back to article Microsoft says it's boosted phishing protection in Windows 11 22H2

In the latest version of Windows 11, namely 22H2, Microsoft has introduced a feature in its Defender SmartScreen tool designed to, hopefully, keep passwords safer. The enhanced phishing protection automatically detects when a user types their password into an app or website and knows immediately whether the app or site has a …

  1. Norman Nescio

    How are they determining trusted websites? Is there a blacklist or whitelist involved?

    If they are determining by checking if TLS (Transport Layer Security) is in use, they merely tells you if the connection is difficult to eavesdrop, and says nothing about whether the service you are connecting to over a secure connection is trustworthy or not.

    People really should not confuse security of the connection with security of the service being offered by the smartphone app or website. Criminals can use LetsEncrypt too.

  2. steviebuk Silver badge

    How would this work

    when a lot of phishing emails I see come in at work point to a OneDrive setup specifically for phishing.

  3. Ken Moorhouse Silver badge

    if they try to store their password locally

    But to be able to do that, it has to store that checklist of passwords *somewhere*.

    Two possibilities: either the passwords are stored locally, or remotely. Yes, they may be encrypted, but it is only a matter of time before that checklist is hacked.

    Also:-

    I remember Rapport. Type a password on a pc and Rapport kindly flagged up that a sensitive combination of characters had been entered. Thanks, Rapport for the alert, now just got to find out the site that goes with that password..

    So using Rapport as a tool, you didn't need to go on-line to run your exploits, you could do it safely offline, without triggering any alerts from the target site itself, claiming it is being attacked.

  4. Anonymous Coward
    Anonymous Coward

    >Microsoft views passwords as unreliable, in large part because users tend to use the same password for multiple sites

    So, are we supposed to carry around dozens of different thumbs or faces?

    1. Roland6 Silver badge

      Perhaps someone needs to suggest to Microsoft they put their collection of sites in different security domains and so permit a user to have different passwords/credentials for Outlook, OneDrive, O365, Azure etc.

  5. Il'Geller

    This Windows operating system is tragically obsolete, as well as the one from Apple, as well as Linux and etc. Accordingly, all means of protecting will die along with them.

    Indeed, programming and program code are dying before our eyes, the soon coming modern operating systems are designed specifically for AI.

  6. Il'Geller

    Such AI-operation system, as its foundation, has the AI-assignment to segments of the everyday language of certain functions, just as until now the same segments were assigned through programming languages. At the same time, the search for the segments is performed using AI-search technology, in response to a request made in the common language. The approach leads to the absence of the need for training, studying and other hideous tasks, without which, for example, it is impossible to use Microsoft Windows or Apple. Or Chrome.

    The databases used in the AI-operating system will again be radically different from those for Windows or Apple, or any other system; which again means a total democratization of computer handling. These new will be AI databases, which do not require any training and special skills, or formulas, or spreadsheets, as SQL does.

    AI came!

  7. Allan George Dyer
    Facepalm

    Wait, What?

    "a future without passwords for authentication. Microsoft is embracing tools like biometrics – including fingerprint and face scans – and device PINs as alternative"

    Doesn't Microsoft know that a PIN is a type of password - one that's easier to guess because it uses a much reduced character set? If they said, "we want to move to 2-factor authentication, with a simpler something-you-know factor" it would be more honest than this "passwords BAD, we are doing something DIFFERENT" hype.

    1. Il'Geller

      Re: Wait, What?

      Individual Artificial Intelligence, as individual profiles, have somewhere between 200-500.000 unique keys, and perhaps even more. At the same time, such profiles are continuously changing, because they are not static. Consequently there can be no talk of any theft or forgery of such keys, even theoretically: impossible to fake something that changes dynamically each time it's used. Microsoft already makes these individual AIs.

    2. Danny 14

      Re: Wait, What?

      and fido keys are great until you need a mobile solution.

    3. X5-332960073452
      Stop

      Re: Wait, What?

      Do not use for security, something you cannot change !!!

      (Face, Finger, Voice, Etc.)

  8. ITS Retired

    What did Microsoft break?

    And when will it break from this? You know they did.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like