Reusing Windows 11 Password Will Be Flagged
Microsoft has added a new feature to warn users when they type their Windows password into a scam site. It's particularly aimed at people who reuse passwords, a particularly risky approach.
"Enhanced Phishing Protection" is available to both consumer and business users who've installed 22H2, the first major update for Windows 11. However, it's not yet switched on by default and instead users must enable it in settings menus.
The relevant menus are Start, Settings, Privacy & Security, Windows Security, App & Browser Control, and then Reputation-based Protection Settings, with the options to enable being "Warn me about password reuse" and "Warn me about unsafe password storage." (Source: mybroadband.co.za)
Phishing Sites On Blacklist
The feature will warn the user if they type their Windows 11 password into a range of places other than the actual Windows login screen. Depending on the chosen options, the warning will show up on any website other than Microsoft, or only on sites known or suspected to be part of a phishing scam. The warning will also appear if the user tries to type the password into Notepad, Wordpad or Microsoft's 365 (formerly Office) applications such as Word and Excel.
The setup should have three main benefits. First, it will warn users who are intentionally reusing their Windows password on another site, something that puts them at added risk if that other site is breached. Second, it will warn users who are intentionally storing (and potentially sharing) their password in a document, something that clearly increases security risks.
Weak Passwords Weeded Out
Finally, it will act as an indirect warning if a user has picked an ordinary single word as a password and then happens to type that word into a document. Those are some of the simplest passwords to crack or spot in an encrypted password database as hackers can simply look for words in a dictionary rather than try every possible combination of letters.
Businesses that enable the feature will also be able to set Windows 11 to not only warn the user in these scenarios, but also send an alert to IT administrators or managers. They can then remind users about secure password policies. (Source: zdnet.com)
What's Your Opinion?
Should this feature be enabled by default? Do you use your Windows password anywhere else? How likely is it that you would (intentionally or otherwise) type your Windows password into a document?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
ANY Password on a Scam Site
Why not warn users if they type ANY password on a scam site? Or maybe that's not what you meant.