Password Policy: Store Passwords Using Reversible Encryption | Tony Bradley

Password Policy: Store Passwords Using Reversible Encryption

by Tony Bradley • July 31, 2009 • Configuring Vista Security

Enabling Store Passwords Using Reversible Encryption determines whether Windows stores passwords using reversible encryption.

Enabling this is essentially the same as storing passwords in plain text which is insecure and not recommended. The purpose of this policy setting is to provide support for applications that use protocols that require knowledge of the user’s password for authentication purposes. Enabling this policy setting should be a last resort used only in extreme situation where no alternative exists and application requirements outweigh the need to protect password information.

Store Passwords Using Reversible Encryption must be enabled when using CHAP (Challenge-Handshake Authentication Protocol)authentication through remote access or Internet Authentication Services (IAS). It is also required when using Digest Authentication in Internet Information Services (IIS).

Default: Disabled

Tags: application requirements, authentication, authentication protocol, authentication purposes, challenge handshake, digest authentication, Enabling, encryption, extreme situation, information, information store, internet, internet authentication services, internet information services, last resort, Password, passwords, Policy, protocols, Reversible, Store, store passwords

About Tony Bradley

Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

http://www.tonybradley.com
My Sites
Testimonials
"Tony's one of the rare security experts who's able to break down the crunchy geek-speak for people who aren't members of the priesthood. But, best of all, he doesn't fall for hype or B.S. - his readers can rely on him to do his research and know what he's writing about."
Marcus Ranum
Tenable Network Security
Twitter
- Facebook marketing may not be worth it for GM's $10 million, but that doesn't mean that Facebook ads don't work. It… https://t.co/4ilENa2T about 23 hours ago from ManageFlitter Reply Retweet Favorite
- Why Facebook Marketing Doesn't Work for GM. http://t.co/WN0RBkxa 03:04:01 PM May 16, 2012 from TweetDeck Reply Retweet Favorite
- New and Improved SkyDrive Is a Threat to Dropbox. http://t.co/7pblpuQ7 01:58:01 PM May 16, 2012 from web Reply Retweet Favorite
@thetonybradley
Facebook

Tony Bradley on Facebook