Windows 8 System Key Storage Provider Improves Security

When developing Windows 8, Microsoft faced an important challenge in helping users manage your data identity in a convenient and secure way.

Currently, one of the main ways people use to verify their digital identity is to use passwords to log in to computers, banks, web services, and more. Microsoft research found that in the US users, each PC user has about 25 online accounts, and these accounts have only six independent passwords, which means that each person will often use the same password to log in to different accounts.

On the one hand, it's easy to understand, it's hard to remember a lot of different passwords, especially some accounts that are not commonly used. However, password reuse is very welcome for hackers. If they can crack your password from a website, it means that it is very likely to use this password to log in to other accounts, saving a lot of effort. What's more, they can use your personal information to reset the passwords of your other accounts.

Obviously, the current username + password mechanism is not very secure. Microsoft wants to achieve a smooth, easy, and secure web experience, but remember that a long, complex password makes the web experience unpleasant, and it's not safe to use a short password. The ideal solution is to find a way to use all your digital identities easily and safely.

Microsoft believes there are two basic ways to deal with this challenge. First, let Windows help you manage your passwords. If you use a very complex and independent password when you visit each website, these passwords don't need you to remember, so it's much safer than using a password that is easy to remember but very simple. Hackers are not easy to start. It is.

The second method is to use other things instead of passwords to protect your identity. There are many alternatives to passwords, such as OTP (one-time password), certificates, smart cards, and so on. However, although these technologies have been around for a long time but have not been accepted by the public, one of the main reasons is that they are not easy to use and are not as easy to use as passwords.

In Windows 8, Microsoft provides a mechanism for securely storing usernames/passwords, introducing a technology that supports alternative authentication. These can help users enhance password security and use the latest and most powerful technology to protect your digital identity.

The disadvantages of passwords

Attackers will use a number of methods to get your passwords, the most common ones are:

— Fishing: Sending malicious Mail, misleading users to click on the link, reset password, etc. to get your password;

— Guess: guess based on user habits, personal information, etc.

— Technical crack: attacker You can download some data from the Internet (usually the hash value of the password) to crack your password;

— keylogger; if the attacker can successfully install a keylogger on your machine, then You can steal your username and password.

Complete password security and usability

There are many ways to protect your password from these types of attacks. The most important thing is to keep you at all times. The PC is safe and clean, ensuring no malware. Windows 8 includes a range of protection features such as Secure Boot, SmartScreen, and Windows Defender.

However, some attacks (such as guessing) are only protected by password strength, so you need to set a complex password for each account.

Windows 8 simplifies the difficulty of managing complex passwords in two ways. First, it automatically stores and retrieves multiple websites and passwords of the websites you visit and the applications you use. Of course, it is a protected way.

IE10 uses a certificate that stores the username and password of the website you are visiting. In addition, any developer can use an API to securely store and retrieve certificates when developing Metro style applications.

Second, log in to Windows 8 using your Windows Live ID. The advantage of this is that when you log in to Windows 8 with Windows Live ID, you can synchronize your authentication on all "trusted" Windows 8 computers.

When you log in to Windows with your Windows Live ID and store the relevant credentials, Windows 8 will automatically submit the certificate on your behalf without having to remember these complex passwords. If you want to view these passwords, you can go to any of the "trusted" PC's Authentication Manager.

Creating a simple password alternative

Although using complex passwords is not easy for an attacker to guess or crack, it can be phishing or Keylogger. However, there are many alternatives that can protect you from such attacks.

One is public/private key pairs, but although this technique is common, it still fails to replace traditional password logins. why? The main reason is that the powerful protection of a private key requires special hardware, such as hardware security modules (HSMs) and smart cards, which are often inconvenient to use.

However, some of the new features in Windows 8 make it easy for users and application developers to use public/private key technologies. Windows 8 uses a new Key Storage Provider (KSP), which is very useful for banking or commercial applications because it provides a very powerful protection that protects users from the common on the web today. Identity attack.