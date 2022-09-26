Microsoft has introduced a new security feature — Enhanced Phishing Protection — to Windows 11 with its 22H2 update.

The feature will warn users when they enter the Windows password in insecure programs or websites.

“It’s unsafe to store your password in this app. We recommend removing your password from this file,” the Windows alert reads.

Bleeping Computer reports that Windows passwords are more commonly stolen through phishing attacks or via insecure applications like text editors and spreadsheets.

Sometimes, typing your password in a phishing login form is enough for malicious actors to steal them, even if you do not submit the form.

Microsoft security product manager Sinclaire Hamilton said SmartScreen protects against password entry on reported phishing sites or insecure apps like Notepad.

“SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps,” Hamilton said.

“IT admins can configure for which scenarios end users see warnings through CSP/MDM or Group Policy.”

The new Enhanced Phishing Protection isn’t enabled by default and won’t work for users that use a PIN to log in to Windows.

Windows users can activate the new security feature by going to Start, Settings, Privacy & Security, Windows Security, App & browser control, and then Reputation-based protection settings.

Users can then activate the “Warn me about password reuse” and “Warn me about unsafe password storage” features.

