Microsoft Has a New Trick to Keep Your Password Safe
Your PC password is not something that can be easily shared. These are the keys to your kingdom: From work to social media to banking, your entire world is probably accessible from your Windows PC. Consequently, Microsoft is begging us not to be idiots who will give our passwords to anyone who asks. But they know some of us will, which is why they recently implemented some powerful features to protect us from ourselves.
How hackers steal your PC password
The issue boils down to phishing or tricking someone into handing over personal digital information such as their PC password. Fraudsters are very good at extracting this information from unsuspecting victims, abandoning traditional tactics that seem banal and obvious these days. One strategy is to create websites that look exactly like the ones you’re trying to log into but are completely fake. Even if you catch the scam in time and don’t hit the login button, sometimes even entering your password on these sites is enough for hackers to steal it. While this is never good, it’s even worse if the password you use for Facebook is the same as the password you use for your computer. Now attackers know how to get into your machine.
Another problem is related to the insecure storage of passwords. For example, if you store all your passwords in a standard Word or Excel file, you expose yourself to the risk of data theft. You should only store your passwords in password protected and encrypted sources and not in a standard document that anyone can read.
While the personal risk is high, the risk to companies and networks is also high. Huge institutions have been broken into by hackers with weak or leaked passwords . Sometimes access to a machine by a single user is enough to cause a complete security crash.
How Microsoft Helps Protect Your Windows Password
With the big Windows 11 2022 update released last week, Microsoft has released a new weapon to protect against PC password theft. The first is a warning that appears whenever you use your password to sign in to Windows on another website. The hope is to discourage you from using your PC password with any other service. If the site you “log into” is actually a phishing site, hackers will now know your PC’s password, but even a legitimate site can leak a password. The second option warns you whenever you enter your password in a program where it is not safe to store it. Microsoft is trying to discourage you from storing your passwords in apps like Word or Notepad because they don’t provide the same protection as a real password manager.
How to enable the new Microsoft password protection protocols
For some reason, these password protection options are not enabled by default, nor are they rather hidden in the settings. For them to work, you will need to sign in to your computer with your Windows password instead of Windows Hello. They won’t work if you’re using a PIN to sign in to your computer, so you’ll need to turn that option off first. (Choose Start > Settings > Accounts > Sign In Options, select the Windows Hello method you want to disable, then click Remove.)
Then open the Start Menu > Settings > Privacy and Security > Windows Security > Application and Browsing Control > Reputation-Based Protection Settings . Check Phishing Protection , which should already be enabled. Other options to watch out for are “Warn me if I’m reusing my password” and “Warn me if I’m storing my password insecurely.” Turn both on and you’ll get alerts whenever you enter your password in an insecure app.