Paul Thurrott

Coming up next on Hands on Windows, we're going to take a look at the Microsoft Password Manager. This is the Microsoft Password management solution, of course, and it's sort of built into Windows 11.

Leo Laporte

Podcasts you love from people you trust. This is twit.

Paul Thurrott

Hello everybody and welcome back to Hands on Windows All Thurad. And we're continuing the two parter that I'm doing here about password management and Windows 11. So last week we looked at third party password managers and just password managers in general, the basics of setting up or moving to a new one, the necessity of getting rid of your passwords from your other password managers, all that kind of stuff. So this week, bring it back home a little bit. We will look at what password management looks like in Windows 11 and it doesn't look like much because Windows 11 itself, the actual operating system, does not have built in password management capabilities. You may remember that it does have built in password management capabilities. But for. I'm sorry, I want to make sure I got that right. Built in passkey management capabilities, but for passwords or really identity management. Right. As we discussed last week, Microsoft relies on the Microsoft Password Manager which is built into Microsoft Edge, the web browser. So as with Chrome, if you go in here, and in this case it is passwords in autofill, you can see this link for the Microsoft Password Manager. Now I don't normally use this, I use a third party password manager, but I have used this in the past, which you can see because I have all these accounts still sitting here like an idiot. Exactly what I'm telling you not to do. And I have put everything kind of back together again, if that makes sense. Normally I disable all this. If you're going to not use this but still use Edge, you should go into all three of these and turn off all the options related to auto filling your information. Right? But I've turned them back on so that Edge will kind of work as if not God. Then at least Microsoft intended. So now it will ask to save passwords and pass keys. Those pass keys will actually be saved to the local device, which isn't super great, they're not super portable, but it will, it will do that for you. Okay, so this is configured, you know, correctly in Microsoft's Dare the World. And again, not what I would do. But after this break, we'll take a look at what it means to actually use this thing in Windows 11.

Leo Laporte

Hey, Paul. Hey everybody. This episode of Hands on Windows brought to you by this baby right here. This is the thinkst Canary. This thing is dynamite. Look at it. What do you think that is? Is that an external USB drive? It's about that size, but you know what? It's not. See that? That's an ethernet jack. Because this, this goes on your network. This is a honey pot. This thing's Canary Honeypot. It's so well designed, it can be deployed in minutes and it can represent almost anything under the sun. A Linu, a SharePoint server, Windows Server. It could be. Well, it could even be a SCADA device. Or mine's a Synology nas. It could be an SSH server. The key is it looks identical to those things right down to the Mac address, but it's not. If somebody accesses a malicious insider or a hacker in your network accesses this thing, you're going to know instantly. It could also create files. This is really cool. Little trip wires, lures you can put everywhere inside your network. You can put them on your cloud drives and if somebody tries to open them, they can be spreadsheets. I have a spreadsheet on my Google Drive called payroll information. Hackers look for those. That's a good one. It could be a wire guard configuration. Be almost anything. But the minute somebody opens those files or accesses your brute forces, your fake internal SSH server, your thinks Canary is going to tell you you have a problem. No false alerts, just the alerts that matter. You can get them via email. Slack, it supports webhooks. You could have it in your discord. You could have it anywhere you want. Syslog. Of course, on your console you just choose a profile for your thinkscanary device. So easy to do, you could change it daily if you want, register with the hosted console for monitoring and notifications, and then you sit back and wait. An attacker who's breached your network, an evil made any adversary will make themselves known. They can't but help it. This is what they're looking for. They're looking to get into that key file with all that information. They access your things. Canary, you're going to know. Now, how many should you get? Well, you certainly should have one for every network segment. You should have one for every branch office. A large bank might have hundreds or thousands of them. Small operation like ours, just a handful. Let me give you an example. Go to Canary Tools Twit if you wanted five thinks Canaries, one for every network segment, every VLAN, $7,500 a year. You get your own hosted console. You get upgrades, you get support, you get maintenance. All that's covered. Oh, and One other thing. If you use the code TWIT in the how did you hear about us? Box, you're going to get 10% off your thinkscanary. And not just for the first year, but for as long as you own it. Here's another good thing. You can always, you know, if you're at all worried and at all skeptical, whatever, you can always return your thinkscanary. You've got two whole months a 60 day money back guarantee and you'll get a full refund. Now, I have to tell you, that might be reassuring, but during all the years, almost a decade now that we've partnered with thinkscanary, that refund guarantee has never been claimed. No one's ever asked for their money back. Because once you get one of these, you're going to say, how did I live without it? Visit Canary Tools Twit Enter the code TWIT in the how did you hear about us? Box. The Thinkst Canary Canary. Forget the offer code twit to save 10%. Now back to Paul at Hands on Windows.

