Password Improvements Coming To Windows 8
When I first read that Microsoft made the decision to improve Windows 8's credentials feature I was all excited about it. Who would not want a built-in password manager that would be tied automatically to the user account of the system? But as I read on I noticed that the improvements are rather limited. Lets take a look at what Microsoft has in store in this regard.
Windows 8 can be used to store and retrieve "multiple account names and passwords for all the websites and applications you use". This was the part that got me excited. The next sentence however puts a serious dent into this excitement. Why? Because the credentials manager is limited to Microsoft's Internet Explorer 10 (Metro style apps can use it to store and remember app specific passwords). If you are using a different browser, you can't use and won't benefit from the feature at all.
Windows 8 simplifies the task of managing unique and complex passwords in two important ways. The first is by providing a way to automatically store and retrieve multiple account names and passwords for all the websites and applications you use, and do so in a protected manner. Internet Explorer 10 uses the credentials that we store to remember names and passwords for websites you visit (if you choose). In addition, anyone building a Metro style app can use a direct API to securely store and retrieve credentials for that app. (It is important to note that IE respects instructions from websites about saving your credentials – some websites specifically request that passwords not be saved.)
The way the feature is integrated is also inferior to password managers like KeePass or LastPass, which offer auto-sign in or one-click sign in technologies. With Windows 8 and Internet Explorer 10, neither auto-filling of the username and password fields are supported nor automatic log ins. Internet Explorer users have to type in the first character of the username to get a list of matches for that particular sign-in form. A better option would be to auto fill unless there is more than one identity available for the active web service.
Another point of criticism is that Windows still does not have a unified password storage. Users could benefit greatly from a single storage location that would store passwords for FTP servers, HomeGroups, Bitlocker, wireless keys or Outlook in one place.
You can read more about the planned implementation over at the Building Windows 8 blog.
Advertisement
I’d prefer to use RoboForm this doesn’t seem safe
The downside is that only IE and metro apps benefit from it. I don’t plan to upgrade to 8 anyway, but even when I do it would like to use a browser of my choice. (And mail-client)
First I thought cool a “keyring” like Linux got. (I’m not using Linux, but I check some builds from time to time) Then, maybe a password manager replacement/alternative… but it isn’t.
I don’t use autofill and autologin, but those features are nice to have.
Sounds like something that could be a target.