Microsoft loads this historical protocol to improve security

But what is this NTLM? They are the acronyms of NT LAN Manager. Basically, it is a series of Microsoft security protocols that serve to authenticate and provide integrity to users. It uses three messages to authenticate a client and a fourth message to have integrity.

Microsoft dispenses with NTLM

NTLM emerged in the early 90s as a series of security protocols to be able to provide that authentication and integrity that we mentioned. It acts as a single sign-on tool that serves to demonstrate that a specific user knows the password associated with an account, through a server.

This novelty does not come as too much of a surprise. The truth is that it has been more than a decade since Microsoft They stopped recommending the use of NTLM for applications. However, it has been present until its latest version, Windows 11. Now it plans to eliminate it, a logical step if we take into account this recommendation that we mentioned.

Now, what can we use instead? What they are looking for with this is to strengthen the Kerberos authentication protocol. It is not new either, since it has been the default since 2000, coinciding with the launch of Windows 2000. They seek to leave NTLM aside and thus enhance the use of Kerberos. In fact, the company indicates that the new functions for Windows 11 already include initial and pass-through authentication through Kerberos (IAKerb).

What allows IAKerb is that clients can authenticate via Kerberos on different network topologies. We should also mention KDC, which stands for Key Distribution Center, and which allows Kerberos support to be extended to local accounts as well.

Windows security measures


If you’ve come this far, you may be wondering what the differences, ultimately, are between Kerberos and NTLM. The main one we can say is the how both protocols manage authentication. We can say that the first one, Kerberos, is based on a two-part process in which you will leverage a ticketing service or a key distribution center. Instead, NTLM uses a three-way handshake between the client and the corresponding server. Both, in their own way, seek to authenticate a user.

But there is also another important difference that must be indicated. Kerberos is going to take advantage of the encryption for that authentication, while what NTLM does is rely on the password hashing. There is, therefore, another difference to take into account when we compare these two options.

Mention must also be made of the changes inherent to the passage of time. NTLM, as we have explained, predates Kerberos. This means that, today, it has security vulnerabilities. The technology it uses has become obsolete and can potentially be a problem as it is easier for an intruder to gain unauthorized access.

In short, Microsoft takes another step to improve the security of its system. This time, it is about eliminating the NTLM protocol. They want to promote the use of Kerberos, which has been available for many years. The objective is, once again, to increase protection and reduce the risk of attacks and intruders. Just as you can activate or deactivate Microsoft Defender, you can do so with many services of this operating system.

Related Articles