How to protect passwords enabling phishing protection on Windows 11

Windows 11 detects and warns you about phishing attacks, and here's how to turn on the feature.

Windows 11 phishing protection
Windows 11 phishing protection

On Windows 11, you can now enable “Enhanced Phishing Protection,” a new security feature that can protect your passwords from malicious sites or applications.

The feature is available on version 22H2 and higher, and when enabled, it can protect you in at least three ways. It’ll show you a warning when it detects you entered your account password on an untrusted site or application. The Enhanced Phishing Protection feature will alert you when trying to save passwords in plain text on an application and reusing passwords on other accounts since it makes it easier for hackers to steal your information.

This guide will teach you the steps to set up the phishing protection security feature on Windows 11 22H2 and higher releases.

Enable Enhanced Phishing Protection on Windows 11

To enable phishing protection on Windows 11, use these steps:

  1. Open Settings on Windows 11.

  2. Click on Accounts.

  3. Click the Sign-in options tab.

  4. Under the “Additional settings” section, turn off the “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device” toggle switch.

    Disable Window Hello

    Quick note: The security feature only works when using a password, which means you have to disable Windows Hello before enabling phishing protection.
  5. Under the “Ways to sign in” section, select the active Windows Hello option (Facial recognition, Fingerprint recognition, or PIN).

  6. Click the Remove button.

  7. Click the Remove button again.

  8. Confirm your Microsoft account password.

  9. Click the OK button.

  10. Open Windows Security.

  11. Click on App & browser control.

  12. Click the “Reputation-based protection settings” option.

    Reputation-based protection settings

  13. Turn on the “Phishing protection” toggle switch to enable the security feature.

    Enable phishing protection

  14. Check the “Warm me about malicious apps and sites” option to display a warning when on an untrusted website or program.

  15. Check the “Warm me about password reuse” option to avoid using the same password when creating a new account or updating the information on a website or program.

  16. Check the “Warm me about unsafe password storage” option to warn you not to save a password in plain text in a text editor.

Once you complete the steps, the “Enhanced Phishing Protection” feature will warn you when entering a password on an untrusted application or website with the option to change the password to reduce the chances of someone gaining unauthorized access to your account. The feature works on a Microsoft account, local account, Active Directory, or Azure Active Directory.

You will also get a warning when trying to reuse a password or save passwords in a text editor or Office apps since these applications do not offer any protection for your credentials.

About the author

Mauro Huculak is a Windows How-To Expert who started Pureinfotech in 2010 as an independent online publication. He has also been a Windows Central contributor for nearly a decade. Mauro has over 15 years of experience writing comprehensive guides and creating professional videos about Windows and software, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 21 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me. Email him at [email protected].