(CTN News) – With Windows 11, Microsoft is testing an updated feature that warns users when they copy and paste their Windows password into websites and documents.
Microsoft added Enhanced Phishing Protection to Windows 11 22H2, designed to stop threat actors getting your Windows and Active Directory domain credentials.
In order to gain access to websites or corporate networks, threat actors often buy or steal corporate credentials. A phishing attack or malware that steals info gets these credentials.
These credentials are used by threat actors to access other Windows accounts, like email accounts, bank accounts, and cryptocurrency trading accounts. Even worse, these accounts can be used to access corporate networks, allowing hackers to spread laterally on a network and conduct BEC scams, data theft, supply chain attacks, and ransomware attacks.
Cybercrime marketplaces sell billions of credentials and authentication cookies, and specialized sites sell over a million remote desktop credentials.
With this widespread abuse, law enforcement has been actively targeting stolen credential marketplaces, taking down WT1SHOP in 2022, and Genesis Market more recently.
Windows 11’s Enhanced Phishing Protection
Originally, Windows Enhanced Phishing Protection only warned users if they manually entered their Windows password into a document or website.
In spite of this, most people copy and paste their passwords from password managers into their login prompts because it’s common to recommend using password managers.
This would bypass Windows security since copy and paste wasn’t protected previously.
With Windows 11 Insider Dev build 23506, Microsoft’s phishing protection now detects when a user copies and pastes their Windows password.
“With this build, we’re testing a change where people with Windows Security warning options under App & browser control > Reputation-based protection > Phishing protection will see a UI warning on unsafe password copy and paste, just like they do when they type in their password.”
Windows users can enable this by going to Windows Security > App & browser control > Reputation-based protection > Phishing protection and checking all three options.
The feature will warn users when they type or copy and paste their Windows logon password into a form or document.
Users are warned to reset their Windows account passwords in this alert, which links to this support document.
Use strong, unique passwords to protect your personal information if your password is stolen from this site.
“Microsoft recommends changing the password for your local Windows account.”
Today’s tests show that it now works with Firefox and Microsoft Excel, which wasn’t the case in our previous Windows Enhanced Phishing Protection test.
There’s still no way to use it with third-party apps that store passwords, like Notepad2, Notepad++, etc.
There’s also a “Warn others about suspicious apps and sites” phishing protection setting, but there’s no info about it or who ‘others’ represents.
So far, Microsoft hasn’t answered our questions.
As a final note, the Windows 11 Phishing protection doesn’t work if you use Windows Hello, like biometrics or a PIN.
To use this feature, Windows users must log in with a password so it’s cached in memory and can be compared to inputted text (typed or copied).
With Windows Hello, you can protect corporate credentials and get notified when someone’s reusing Windows passwords.