Microsoft has announced that the new Windows 11 build, rolling out to Insiders in the Canary channel, will provide enhanced protection against phishing attacks and support for SHA-3 cryptographic hash functions. The Enhanced Phishing Protection is a Defender SmartScreen feature designed to protect user credentials against phishing attacks.
The feature will be gradually made available to Insiders in the Canary Channel as the rollout has just begun.
This feature was introduced with the release of Windows 11 22H2 in September 2022, and it worked by warning users not to reuse school or work passwords, not to store them in plaintext in Notepad or Office documents, and not to type them into sites tagged as malicious by the SmartScreen anti-phishing and anti-malware Windows Security feature.
Phishing protection is enabled by default on Windows 11 22H2 systems, but password protection options are disabled.
These options can be enabled from the settings. Insiders will be warned not to copy-paste passwords on unsafe sites and apps.
This warning will be enabled for users who have enabled warning options for Windows Security under App & browser control > Reputation-based protection > Phishing protection.
Users will see a UI warning on unsafe password copy and paste, just as they currently see when they type in their password.
Microsoft has also announced support for SHA-3 cryptographic hash functions introduced with this Windows 11 Canary build through the Windows CNG library.
The SHA-3 family of algorithms is the latest standardized hash functions by the National Institute of Standards and Technology (NIST). The list of supported functions and algorithms added in today’s Windows 11 Insider build includes SHA-3 hash functions, SHA-3 HMAC algorithms, and SHA-3 derived algorithms.
Earlier this month, Microsoft announced that it would try to enable Local Security Authority (LSA) protection by default and add a new USB4 troubleshooting page on devices running recently released Windows 11 Insider builds.
These new features aim to provide better security to users and prevent cyberattacks, phishing, and other malicious activities.
