diff --git a/doc/faq.but b/doc/faq.but
index 4dd1166b..6fc174a8 100644
--- a/doc/faq.but
+++ b/doc/faq.but
@@ -423,6 +423,56 @@ You can ask PuTTY to delete all this data; see \k{faq-cleanup}.
 On Unix, PuTTY stores all of this data in a directory \cw{~/.putty}
 by default.
 
+\S{faq-trust-sigils} Why do small PuTTY icons appear next to the login
+prompts?
+
+As of PuTTY 0.71, some lines of text in the terminal window are marked
+with a small copy of the PuTTY icon (as far as pixels allow).
+
+This is to show trustworthiness. When the PuTTY icon appears next to a
+line of text, it indicates that that line of text was generated by
+PuTTY itself, and not generated by the server and sent to PuTTY.
+
+Text that comes from the server does not have this icon, and we've
+arranged that the server should not be able to fake it. (There's no
+control sequence the server can send which will make PuTTY draw its
+own icon, and if the server tries to move the cursor back up to a line
+that \e{already} has an icon and overwrite the text, the icon will
+disappear.)
+
+This lets you tell the difference between (for example) a legitimate
+prompt in which PuTTY itself asks you for your private key passphrase,
+and a fake prompt in which the server tries to send the identical text
+to trick you into telling \e{it} your private key passphrase.
+
+\S{faq-plink-pause} Why has Plink started saying \q{Press Return to
+begin session}?
+
+As of PuTTY 0.71, if you use Plink for an interactive SSH session,
+then after the login phase has finished, it will present a final
+interactive prompt saying \q{Access granted. Press Return to begin
+session}.
+
+This is another defence against servers trying to mimic the real
+authentication prompts after the session has started. When you pass
+through that prompt, you know that everything after it is generated by
+the server and not by Plink itself, so any request for your private
+key passphrase should be treated with suspicion.
+
+In Plink, we can't use the defence described in \k{faq-trust-sigils}:
+Plink is running \e{in} the terminal, so anything it can write into
+the terminal, the server could write in the same way after the session
+starts. And we can't just print a separator line without a pause,
+because then the server could simply move the cursor back up to it and
+overwrite it (probably with a brief flicker, but you might easily miss
+that). The only robust defence anyone has come up with involves this
+pause.
+
+If you trust your server not to be abusive, you can turn this off. It
+will also not appear in various other circumstances where Plink can be
+confident it isn't necessary. See \k{plink-option-antispoof} for
+details.
+
 \H{faq-howto} HOWTO questions
 
 \S{faq-login}{Question} What login name / password should I use?