Microsoft revealed on Wednesday that it’s planning a password store for Windows 8, negating the requirement for applications such as 1Password and LastPass.
Microsoft has tried a number of methods over the years to improve password management in Windows. The latest operating system, due to make its debut next year, will feature two password stores that keep web credentials and Windows credentials safe. Windows 8 will automatically store and retrieve passwords for websites and applications. Application and website developers can build support for storing passwords or disable the functionality. “Anyone building a Metro style app can use a direct API to securely store and retrieve credentials for that app,” explained Microsoft’s Dustin Ingalls in a blog post detailing the new features on Wednesday.
Microsoft is also planning to link the saved passwords into its cloud sync support. Windows 8 will feature the ability to link Windows Live IDs and Windows accounts together. Saved credentials will automatically sync between trusted Windows 8 PCs that belong to a particular Windows Live ID. “When you store credentials in conjunction with signing in to Windows with your Windows Live ID, Windows enables you to set your password for each account to something that is both complex and unique; since Windows 8 will automatically submit the credential on your behalf, you’ll never need to remember it yourself,” explains Ingalis. Windows 8 users will be able to view their passwords and usernames to websites from the credential manager. Windows 8′s credential manager builds on Apple’s Keychain idea but pushes the implementation further. The cloud sync support for passwords will make it incredibly easy for users of multiple machines to keep their devices fully synced.
The final part of Microsoft’s password improvements for Windows 8 sees the company introduce the ability for the TPM computer chip to act as a virtual smart card. This solution will appeal to business and enterprise customers who regularly have to access banking and commerce sites using a specially assigned smart card. The virtual smart card feature removes the requirement for a physical smart card and takes advantage of the TPM chip inside. “The virtual smart card feature can be used in place of existing smart cards with any application or solution that is smart card compatible,” explains Ingalis. “No server or application-side changes are required.”