Cached Windows passwords sound risky -- but aren't

http://www.flickr.com/photos/bwa32/6607434907/in/set-72157628651915739

I deal with a lot of customers who area worried about Windows password attacks. These days, the biggest fear is of pass-the-hash attacks, a topic I've written about many times in the past couple of years.

Often, when customers voice concern about pass-the-hash attacks, they ask me about cached log-ons in Windows. They've heard about the vulnerability and have read one or more whitepapers about it. Even Microsoft recommends disabling cached log-ons.

In fact, cached Windows log-ons aren't a big risk at all. I'll tell you why in a minute, but first, let's review the basics.