The latest release of Windows 11, now includes Enhanced Phishing Protection, which sounds complicated, and I am sure the implementation of it is complex, but the security advantage it offers is obvious and simple.
Windows 11 will warn you when you type a password into an insecure website or application.
Windows 11 now warns when typing your password in Notepad, websites (bleepingcomputer.com)
For many threat actors their primary goal is gaining access to credentials for applications such as Microsoft365 or Google Workspace – especially administrator level credentials. With these they can carry out a wide array of attacks that are difficult to detect.
Cyber-attacks that steal credentials through phishing attacks, exfiltrating insecure documents of password lists and getting users to enter valid credentials into a malicious login boxes (some of which will steal the information without actually hitting submit) are extremely common.
There are a few caveats:
- You need to login using your Windows password – not Windows Hello or a PIN
- The feature is not on by default
- It only applies to your Windows credentials
Still it sounds like a feature that will have a lot of application in many cyber security plans and will help support staff cyber security awareness. The Bleeping Computer articles shows you how to switch the feature on.
Clive Catton MSc (Cyber Security) – by-line and other articles
