Leo Laporte (6:27)

This episode of Hands on Windows brought to you by Threat Locker. We love Threat Locker. Ransomware is killing businesses worldwide. You know that. But Threat Locker is amazing. It can stop it before it starts. Recent analysis from Threat Locker shows how one operation, just one of hundreds of ransomware operations. This one is Chi Lin. It surged in 2022. They had about 45 incidents. Last year, more than 800.

Paul Thurrott (6:57)

Wow.

Leo Laporte (6:58)

That's a 200% increase, right? If my math is right. ThreatLocker Zero Trust Platform takes a proactive deny by default approach to block every unauthorized action. That's, by the way, that's the key to the whole Zero Trust platform. Deny by default. If an action isn't authorized, if that user is not allowed to do that thing, it doesn't happen. Which means it protects you not only from known threats, but completely unknown threats. It stops lateral movement. It stops zero days because you haven't approved it, right? You didn't say yes. Threatlockers innovative ring fencing, that's what they call it constrains tools and even remote management utilities. That means attackers just can't weaponize them. They don't get lateral movement, they can't get mass encryption. They are stopped cold. It really works in every industry. By the way. Macs and PCs, they get. You get 24, seven fabulous support from their US based support pros, engineers who really know what they're talking about. Let me give you some examples. Emirates Flight Catering, they use Threat Locker. That's a global leader in the food industry. 13,000 employees. Big company Threat Locker gave full control of apps and endpoints, improved compliance and delivered seamless security with strong IT support. Listen to what the CISO of Emirates Flight catering said about ThreatLocker. Quote, the capabilities, the support and the best part of ThreatLocker is how easily it integrates with almost any solution. Other tools take time to integrate, but with ThreatLocker it's seamless. That's one of the key reasons we use it. It's incredibly helpful to me as a ciso. That's the CISO for Emirate Flight Catering. But that's not the only company that uses it. Companies that can't afford to be shut down by ransomware like JetBlue, Heathrow Airport, they'd had problems in the past, they weren't going to let it happen again. The Indianapolis Colts, the Port of Vancouver, they all use Threat Locker. Threat Locker consistently receives high honors in industry recognition, G2, high performer and best support for enterprise. Summer 2025 peer spot ranked number one in application control. Get App's best functionality and features award in 2025. Visit threatlocker.com twit get a free 30 day trial. Learn more how ThreatLocker can help you mitigate unknown threats and Ensure compliance. That's threatlocker.com TWIT now one more thing to say. We're going to be going down to Zero Trust World Threat Locker's annual conference. It's March in Orlando. Steve Gibson and I are going to be doing a presentation. Richard Campbell's coming down. Paul, by the way, I'm trying to get Paul to come down. He hasn't said yet, but Richard Campbell's coming down. So he's gonna go down there doing some interviews but also he'll be doing Windows Weekly from down there and you could be there. We'd love to see you. For a limited time, use the code ztwit26 to save 200 off registration for Zero Trust World 2026. That's z ztw twit26 to save $200 and you get the full, you know, McGilla. You get access to all the sessions, you get hands on hacking labs, you get meals, you get an after party. It's the most interactive hands on cybersecurity learning event of the year. March 4th through 6th, Orlando, Florida. Bring the kids, they can go to Disney World while you're learning and save some money when you register with the code. ZTW twit 26. ZTW twit 26. Thank you threat locker. Now back to Paul.

Paul Thurrott (10:40)

