Microsoft is enhancing Windows 11's Enhanced Phishing Protection security feature
Microsoft introduced the security feature Enhanced Phishing Protection in Windows 11 version 22H2 to better protect the Windows account password. The feature is now seeing improvements in the most recent Windows 11 Insider builds.
According to the changelog, Enhanced Phishing Protection functionality is now extended to copy and paste operations. Previously, it only kicked in if the user typed the password manually in unsafe contexts.
Enhanced Phishing Protection is a Microsoft Defender SmartScreen feature. Microsoft noted back then that the security feature works with different authentication systems, including Microsoft and local accounts, Active Directory and Azure Active Directory accounts. The protection is applied to any Chromium-based web browser and applications, according to Microsoft, and may also warn users about password reuse and unsafe password storage.
Password reuse refers to Windows 11 users trying to set their account password as the password for another service. Unsafe password storage refers to users storing the account password in plain text documents or Microsoft Office documents.
Windows 11 protects against using the password in malicious apps or on malicious sites only by default. Users and administrators may disable the functionality, or extend it to include password reuse and unsafe password storage warnings.
Up until now, Enhanced Phishing Protection displayed warnings only if the user typed the password. Copy and paste operations, which are also common operations when it comes to passwords, were not supported.
The most recent Windows 11 Insider build changes that. Microsoft writes: "We are trying out a change starting with this build where users who have enabled warning options for Windows Security under App & browser control > Reputation-based protection > Phishing protection will see a UI warning on unsafe password copy and paste, just as they currently see when they type in their password."
In other words: if Enhanced Phishing Protection is enabled on the Windows 11 device, it will now also inform users when they use copy and paste in unsafe contexts.
The dialog displays an option to change the password immediately and a "got it" button to close it.
Windows 11 users may configure the security feature in the following way:
- Select Start > Settings.
- Switch to Privacy & Security.
- Select Windows Security.
- Activate the "open Windows Security" button on the page.
- In the Windows Security window, select App & browser control.
- Switch to Reputation-based protection.
- Scroll down to Phishing Protection to enable/disable the Enhanced Phishing Protection feature, and to configure the three available options separately.
Microsoft is testing the improvement currently. There is a chance that it will never land in a stable version of the Windows operating system, as it is still in testing.
Closing Words
Support for copy & paste operations improves Enhanced Phishing Protection, as it adds the common use case to the protective feature.
This is basically just repurposed key-logging. With this addition, Windows 11 now does key-logging, hell, even clip-board logging. Sure, they claim it’s for a good purpose, but damn, not a good look if this gets put into base windows!
Dude, what do you mean “now”?
How do you think spellcheck works, cloud clipboard, image enhancement?
Making M$ execs richer is a good purpose?
M$ doesn’t care about your security, they care about keeping your data out of the hands of others to increase the value of it for themselves.
Yes, yes–so use MX Linux or whatever flavor desired and invest in MSFT. All are invited to join the “M$ execs” making shareholders richer [which is a very good purpose].
“If you’d invested $10,000 in Microsoft Corporation (MSFT) on July 27, 2021, today the investment would be worth: $12,335.09”
Add an Apple and . . .
“If you’d invested $10,000 in Apple Inc (AAPL) on July 27, 2021, today the investment would be worth: $13,185.92.”
MSFT–“They care about keeping your data out of the hands of others to increase the value of it for themselves.”
Interesting idea; competition with GOOG et al. for my personal data and suchever. Not a bad idea–would rather have one corporation with the data than several–perhaps.
Maybe.
Don’t really know for sure.
Why does anyone care?
Should I care? Someone wants to eavesdrop on my communications?
I do have a choice: “Windows 11 protects against using the password in malicious apps or on malicious sites only by default. Users and administrators may disable the functionality.”
Good, I can “disable the functionality.”
Although . . . intuition tells me the US government has so much information on me that it’s hopeless. I shall never be able to “drop off the radar” as in the movies.
@VioletMoon
Yes, yes–so use MX Linux or whatever flavor desired and invest in MSFT. All are invited to join the “M$ execs” making shareholders richer [which is a very good purpose].
So Where Does That Money Come From?
For MX Linux and Other Distros?
Does It Come From…
Linux Foundation sponsors many open source projects such as Linux, Kubernetes, and Node. js. A third way to fund open source software is through crowdfunding platforms that allow developers to raise money from backers who pledge a certain amount of money for a specific goal or feature.
The Microsoft FOSS Fund provides a direct way for Microsoft engineers to participate in the nomination and selection process to help communities and projects they are passionate about.
A project of the Microsoft Open Source Programs Office, the FOSS Fund provides $10,000 sponsorships to open source projects as selected by Microsoft employees. To help drive an open contribution culture across Microsoft, employees are eligible to select projects for the fund when they participate in projects that are not governed by Microsoft.
FOSS Fund #20 (May 2022): GNOME: From low-level libs over the window manager to end user applications the GNOME project is an essential part of many graphical Linux devices. It also powers Ubuntu which is the first Linux work environment supported at Microsoft.
If ignorance is bliss, you must be the happiest person on the planet.
https://github.com/microsoft/foss-fund
Tachy, what do I mean “now”?
I meant what I said. I don’t use cloud clipboard or any clipboard management, or image enhancement (edge feature?). Spellcheck is also just an Office suite feature and isn’t enabled in the windows shell.
This feature strikes me as very “key-logger”-y, I guess your point is that it’s not the first time MS introduced a feature in this category? I use W10 & W11 at work but not at home, as such, I wasn’t aware of things like “cloud clipboard”. However this feature in particular, I believe is the first one which will actually passively process your keystrokes system-wide and look for patterns. So to me, it looks “bad” because of that.
Anyway as long as this stuff stays “opt-in” instead of opt-out, that would be appreciated.
Nice point of view, now W11 will be a key logger tool to control itself, so bad if some virus or malware could access to this kind of information. So sad imho that an entire OS can’t secure itself without the aid of a self integrated antivirus. :S