Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
How Windows Security reacts when you type Windows password in Notepad or websites with Enhanced Phishing Protection active
With this feature, you’ll never type your password on a phishing website again
2 min. read
Published onApril 18, 2024
published onApril 18, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Phishing attacks are fairly common as they allow hackers to obtain your information such as login data.
To prevent this, Microsoft has developed Enhanced Phishing Protection, and we can finally see how it works in action.
Enhanced Phishing Protection can now alert you if you type your password on unsafe websites
Many users tend to save their passwords in Notepad since it’s convenient, but this is a terrible practice since Notepad saves your passwords in plaintext format.
By doing so, anyone who has access to your PC, such as a hacker, malware, or anybody else, can find and read them.
If you happen to do that, Enhanced Phishing Protection will now inform you that it’s not safe to save passwords in this format.
This will even generate an event in the Event Log that your system administrator can later review if needed.
Upon typing your Windows password in Notepad:pic.twitter.com/BFt6UAJDCJ
That’s not all, the feature will also detect if you type your Windows password to a known phishing website in any browser and give you an alert in the Defender for Endpoint portal.
If EPP sees you type your Windows password into a browser (e.g. Firefox, Chrome, Brave, etc) that’s connected to a known phishing site, the Defender for Endpoint portal shows the following alert:pic.twitter.com/ElYQdgHPwD
By doing so, users will be prevented from sharing their passwords to domains that are associated with phishing attacks.
While this sounds great, the feature currently only works with your Windows login password.
At present, the feature is limited to the Windows logon password.
This isn’t a major problem, especially if you have a Microsoft account and you use that account to access various Microsoft services on the web.
SinceMicrosoft and Google are often impersonated by scammers, a feature such as this can put an end to phishing attacks.
In other news,Duo was struck by a phishing attack, so be prepared for more phishing attacks in the future.
More about the topics:Cybersecurity,Phishing
Milan Stanojevic
Windows Toubleshooting Expert
Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Milan Stanojevic
Windows Toubleshooting Expert
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.
