Windows 11 22H2 warns when you're doing dumb things with passwords

Windows 11 22H2 warns when you're doing dumb things with passwords

Trending 2 months ago 70
Image: Getty

Microsoft has rolled retired 'Enhanced Phishing Protection' successful Windows 11, mentation 22H2, which automatically detects erstwhile you benignant a password into an unsafe app oregon tract and past reports it to admins via Microsoft Defender for Endpoint. 

The diagnostic is based connected Microsoft's SmartScreen exertion and caters to some consumers and endeavor users connected the caller Windows 11 2022 Update. 

If the idiosyncratic types their credentials connected an untrustworthy tract oregon app, Windows alerts the idiosyncratic arsenic good arsenic admins who get a grounds of erstwhile and wherever the password was used. 

Also: Windows 11 22H2: How to get Microsoft's latest OS update and what's coming next

"When Windows 11 protects against 1 phishing attack, that menace quality cascades to support different Windows users interacting with different apps and sites that are experiencing the aforesaid onslaught arsenic well," explains Microsoft's Sinclaire Hamilton

The SmartScreen diagnostic works for user Microsoft Accounts, arsenic good arsenic accounts managed done Active Directory, Azure Active Directory, and section passwords. 

It instantly lets users cognize they request to alteration their password and automatically reports the unsafe password usage to IT done the Microsoft Defender for Endpoint portal. 

The phishing occupation volition persist arsenic agelong passwords are utilized to log successful to apps, sites and domains. As Hamilton notes: "Attackers don't interruption in, they log in." 

Bill Gates successful 2004 wrongly predicted we'd beryllium utilizing passwords little and less successful the future. Instead, radical needed much and much with each caller online service. Today, Microsoft, Apple, Google and others are supporting OAuth and FIDO2 standards to make it easier to spell passwordless and alteration two-factor authentication. With Windows 11 22H2, Microsoft has focussed connected information defaults that assistance prevent attacks, specified arsenic the Smart App Control allow-list. It's besides investigating a default Windows 11 SMB complaint limiter to drastically dilatory down password attacks

"SmartScreen identifies and protects against firm password introduction connected reported phishing sites oregon apps connecting to phishing sites, password reuse connected immoderate app oregon site, and passwords typed into Notepad, Wordpad, oregon Microsoft 365 apps," notes Hamilton.  

Also: What, exactly, is cybersecurity? And wherefore does it matter?

IT admins tin usage Group Policy oregon an MDM solution to configure the scenarios wherever users would spot warnings. If admins are utilizing MDM, the diagnostic is by default successful audit mode, which lets admins spot unsafe password usage successful their situation successful the Defender for Endpoint portal without informing users.

End users volition present spot a pop-up informing aft typing a password into an unsafe spot that says: "This app made an unsafe transportation that was reported to Microsoft for stealing passwords."

The pop-up includes an enactment to "change my password", which opens the Windows Settings app to the conception wherever users tin alteration their instrumentality password. 

Additionally, Windows present besides warns users who reuse passwords connected different sites from their Microsoft account, Azure AD, Active Directory, oregon section password, to usage a strong, unsocial password instead. If detected, the dialog prompts users to alteration their firm password to forestall reuse connected a non-corporate site.    

Hamilton notes that Enhanced Phishing Protection is disposable to each consumers and enterprises utilizing Windows 11 22H2 careless of licence tier. 

But to spot Enhanced Phishing Protection alerts successful the M365 Defender information portal, commercialized customers indispensable person a licence that provides Microsoft 365 Defender information portal access, specified arsenic the E5 license. 

style="display:block" data-ad-client="ca-pub-6050020371266145" data-ad-slot="7414032534" data-ad-format="auto" data-full-width-responsive="true">