Windows 11 gets phishing protection boost and SHA-3 support

Microsoft announced that the new Windows 11 build rolling out to Insiders in the Canary channel comes with increased protection against phishing attacks and support for SHA-3 cryptographic hash functions.

Enhanced Phishing Protection is a Defender SmartScreen feature introduced with the release of Windows 11 22H2 in September 2022 and is designed to protect user credentials against phishing attacks.

Until now, it worked by warning users not to reuse school or work passwords, not to store them in plaintext in Notepad or Office documents, and not to type them into sites tagged as malicious by the SmartScreen anti-phishing and anti-malware Windows Security feature.

While phishing protection is enabled by default on Windows 11 22H2 systems, the password protection options are disabled but can be enabled from Start > Settings > Privacy & security > Windows Security > App & browser control > Reputation-based protection settings.

Under the 'Phishing protection' section, you can toggle on the 'Warn me about password reuse' and 'Warn me about unsafe password storage' options.

​Starting today, on Windows 11 Insider Preview Build 25324, Insiders will be warned not to copy-paste passwords on unsafe sites and apps.

"Starting in Windows 11, version 22H2, Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps," Microsoft's Amanda Langowski and Brandon LeBlanc said.

"We are trying out a change starting with this build where users who have enabled warning options for Windows Security under App & browser control > Reputation-based protection > Phishing protection will see a UI warning on unsafe password copy and paste, just as they currently see when they type in their password."

This feature will gradually become available to Insiders in the Canary Channel as its rollout has just begun today.

​Microsoft also announced support for SHA-3 cryptographic hash functions introduced with this Windows 11 Canary build through the Windows CNG library.

"Starting with this build, we are adding support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC)," Langowski and LeBlanc added.

"The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST)."

The list of supported functions and algorithms added in today's Windows 11 Insider build includes:

SHA-3 hash functions: SHA3-256, SHA3-384, SHA3-512 (SHA3-224 is not supported) SHA-3 HMAC algorithms: HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 SHA-3 derived algorithms: extendable-output functions (XOF) (SHAKE128, SHAKE256), customizable XOFs (cSHAKE128, cSHAKE256), and KMAC (KMAC128, KMAC256, KMACXOF128, KMACXOF256).

Earlier this month, Microsoft announced that it would try to enable Local Security Authority (LSA) protection by default and add a new USB4 troubleshooting page on devices running recently released Windows 11 Insider builds.