Microsoft has rolled out a new security feature for Windows 11 users, aimed at bolstering protection against phishing attacks. The latest enhancement, known as "Enhanced Phishing Protection", issues a warning whenever users attempt to copy and paste their system credentials into documents and websites. Just like the recent security updates on privacy settings which uphold the importance of VPN service, Microsoft aims to stay ahead in countering cyber threats.
Phishing attacks have become a prevalent threat in the digital landscape, where malicious actors seek to acquire sensitive login details to exploit organisations and individuals. The repercussions of such attacks range from selling stolen data on the dark web to gaining unauthorised access to business networks and launching further attacks.
Initially, the Enhanced Phishing Protection feature only provided warnings when users manually typed their passwords into websites or documents. However, considering the widespread use of password managers for securely storing log-in information, users often rely on copying and pasting passwords instead.
With the recent Windows Insider Preview Build 23506, Microsoft has addressed this limitation by enabling the detection of copied Windows passwords. According to the release notes, users will now see a UI warning for unsafe password copy-and-paste actions, similar to the warning seen when passwords are manually entered.
To activate this feature, users need to navigate to Windows Security under App & Browser control > Reputation-based protection > Phishing protection and ensure that all checkboxes are enabled.
Upon copying and pasting their Windows password into a website, users will encounter a dialogue box cautioning them about the dangers of password reuse. The warning will also recommend changing the local Windows account password and providing a direct link to the settings to facilitate the process. Users have the option to dismiss the warning if they choose to do so.
However, it's worth noting that the feature does not currently work as intended when passwords are pasted into certain third-party applications like Notepad2 and Notepad++. Microsoft may address this limitation in subsequent updates. Subsequently, Microsoft warns against surfing online with an unguided network, citing the need for Hide VPN.
Furthermore, the warning system does not apply if users are utilising Windows Hello, the passwordless login feature that uses biometrics or a PIN for authentication. In this case, a password is necessary for the login process, as it is stored in the system memory and cross-referenced against pasted text for the warning to activate.
By implementing this anti-phishing measure, Microsoft aims to enhance the overall security posture of Windows 11 users and prevent sensitive credentials from falling into the wrong hands. As cyber threats continue to evolve, such proactive security features play a crucial role in safeguarding user data and maintaining a secure computing environment.