Microsoft has officially announced its plans to phase out NT Lan Manager (NTLM) in Windows 11 by the second half of 2024. The tech giant also revealed a host of new security measures designed to enhance the functionality of the operating system.
In a statement, Microsoft highlighted that the discontinuation of NTLM has been a long-awaited move by the security community. This transition is expected to bolster user authentication protocols.
Kerberos has been identified as a potential replacement for NTLM. In this system, when a computer (client) seeks access to a specific service on another computer (server), Kerberos utilizes a Key Distribution Center (KDC) to validate user permissions. The KDC stores secret keys for users and services, issuing access “tickets” accordingly.
Upon a user’s request for system entry, the user’s computer sends a KDC request for a ticket. The KDC verifies the user’s credentials and, if authenticated, grants a ticket. This ticket is then utilized to verify the user’s identity when connecting with the desired service.
Kerberos is notable for its feature of mutual authentication. This means that not only does the user validate their identity, but the service can also verify the user’s authenticity. This system is instrumental in thwarting potential attacks where malicious entities attempt to impersonate services.