Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect your password from being stolen, or phished, on malicious sites and apps pretending to be safe.
If you sign into Windows 11 using a password, Enhanced Phishing Protection alerts you if you type that password into a malicious website or into an application connecting to a known malicious site. Enhanced Phishing Protection helps protect your password in four ways:
-
If you type your Microsoft account password into a site that SmartScreen finds malicious, Enhanced Phishing Protection will alert you. It will also prompt you to change your password so attackers can't gain access to your account.
-
Reusing the same password makes it easy for attackers who compromise your password to gain access to your other accounts. Enhanced Phishing Protection can warn you if you reuse your Microsoft account password on other sites or apps and prompt you to change your password.
Tip: For an engaging short story about the dangers of password reuse see Cameron learns about reusing passwords.
-
Since it's unsafe to store your password in text editors, Enhanced Phishing Protection can warn you if you type your password into Notepad or a Microsoft 365 Office application like Word or OneNote.
-
If you type your Microsoft account password into a website or app that SmartScreen finds suspicious, Enhanced Phishing Protection can automatically collect information—such as content displayed, sounds played, and application memory—from that website or app to help identify security threats.
Configure Enhanced Phishing Protection settings
You'll find Enhanced Phishing Protection's settings in the App & browser control panel of the Windows Security app. The fastest way to get to it is to follow these steps:
-
Tap the start button and type reputation into the search box that appears
-
Select Reputation-based protection from the search results.
Once the app is open, scroll down to Phishing protection and select the settings you want. By default, you are only protected against entering your password into malicious content.
Known Issues
-
Currently only the typed password used to sign into Windows 11 can be protected.
We're listening!
If you have any feedback or suggestions, you can share them with us in the Feedback Hub. Open the Feedback Hub app from the Start menu (or just press Windows Key + F) and when you get to the part where it asks what category your feedback is for select Security and Privacy > Microsoft Defender SmartScreen.
Learn more
Create and use strong passwords
How to go passwordless with your Microsoft Account