Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows equivalent of OS X Keychain?

Is there an equivalent of the OS X Keychain, used to store user passwords, in Windows? I would use it to save the user's password for a web service that my (desktop) software uses.

From the answers to this related question (Protecting user passwords in desktop applications (Rev 2)) and the multitude of third party password storage tools available, I assume that such a thing doesn't exist-- Am I stuck with either asking for the password each time I access the web service, or just storing it obfuscated?

like image 323
dF. Avatar asked Jan 14 '09 13:01

dF.


People also ask

Does Windows 10 have keychain?

Users caught between Apple and Microsoft may now have an easier time managing passwords: it looks like iCloud Keychain is coming to Windows 10 as a Chrome extension (via MacRumors). It's already in the iCloud for Windows 10 app, but there's just one small problem: the Chrome Extension isn't available yet.

Does Microsoft have a keychain?

Microsoft is bringing its own password management system for Android and iPhone models as a part of the latest Microsoft Authenticator app. The company is extending the same support for Windows and macOS-running PCs with a new Autofill extension for Google Chrome browser.

How do I access keychain in Windows?

On your Windows computer, open iCloud for Windows, select Passwords, then click Apply. You can manage your passwords in the iCloud Passwords app. If you want to use the iCloud Passwords extension in a web browser, click Install Extension next to the browser's name, then follow the onscreen instructions.


2 Answers

It is year 2018, and Windows 10 has a "Credential Manager" that can be found in "Control Panel"

like image 94
Mikser Avatar answered Oct 04 '22 16:10

Mikser


The "traditional" Windows equivalent would be the Protected Storage subsystem, used by IE (pre IE 7), Outlook Express, and a few other programs. I believe it's encrypted with your login password, which prevents some offline attacks, but once you're logged in, any program that wants to can read it. (See, for example, NirSoft's Protected Storage PassView.)

Windows also provides the CryptoAPI and Data Protection API that might help. Again, though, I don't think that Windows does anything to prevent processes running under the same account from seeing each other's passwords.

It looks like the book Mechanics of User Identification and Authentication provides more details on all of these.

Eclipse (via its Secure Storage feature) implements something like this, if you're interested in seeing how other software does it.

like image 28
Josh Kelley Avatar answered Oct 04 '22 18:10

Josh Kelley