• Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

Windows 11 now warns when typing your password in Notepad, websites

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 63,000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

Register Log in

Windows 11 now warns when typing your password in Notepad, websites​

  • September 24, 2022
  • 12:54 PM ET 9:54 AM PT
  • 0

Windows 11

Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.
Windows login credentials are valuable to threat actors as they allow them to access internal corporate networks for data theft or ransomware attacks.
These passwords are commonly acquired through phishing attacks or by users saving their passwords in insecure applications, such as word processors, text editors, and spreadsheets.
In some cases, simply typing your password in a phishing login form, and not submitting them, is enough for them to be stolen by threat actors.
To combat this behavior, Microsoft introduced a new feature called 'Enhanced Phishing Protection' that warns users when they enter their Windows password on a website or enter it into an insecure application.
"SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps," explains Microsoft Security Product Manager Sinclaire Hamilton.
"IT admins can configure for which scenarios end users see warnings through CSP/MDM or Group Policy."
This new feature is only available in Windows 11 22H2 at this time, and it is not enabled by default. It also requires you to log into Windows with your Windows password rather than use Windows Hello.
So if you use a PIN to log in to Windows, this feature will not work.
When enabled, Microsoft will detect when you enter your Windows password and then issue a warning prompting you to remove the password from an insecure file or, if entered on a site, to change your Windows password.
Alert when entering Windows passwords in an insecure application
Alert when entering Windows passwords in an insecure application

How to enable Enhanced Phishing Protection​

While Windows 11 22H2 has Phishing protection enabled by default, the options to protect your passwords are disabled.
To enable these options, go to Start > Settings > Privacy & security > Windows Security > App & browser control > Reputation-based protection settings.
Under the Phishing protection section, you will see two new options labeled 'Warn me about password reuse' and 'Warn me about unsafe password storage.'
When enabled, the 'Warn me about password reuse' option will cause an alert to be displayed when you enter your Windows password on a website, whether it's a phishing site or a legitimate site.
The 'Warn me about unsafe password storage' option will warn you when you type your password into an application like Notepad, Wordpad, and Microsoft Office and then press enter.
To protect your passwords, put a checkmark in both options to enable them, as shown in the image below. When you enable each option, Windows 11 will display a UAC prompt, which you should accept.
Enabling password protection in Windows 11 22H2
Enabling password protection in Windows 11 22H2
Source: BleepingComputer
BleepingComputer created a test account on our Windows 11 22H2 device and entered our password into Notepad to test this feature.
As you can see below, once we typed the password and pressed enter, Windows 11 displayed a warning stating, "It's unsafe to store your password in this app," and recommended we remove it from the file.
Windows 11 warning when you enter your password in Notepad
Windows 11 warning when you enter your password in Notepad
Source: BleepingComputer
We also tested this feature in other applications, such as WordPad, Microsoft Word 2019, Excel 2019, OneNote, and Notepad2. We were not able to test this in Microsoft 365, which Microsoft claims is supported by the feature.
While Windows 11 warned us about our password in WordPad and Microsoft Word, it surprisingly did not warn us when typing it into Excel, OneNote, and Notepad2, which should be fixed.
This is especially true for Microsoft Excel, as it's known to be used to create password lists.
We also tested the password reuse feature by trying to log in to Twitter with our Windows password using Google Chrome and Microsoft Edge. Once we entered our password, Windows 11 displayed the following alert warning us to change our Windows password.
Windows 11 warning about password reuse on a website
Windows 11 warning about password reuse on a website
Source: BleepingComputer
However, the Enhanced Phishing Protection feature did not work when testing Mozilla Firefox.
Overall, this is an excellent new security feature for Windows users, and it is strongly recommended that you use it to protect yourself from phishing attacks and from saving your passwords in insecure files.
However, there is still plenty of room for improvement, with Microsoft needing to expand the security feature to support more browsers and applications.
 
Click to expand...
I use a paid secure password app. The password it generates are crazy. I have so darn many passwords there is no way hell I could keep track of them.

Edit: Now that I think about it, I currently use Kaspersky security suite on this computer. It already bugs you when you attempt to log into possibly sensitive sites. I don't need my O/S bugging me as well.
 
