Microsoft is killing off this authentication protocol in Windows - here's why

Three computer monitors against a blue digital background.
(Image credit: Pixabay)

Microsoft is stripping Windows 11 users of an old protocol that authenticates remote users.

The New Technology LAN Manager (NTLM) was effectively usurped by Kerberos, the MIT-developed cross-platform tool which works as the authentication protocol for any version of Windows since Windows 2000. 

In fact, Microsoft even recommended users refrain from using NTLM way back in 2010. However, it has still been kept around as a backup incase Kerberos fails. But now it is finally getting the axe.

NTLM no more

NTLM is considered weak from a security standpoint, as it has been exploited many times by threat actors to authenticate connection between their target's network and their own malicious servers. From here they can take over their victim's machines. 

Attackers have also been able to steal NTLM hashes of passwords from targets via vulnerabilities in their system, using them to authenticate access to the victim's system and move throughout their network.

For these reasons, Microsoft has long been recommending that admins disable NTLM or block their servers from NTLM relay attacks by using Active Directory Certificate Services (AD CS). 

As a replacement for NTLM, Microsoft is currently developing IAKerb (Initial and Pass Through Authentication Using Kerberos) and the Local KDC (Local Key Distribution Center).

The former is built on the Security Account Manager of the local machine, so remote authentication can be implemented using Kerberos. IAKerb is then used to transmit Kerberos messages between machines, "without having to add support for other enterprise services like DNS, netlogon, or DCLocator," said Matthew Palko at Microsoft.

"IAKerb also does not require us to open new ports on the remote machine to accept Kerberos messages," he added.

While Palko also said that "NTLM will continue to be available as a fallback to maintain existing compatibility," more controls will be available to admins to monitor and restrict NLTM within their network. 

Palko concludes, though, that "reducing the use of NTLM will ultimately culminate in it being disabled in Windows 11."


Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.