Is there an equivalent of the OS X Keychain, used to store user passwords, in Windows? I would use it to save the user's password for a web service that my (desktop) software uses.
From the answers to this related question (Protecting user passwords in desktop applications (Rev 2)) and the multitude of third party password storage tools available, I assume that such a thing doesn't exist-- Am I stuck with either asking for the password each time I access the web service, or just storing it obfuscated?
Users caught between Apple and Microsoft may now have an easier time managing passwords: it looks like iCloud Keychain is coming to Windows 10 as a Chrome extension (via MacRumors). It's already in the iCloud for Windows 10 app, but there's just one small problem: the Chrome Extension isn't available yet.
Microsoft is bringing its own password management system for Android and iPhone models as a part of the latest Microsoft Authenticator app. The company is extending the same support for Windows and macOS-running PCs with a new Autofill extension for Google Chrome browser.
On your Windows computer, open iCloud for Windows, select Passwords, then click Apply. You can manage your passwords in the iCloud Passwords app. If you want to use the iCloud Passwords extension in a web browser, click Install Extension next to the browser's name, then follow the onscreen instructions.
It is year 2018, and Windows 10 has a "Credential Manager" that can be found in "Control Panel"
The "traditional" Windows equivalent would be the Protected Storage subsystem, used by IE (pre IE 7), Outlook Express, and a few other programs. I believe it's encrypted with your login password, which prevents some offline attacks, but once you're logged in, any program that wants to can read it. (See, for example, NirSoft's Protected Storage PassView.)
Windows also provides the CryptoAPI and Data Protection API that might help. Again, though, I don't think that Windows does anything to prevent processes running under the same account from seeing each other's passwords.
It looks like the book Mechanics of User Identification and Authentication provides more details on all of these.
Eclipse (via its Secure Storage feature) implements something like this, if you're interested in seeing how other software does it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With