A new security feature dubbed Enhanced Phishing Protection, included in the recently released version of Windows 11 22H2, alerts users when they enter their Windows password in unsecured programs or on websites.
Threat actors value Windows login credentials because they enable attackers to get access to internal business networks for data theft or ransomware attacks. Phishing scams or people saving their passwords in insecure programs like word processors, text editors, and spreadsheets are two frequent ways that these credentials are obtained.
Microsoft unveiled a new feature called “Enhanced Phishing Protection” to address this practice, which alerts users when they enter their Windows password on a website or into an unsecured program.
At the moment, this new capability is accessible only in Windows 11 22H2 and is not turned on by default. When enabled, Microsoft will recognize when you input your Windows password and will then display a warning asking you to change your Windows password or delete the password from an insecure file, as the case may be.