While software-based password managers are incredibly popular these days, it is still terrifyingly common to find that people store passwords on sticky notes attached to their monitor. A slightly more up-to-date means of recording passwords is to type them into a text document, and this is something Microsoft is seeking to discourage with the latest update to Windows 11.
With Window 11 2022 Update, the company added a new enhanced phishing protection feature to Microsoft Defender Smartscreen. This security feature can, among other things, issue a warning if it detects that you are entering one of your passwords into a document or, for that matter, a potentially insecure website. The feature is not enabled by default, so here’s how to bolster your security.
Writing about the feature in a blog post covering the new security features of Windows 11 2022 Update, Microsoft explains: “Enhanced phishing protection in Microsoft Defender Smartscreen can detect and warn you when you’re entering your password into a known compromised app or website”.
David Weston, vice president of Enterprise and OS Security goes on to say:
It also promotes good credential hygiene by warning users when they try to re-use passwords or store them in an unsafe location such as a text file. This goes beyond browser-based protection to build advanced phishing protection into the operating system itself, empowering users to take proactive action before passwords can be used against them or their organization. IT admins can customize alerts using a mobile device management (MDM) solution like Microsoft Intune.
To enable the feature, you need to open the Settings app and head to the Privacy and Security section. Open the Windows Security section, click App & browser control, and then click Reputation-based protection settings. You can then enable the Warn me about password reuse and Warn me about unsafe password storage settings.