On Windows 11, you can now enable “Enhanced Phishing Protection,” a new security feature that can protect your passwords from malicious sites or applications.
The feature is available on version 22H2 and higher, and when enabled, it can protect you in at least three ways. It’ll show you a warning when it detects you entered your account password on an untrusted site or application. The Enhanced Phishing Protection feature will alert you when trying to save passwords in plain text on an application and reusing passwords on other accounts since it makes it easier for hackers to steal your information.
This guide will teach you the steps to set up the phishing protection security feature on Windows 11 22H2 and higher releases.
Enable Enhanced Phishing Protection on Windows 11
To enable phishing protection on Windows 11, use these steps:
- Open Settings on Windows 11.
- Click on Accounts.
- Click the Sign-in options tab.
- Under the “Additional settings” section, turn off the “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device” toggle switch.
- Quick note: The security feature only works when using a password, which means you have to disable Windows Hello before enabling phishing protection.
- Under the “Ways to sign in” section, select the active Windows Hello option (Facial recognition, Fingerprint recognition, or PIN).
- Click the Remove button.
- Click the Remove button again.
- Confirm your Microsoft account password.
- Click the OK button.
- Open Windows Security.
- Click on App & browser control.
- Click the “Reputation-based protection settings” option.
- Turn on the “Phishing protection” toggle switch to enable the security feature.
- Check the “Warm me about malicious apps and sites” option to display a warning when on an untrusted website or program.
- Check the “Warm me about password reuse” option to avoid using the same password when creating a new account or updating the information on a website or program.
- Check the “Warm me about unsafe password storage” option to warn you not to save a password in plain text in a text editor.
Once you complete the steps, the “Enhanced Phishing Protection” feature will warn you when entering a password on an untrusted application or website with the option to change the password to reduce the chances of someone gaining unauthorized access to your account. The feature works on a Microsoft account, local account, Active Directory, or Azure Active Directory.
Open Settings on Windows 11.
Click on Accounts.
Click the Sign-in options tab.
Under the “Additional settings” section, turn off the “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device” toggle switch.
Under the “Ways to sign in” section, select the active Windows Hello option (Facial recognition, Fingerprint recognition, or PIN).
Click the Remove button.
Click the Remove button again.
Confirm your Microsoft account password.
Click the OK button.
Open Windows Security.
Click on App & browser control.
Click the “Reputation-based protection settings” option.
Turn on the “Phishing protection” toggle switch to enable the security feature.
Check the “Warm me about malicious apps and sites” option to display a warning when on an untrusted website or program.
Check the “Warm me about password reuse” option to avoid using the same password when creating a new account or updating the information on a website or program.
Check the “Warm me about unsafe password storage” option to warn you not to save a password in plain text in a text editor.
You will also get a warning when trying to reuse a password or save passwords in a text editor or Office apps since these applications do not offer any protection for your credentials.