On Mon, May 6, 2013 at 7:08 PM, David Connors <[email protected]> wrote:
> On Mon, May 6, 2013 at 7:06 PM, mike smith <[email protected]> wrote: > >> It'd be storing the hashed user/pw that gets sent off for authentication, >> or it should. Then when you change your pw on the domain, the hash no >> longer works. Insecure if anyone else touches your computer, and you can't >> make that assumption in a work environment? >> > > See my next post on the thread. DSAPI is the issue - or rather - whoever > designed it didn't consider that your password might get changed at places > other than on your local PC. Fail. > > David. > I really wouldn't want something like DPAPI to be able to work across multiple machines. The idea is what is the fail. Hooking a pw change? YUK! -- Meski http://courteous.ly/aAOZcv "Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough" - Adam Hills
