or spot in an encrypted password database as hackers can simply look for words in a dictionary rather than try every possible combination of letters.

Businesses that enable the feature will also be able to set Windows 11 to not only warn the user in these scenarios, but also send an alert to IT administrators or managers. They can then remind users about secure password policies. (Source: zdnet.com)

What's Your Opinion?

Should this feature be enabled by default? Do you use your Windows password anywhere else? How likely is it that you would (intentionally or otherwise) type your Windows password into a document?

Filed under:
Security
| Tags:
windows password
,
warn user
,
windows 11
Rate this article: 
Average: 4.8 (5 votes)

Comments

doulosg's picture

Submitted by doulosg on Fri, 10/07/2022 - 13:47

Why not warn users if they type ANY password on a scam site? Or maybe that's not what you meant.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.