Photo: Wachiwit (Shutterstock)
Your PC’s password is not something to be shared lightly. It’s the keys to your kingdom: From work, to social media, to banking, your whole world is likely accessible from your Windows machine. Consequently, Microsoft is begging us to not be idiots who will hand our passwords over to anyone who asks. But they know some of us will, which is why they’ve recently rolled out some powerful features to protect us from ourselves.
How bad actors steal your PC’s password
The issue comes down to phishing, or tricking someone into handing over personal digital information, such as their PC’s password. Scammers are getting very good at pulling this information out of unsuspecting victims, moving way past the traditional tactics that come off as hokey and obvious these days. One strategy is to create websites that look just like the ones you’re trying to log into, but are totally fake. Even if you realize the scam in time and don’t hit the log in button, sometimes even typing your password into these sites is enough for hackers to steal it. While that’s never a good thing, it’s even worse if the password you use for Facebook is the same one you use for your computer. Now, bad actors know how to log into your machine.
Another issue involves insecure password storage. If you keep all your passwords in a standard Word or Excel file, for example, you leave yourself vulnerable to data theft. You should only store your passwords in password-protected and encrypted sources, and never a standard document anyone can read.
While the personal risk is strong, so, too, is the risk to companies and networks. Hackers have breached huge institutions thanks to weak or leaked passwords. Sometimes access to one user’s machine is enough to trigger a complete security meltdown.
G/O Media may get a commission
How Microsoft is helping to protect your Windows password
With last week’s big Windows 11 2022 update, Microsoft has issued new weapons to defend you against PC password theft. The first is an alert that pops up whenever you use your Windows login password with another website. The hope is to discourage you from using your PC’s password with any other service. If the site you’re “logging into” is actually a phishing site, hackers will now know your PC’s password, but even a legitimate site can experience a password leak. The second option warns you whenever you enter your password in a program where it isn’t safe to store. Microsoft is trying to discourage you from keeping your passwords in apps like Word or Notepad, since they don’t offer the same protection as a true password manager.
How to enable Microsoft’s new password protection protocols
For some reason, these password protection options are not enabled by default, and they’re pretty buried in Settings at that. In order for them to work, you’ll need to log into your computer with your Windows password instead of Windows Hello. They will not work if you use a PIN to sign into your PC, so you’ll need to turn that option off first. (Go to Start > Settings > Accounts > Sign-in options, choose the Windows Hello method you want to disable, then choose “Remove.”)
Next, open the Start menu > Settings > Privacy & security > Windows Security > App & browser control > Reputation-based protection settings. Check Phishing protection, which should be set to “On” already. The other options to focus on are “Warn me about password reuse,” and “Warn me about unsafe password storage.” Turn on both and you’ll receive alerts whenever you enter your password in an unsafe app.