Microsoft is rolling out a new anti-phishing measure for Windows 11, aiming to safeguard users’ system credentials from falling into the wrong hands. As part of the Enhanced Phishing Protection feature, the latest update will issue a warning to users when they attempt to copy and paste their Windows and Active Directory passwords into documents and websites.
Previously, the Enhanced Phishing Protection only issued warnings when users manually typed their passwords, but with password managers becoming more prevalent, copy-pasting passwords has become common practice. The new Windows Insider Preview Build 23506 now detects password copy and paste actions and triggers a warning to users about the risks of password reuse.
To enable this feature, users need to navigate to Windows Security, then access App & browser control > Reputation-based protection > Phishing protection, and enable all checkboxes.
Upon copying and pasting a Windows password into a website, a dialog box will appear, cautioning users about the dangers of reusing passwords and recommending that they change their local Windows account password. The warning includes a direct link to the settings to facilitate the password change process. Users can choose to dismiss the warning if desired.
However, BleepingComputer noted that the feature does not seem to work when pasting passwords into certain third-party applications, such as Notepad2 and Notepad++, which are commonly used for credential insertion.
Additionally, the warning does not apply when using Windows Hello, Microsoft’s passwordless login feature, which utilizes biometrics or a PIN for access. As a password is required for login to Windows, it is stored in the system memory and referenced against pasted text to trigger the warning.
Phishing and malware attacks continue to pose significant threats to individuals and organizations. By implementing this enhanced protection feature, Microsoft aims to empower users to take extra precautions and make informed decisions to protect their sensitive credentials from potential security breaches.