Paul Thurrott

Okay, so welcome back. If you are going to use the Microsoft Password Manager to manage your passwords, again, don't necessarily recommend that, but what this means is you'll need to install Microsoft Edge on your phone as well and your tablet. If you're doing it that way, go into Settings and enable Edge as your autofill provider. Right. I can't really show you that. It's, it's. But it's not super difficult to do even if you're. Well, no, I was gonna say even if you're not gonna use Edge on, on phone, you might want to do that. Actually, that's one of the big limitations of this I mentioned last episode. You want your password manager to be available everywhere. This is available everywhere. Edges. Right. And so you could, you could not, I should say, use Chrome on mobile or Safari on mobile with the Microsoft Password Manager. Right. You have to actually use Edge. It would work throughout the system, honestly. But as far as the browser goes, you know, you couldn't use those browsers on desktop. You couldn't use them on like say a Mac or Linux or whatever. They're kind of locked inside of Edge, at least on desktop. So that's a little bit of a limitation. Okay. So in the last episode I went to Spotify and I had created an account there previously. Let's see if I can get this thing to come up. So the, the interface here is the basic one. So your password manager, if you have a third party password manager, is probably Gonna have a slightly nicer UI than this. But I have two sign ins associated with Spotify here for some reason. But actually I believe those are both the same account. Not that it matters. And so that's how this kind of autofill thing will work. This is what it looks like. It's pretty basic if you recall last week, you know, for example, when I go here, it's going to probably send me a code to my email. So I'm not going to actually do that. But that's kind of how that works. If you were to go to Spotify and say, well, actually I want to create a new account, right, which is something I'd done previous to last show. But if I just go in here and say something like, you know, Bob, this is not a real account, but whatever. And now you get to this Create password screen. This is where the Microsoft Edge, I should say the Microsoft Password Manager password. Yes, the Microsoft Password Manager falls short. It will auto try to autofill passwords already have saved. But what it's not doing and what most third party password managers do is provide a complex password for you. Right? So I'm trying to create an account. I want this thing to be complex. It's not something I should have to remember because it's going to be in the password manager. I'll always have that. It's going to be everywhere and it's nothing, right. And so I would have to sit here and type, you know, some crazy password. I just type garbage and see what it is. And that to me is, you know, one of those, one of those big problems. And so to me this is not the greatest solution in the world. This is why I don't recommend it. But if you are going to use Microsoft Edge, if you're going to stick to the Microsoft ecosystem, that's where your head is at. You need to do the same checkup on all your accounts. And actually Microsoft Azure. So the Microsoft Password Manager has an okay interface for finding reused and weak passwords, at least. And that's good, right? And so you're supposed to, you know, have a unique password in each for each, every account. The thing I really like about this though is that it has this change link and that's actually something you don't see in Proton Pass. So when I click this, it's going to go to the place on that account's website where I can change the password. It's in Spanish, sorry, because we're in Mexico here today. But that's actually a pretty useful feature and so if you were using this and you wanted to move to a different password manager, it might be worth going through this first and just using it for that. What you're not getting here is the kind of dark web protections you're not getting notifications for. If there's two FA or passkey support for one of these accounts. That's, you know, those are the services you see in the, the more full featured third party solutions, but still not terrible. And like I said, it does have this change link which is, which is super useful frankly. So it's, if you were going to use this, definitely take advantage of that. And then beyond that, just what I already showed you really, I kind of blew through it quickly. But let me go back to the top here. In the sense that a password manager is really an identity manager. This first link for the Microsoft Password Manager is really about logins, right? So usernames and passwords. But it also manages payment methods which I have some configured here for some reason. It has options related to shopping which really have nothing to do with boy with password management, you know, Microsoft, but I didn't enable any of that. But they also have the ability to save and autofill addresses and have suggestions and the idea there is that I've actually eliminated that, but I could have my, I have two addresses. So I have one here, I have one in, back home in Pennsylvania and when I have to fill out that information on a form, it will do that for me. So in that sense, you know, it's for a browser based thing. It's probably roughly on par with what Google offers in Chrome. It's, it's not too, too terrible. But yeah, that's, that's most of it. So, so there it is. This is, that's Microsoft Password management. It's, it's, it's on the basics on the basic side, it's, it's not honestly horrible, but it's not as good as 3, 3 third party solutions like we see from Bitwarden and Proton Pass so strongly recommend going in that route. But I wanted to at least present this because I know some people who watch the show are going to want to do the Microsoft thing and that's where we're at. So thank you very much for watching. Thank you for supporting the show. You can learn more about Hands on Windows at Twitter tv. H O W We publish a new episode every Thursday. So we'll see you again next Thursday. In the meantime, thank you for watching. Thank you especially to our club Twitter members. We love you. If you not a member. Consider joining and you can find out more about that program at TWIT TV Club Twit. Thank you. See you next week.

Leo Laporte

Hey everybody, Leo Laporte here and I'm

Jason Howell

going to bug you one more time to join Club Twit if you're not already a member. I want to encourage you to support what we do here at Twit. You know, 25% of our operating cost comes from membership in the club. That's a huge portion and it's growing all the time.

Leo Laporte

That means we can do more.

Jason Howell

We can have more fun.

Leo Laporte

You get a lot of benefits ad

Jason Howell

free versions of all the shows.

Leo Laporte

You get access to the Club Twit

Jason Howell

discord and special programming like the keynotes from Apple and Google and Microsoft and others that we don't stream otherwise in public. Please join the club. If you haven't done it yet, we'd love to have you find out more at Twitter. Quit TV Club Twitter.

Paul Thurrott

Thank you so much.