Windows password Archives

Winsage

May 1, 2025

Windows Warning — Microsoft Confirms Old Passwords Still Work To Login

Microsoft has confirmed that users can log into their Windows accounts using old passwords that have been changed and revoked under certain conditions. This behavior is classified as a feature rather than a security vulnerability. The issue arises from the Remote Desktop Protocol (RDP), which allows remote access to Windows machines. An independent security researcher discovered that after changing his password, he could still access his machine using the old credentials, even from new devices. Microsoft's documentation was updated to explain that credentials are verified against a local cached copy before network authentication, allowing continued access with the old password. Microsoft stated that this design ensures at least one user account can always log in, regardless of system offline status, and confirmed there are no plans to change this behavior.

Winsage

April 10, 2025

Windows Hello logins are borked for some users after latest update

Windows Hello, a feature in Windows 10 that allows for face unlock functionality, has encountered a bug following the latest update (Build 26100.3775) released on April 8th. This bug affects some users' ability to use face unlock and PIN logins after resetting their PC while retaining local files and enabling System Guard Secure Launch or DRTM. Although users should still be able to access their PCs using their Windows password, the issue is concerning for those who rely on Windows Hello. The bug is considered an edge case, impacting only a limited number of users, and regaining access is possible with a password manager or IT support. Users can re-establish Windows Hello by performing a new face scan once they regain access.

Winsage

March 26, 2025

Windows Passwords At Risk As New 0-Day Confirmed—Act Now

Windows users are facing multiple zero-day vulnerabilities affecting various operating system versions, including Windows 7, Server 2008 R2, and Windows 11 v24H2, with no official patch available from Microsoft. A new vulnerability allows attackers to obtain NTLM credentials by having a user view a malicious file in Windows Explorer. This vulnerability is distinct from a previously reported incident and remains undisclosed until Microsoft issues a patch. NTLM vulnerabilities can enable credential theft, and while not classified as critical, they have been exploited in real-world attacks. Users may need to wait for the next Patch Tuesday for an official fix, but can utilize a micro-patch solution from ACROS Security's 0patch to address the vulnerability temporarily.

Winsage

July 15, 2024

How to change your Windows account password – gHacks Tech News

The steps to change a Windows password are outlined, including how to do so for both local and Microsoft accounts. The new password is immediately active and must be used for the next sign-in. If the Password section is not visible in Settings, a specific action is required to make it appear. Advanced users have alternative methods to change or reset passwords.