Okay, so let's look at the Microsoft Password Manager. So this is Microsoft's portable passkeys solution. To access this you have to use Microsoft Edge of course, because that's what Microsoft does. So I don't typically use this myself for. Well maybe I think there are obvious reasons, maybe you're not sure, but if I go into the Microsoft Edge settings interface, I will have to turn this thing on. Right. So I'm going to use the Microsoft Password Manager when I say passwords and passkeys in this browser and there are additional settings related to this that you probably do want to turn on. The default here is fine. It's going to ask and then these things are not really related to passwords, passkeys. I'll leave those around. Hello, I will leave those alone but you might actually want to take a look at those if you're using Edge. It's worth going through this but I'm just doing this to kind of demonstrate how this works. So as before, I'll go to that same Google account website, why not? And same thing, secure. Oh, I'm in the wrong type of account. So let me get to my Gmail account. Not my workspace, account security and sign in and nope, not passwords. Paul, pass keys, same as before. It's going to verify me now in this case I actually have a third party password manager doing passkeys and so that's actually a little bit of a problem because I don't want to. I want to save a passkey somewhere else but I'm going to let that go through. Normally I would get that phone based experience like we saw before if you weren't using a third party password or passkey manager. But it's okay because when we go to create a passkey we're going to say yes and we could use another device. But I want to, yeah, it's going to go to this default but then we're going to get this choice. So this is what you would see normally if you didn't have a password, another password or passkey manager installed, right? You're going to be able to do this through the Microsoft Password Manager, which is that thing built into Edge, right? That is portable or Windows hello, which means a device bound pass key that is going to be specific to this computer. So I will actually just save it to there. It works like it did before. I already have a passkey saved, so I didn't save it. But that's the interface. So it's really just like the other thing. It's just that now when I use edge on say my iPhone or my Android phone or whatever, I can configure that to be the autofill provider and it will work, right? And so that makes this passkey portable. That passkey is not locked to this computer. It's going to go up to the cloud and go wherever I am. And so that's actually pretty useful. The third party password manager integration is interesting. I'm going to talk about this a little bit more in the next episode about why maybe it's not as necessary as it seems, but you can install the desktop app for 1Password or Bitwarden today and then there'll be more in the future and it can integrate into Windows 11. So let me show you what that looks like. I've already installed that app. I've installed one password in this case. So if I go to that same interface from before, which is accounts and then passkeys, you'll see this advanced options. And I have the option to enable that app that I just installed. Right? So if I had multiple apps, you might see multiple apps here. It keeps wanting to do a PIN for some reason, but I will do a camera, facial recognition. And once this is enabled, there's a second option that becomes available but is disabled by default. Save passkeys to this Windows device. In this case, I would want to leave this off. The point of enabling this is that you're not going to save them to the local device, but this will give you the option to do that if you want it. I can't imagine why you would want that, but maybe you want the choice. So now this is enabled. All right, so let me see. I will go. I think in this case I could probably use. I could probably use any browser. It shouldn't matter, right? Because this is at the system level, right? Because I have the 1Password app installed. I'm already here, but I will go back Out. I'll just use the Google thing again because now we all understand how this site works. But now I'm going to go in here security and sign in pass keys and create a passkey. And now you can see it's the same dialog as before. But now it says this will be saved to 1Password. Right? Because I've integrated it with this passkey functionality in Windows. That is what I want. However, you can also click change and go through these other options if you want. Interestingly because I didn't enable that second option right in Advanced Options, what I'm not seeing here is that it would say Windows hello, like save to this device. I've disabled the mic. Well, I'm not using Microsoft Edge, so I can't see the Microsoft Edge Microsoft Password Manager. So these are the only choices I get. Obviously what I do want to do is one Password. Now I haven't really signed it, I'm not going to enter my password here. But typically what you would get is whatever UI that the app has. So in this case you're seeing that normally you would just sign in with Windows, hello, whatever, but I haven't, I just haven't configured that. It doesn't matter. But the point is you can save that pass key now to 1Password and now it's portable. 1Password is a third party password manager, has many additional features over what, you know, the Chrome Password Manager, the Microsoft Password Manager, whatever the in house, you know, kind of first party password managers have, there's a lot more going on there, so it's good for that. But it's also available everywhere and that means that you can bring up the 1Password app on your phone, install it as the autofill provider. If you created a passkey in this computer, it will be available on all your other devices and vice versa. So that's the built in Windows 11 passkey functionality as of today. Right. I think the big thing that's going to change is you'll see more passkey providers come in over the course of this year. But I still feel really strongly that you should use a third party password passkeymanager. And so in the next episode we're going to take a look at that. I'm going to show you how I manage passkeys and then you can see what it looks like to access an account online. Whether it's in an app or a website, it doesn't really matter using a passkey instead of a password. So we'll do that next time. Thank you so much for watching. We'll have a new episode next week as we always do on Thursday. You can learn more about Hands on Windows at TWIT tv. H o W thank you so much for watching. Thank you especially to our Club TWIT members. We love you. If you're not a member, please check out the program at TWiT TV. Club TWiT. Thanks. I'll see you next week.

Leo Laporte (17:37)

Hey everybody, it's Leo laporte. Are you trying to keep up with the world of Microsoft? It's moving fast, but we have two of the best experts in the world, Paul, you thank and Richard Campbell. They join me every Wednesday to talk about the latest from Microsoft on Windows Weekly. It's not a lot more than just Windows. I hope you'll listen to the show every Wednesday. Easy enough. Just subscribe on your favorite podcast client to Windows Weekly or visit our website at TWiT TV www. Microsoft's moving fast, but there's a way to stay ahead. That's Windows Weekly every Wednesday on Twitter.

Paul Thurrott (18:12)

Sam.