In the User name field, enter the username in one of the following formats:
- Domain\Username (e.g., DomainX\User1)
- Machine\Username (e.g., Computer1\User1)
- Username\Machine (e.g., User1\Computer1)
- Workgroup\Username (e.g., Sales\User2)
- Username\Workgroup (e.g., User2\Sales)
- User principal name (UPN—e.g., User1@domainX.com)
In the Password field, enter the password. Finally, specify whether the credentials are for Windows logon authentication or for website or program authentication.
Editing a credential set. If you want to edit an existing credential set, select the resource from the list in the Stored User Names and Passwords dialog box, then choose Edit (Vista) or Properties (XP). You can edit only the username and password.
Removing a credential set. If you want to delete an existing credential set, select the resource from the list in the Stored User Names and Passwords dialog box, then click Remove.
Backing up and restoring credential sets (Vista and Server 2008 only). Although automatically storing credentials is beneficial, it can pose a problem if they're lost. Vista and Server 2008 let you back up and restore credential sets with the Backup and Restore Wizard. For security reasons, the backup and restore processes can't be automated. The only way to back up or restore credential sets is to do it manually.
To perform a backup in Vista, click the Back up button in the Stored User Names and Passwords dialog box. In the dialog box that Figure 3 shows, browse to where you want to store the backup file and enter the name you want to give it.
Figure 3: Backing up credential sets |
 |
All credential sets are stored inside a single .crd file that's encrypted with the Advanced Encryption Standard (AES). After providing the location and filename, you'll be required to press Ctrl+Alt+Del so that Vista can switch to secure mode. Next, you'll be prompted to enter a password to protect the credentials. This password must be strong (i.e., contain uppercase and lowercase letters, numbers, and special characters). After entering and validating password, the credentials will be saved at the specified location under the specified filename.
If you need to restore credentials that were previously backed up, click the Restore button in the Stored User Names and Passwords dialog box. Navigate to the .crd file's location and provide the password. Be aware that restoring credential sets from a backup file replaces any existing credential sets stored on the computer.
Securing the Credentials
Storing multiple credential sets in one location is convenient but potentially risky. Although credentials are stored in encrypted format within the SAM and user profile, attackers might be able to crack these passwords if they get physical access to the user profile files.
To secure the credentials as much as possible, it's important to apply all necessary security measures. Those measures might include:
- Having users protect unattended computers. For example, users should log off of or lock their computers when they leave them unattended for long periods of time. To protect computers that are left unattended for short periods, users should password protect their screen savers.
- Securing laptops with BitLocker or a similar encryption program. That way, the data is protected if the laptop is lost or stolen.
- Having users use a strong password for the standard Windows logon and change that password regularly. In a domain environment, it's best to use Group Policy to force password changes.
- For extremely critical resources, you might consider disabling the Stored User Names and Passwords feature.
A Convenient Tool
The Stored User Names and Passwords feature is a convenient tool for users who use multiple credentials to access various network and Internet resources. It gives them a single sign-on experience. Although the stored credentials are encrypted, it's important to keep workstations with stored credentials secure.