Last edited:
AFFASocial said:

Windows 11 now warns when typing your password in Notepad, websites​

  • September 24, 2022
  • 12:54 PM ET 9:54 AM PT
  • 0

Windows 11

Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.
Windows login credentials are valuable to threat actors as they allow them to access internal corporate networks for data theft or ransomware attacks.
These passwords are commonly acquired through phishing attacks or by users saving their passwords in insecure applications, such as word processors, text editors, and spreadsheets.
In some cases, simply typing your password in a phishing login form, and not submitting them, is enough for them to be stolen by threat actors.
To combat this behavior, Microsoft introduced a new feature called 'Enhanced Phishing Protection' that warns users when they enter their Windows password on a website or enter it into an insecure application.
"SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps," explains Microsoft Security Product Manager Sinclaire Hamilton.
"IT admins can configure for which scenarios end users see warnings through CSP/MDM or Group Policy."
This new feature is only available in Windows 11 22H2 at this time, and it is not enabled by default. It also requires you to log into Windows with your Windows password rather than use Windows Hello.
So if you use a PIN to log in to Windows, this feature will not work.
When enabled, Microsoft will detect when you enter your Windows password and then issue a warning prompting you to remove the password from an insecure file or, if entered on a site, to change your Windows password.
Alert when entering Windows passwords in an insecure application
Alert when entering Windows passwords in an insecure application

How to enable Enhanced Phishing Protection​

While Windows 11 22H2 has Phishing protection enabled by default, the options to protect your passwords are disabled.
To enable these options, go to Start > Settings > Privacy & security > Windows Security > App & browser control > Reputation-based protection settings.
Under the Phishing protection section, you will see two new options labeled 'Warn me about password reuse' and 'Warn me about unsafe password storage.'
When enabled, the 'Warn me about password reuse' option will cause an alert to be displayed when you enter your Windows password on a website, whether it's a phishing site or a legitimate site.
The 'Warn me about unsafe password storage' option will warn you when you type your password into an application like Notepad, Wordpad, and Microsoft Office and then press enter.
To protect your passwords, put a checkmark in both options to enable them, as shown in the image below. When you enable each option, Windows 11 will display a UAC prompt, which you should accept.
Enabling password protection in Windows 11 22H2
Enabling password protection in Windows 11 22H2
Source: BleepingComputer
BleepingComputer created a test account on our Windows 11 22H2 device and entered our password into Notepad to test this feature.
As you can see below, once we typed the password and pressed enter, Windows 11 displayed a warning stating, "It's unsafe to store your password in this app," and recommended we remove it from the file.
Windows 11 warning when you enter your password in Notepad
Windows 11 warning when you enter your password in Notepad
Source: BleepingComputer
We also tested this feature in other applications, such as WordPad, Microsoft Word 2019, Excel 2019, OneNote, and Notepad2. We were not able to test this in Microsoft 365, which Microsoft claims is supported by the feature.
While Windows 11 warned us about our password in WordPad and Microsoft Word, it surprisingly did not warn us when typing it into Excel, OneNote, and Notepad2, which should be fixed.
This is especially true for Microsoft Excel, as it's known to be used to create password lists.
We also tested the password reuse feature by trying to log in to Twitter with our Windows password using Google Chrome and Microsoft Edge. Once we entered our password, Windows 11 displayed the following alert warning us to change our Windows password.
Windows 11 warning about password reuse on a website
Windows 11 warning about password reuse on a website
Source: BleepingComputer
However, the Enhanced Phishing Protection feature did not work when testing Mozilla Firefox.
Overall, this is an excellent new security feature for Windows users, and it is strongly recommended that you use it to protect yourself from phishing attacks and from saving your passwords in insecure files.
However, there is still plenty of room for improvement, with Microsoft needing to expand the security feature to support more browsers and applications.
Click to expand...
Good feature, google uses that for ages with http://keep.google.com and android phones. (The feature about saving text).
 
You must log in or register to reply here.

Similar threads

AFFASocial
  • Article
Windows GAMERS 2K Games warns users their stolen data is now up for sale online
Replies
0
Views
1K
AFFASocial
AFFASocial
TWF Bot
  • Article
Older versions of BattlEye software may not be compatible with Windows 10, version 1903 - Microsoft Support
Replies
0
Views
84
TWF Bot
TWF Bot
TWF Bot
Windows Photos adds new Microsoft Designer integration
Replies
0
Views
104
TWF Bot
TWF Bot
TWF Bot
Releasing Windows 10 Build 19045.4353 to Release Preview Channel
Replies
0
Views
130
TWF Bot
TWF Bot
TWF Bot
Announcing Windows 11 Insider Preview Build 22635.3495 (Beta Channel)
Replies
0
Views
135
TWF Bot
TWF Bot

Latest posts

Back