Windows 11 now warns when typing your password in Notepad, websites - BleepingComputer
Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websitesTo combat this behavior, Microsoft introduced a new feature called 'Enhanced Phishing Protection' that warns users when they enter their Windows password on a website or enter it into an insecure application"SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps," explains Microsoft Security Product Manager Sinclaire HamiltonWhen enabled, Microsoft will detect when you enter your Windows password and then issue a warning prompting you to remove the password from an insecure file or, if entered on a site, to change your Windows passwordWhile Windows 11 22H2 has Phishing protection enabled by default, the options to protect your passwords are disabledTo enable these options, go to Start > Settings > Privacy & security > Windows Security > App & browser control > Reputation-based protection settingsUnder the Phishing protection section, you will see two new options labeled 'Warn me about password reuse' and 'Warn me about unsafe password storage.'When enabled, the 'Warn me about password reuse' option will cause an alert to be displayed when you enter your Windows password on a website, whether it's a phishing site or a legitimate siteThe 'Warn me about unsafe password storage' option will warn you when you type your password into an application like Notepad, Wordpad, and Microsoft Office and then press enterBleepingComputer created a test account on our Windows 11 22H2 device and entered our password into Notepad to test this featureAs you can see below, once we typed the password and pressed enter, Windows 11 displayed a warning stating, "It's unsafe to store your password in this app," and recommended we remove it from the fileWe also tested this feature in other applications, such as WordPad, Microsoft Word 2019, Excel 2019, OneNote, and Notepad2While Windows 11 warned us about our password in WordPad and Microsoft Word, it surprisingly did not warn us when typing it into Excel, OneNote, and Notepad2, which should be fixedWe also tested the password reuse feature by trying to log in to Twitter with our Windows password using Google Chrome and Microsoft EdgeHowever, the Enhanced Phishing Protection feature did not work when testing Mozilla FirefoxOverall, this is an excellent new security feature for Windows users, and it is strongly recommended that you use it to protect yourself from phishing attacks and from saving your passwords in insecure filesHowever, there is still plenty of room for improvement, with Microsoft needing to expand the security feature to support more browsers and applicationsWindows 11 22H2 adds kernel exploit protection to security baseline