locked
How safe is "save password" in the Lync client? RRS feed

  • Question

  • Hello,

    I would like to know what happens when a user clicks "save password" in the Lync client. Is the password stored on the PC?  If the password is stored on the PC, is this "safe"?


    Herman Van Uytven
    Tuesday, September 20, 2011 6:10 PM

All replies

  • Hi

    It is "safe" if the PC its stored on is safe. Do you run windows update regularly, is the firewall on, is the hard drive encrypted and so on.


    Best Regards // Tommy Clarke - Please follow me @ Blog
    and Twitter
    Tuesday, September 20, 2011 6:27 PM
  • Hi,Herman,

    Authentication in Lync is performed with certificates and the communication is using  TLS  encryption , an attacker would not have a valid certificate required to autentication in the communication,even though they successfully attack the password they can not be allowed to access Lync on a computer which didn't acquire the certificate from your Lync server.

    Of course, it is impossible to design against all unknown security threats.You need keep running windows update,configure firewall and real-time monitor your system security,etc.Make sure your PC in a "safety" status will keep far away unsecure threats for Lync.

    More details about Lync client security you can look at  http://technet.microsoft.com/en-us/library/gg195618.aspx

    Regards,

    Sharon




    Thursday, September 22, 2011 1:49 AM
    Moderator
  • Hello Sharon,

    Thanks for the answer.

    But if the client uses certificates for authentication, why is the password then stored?


    Herman Van Uytven
    Thursday, September 22, 2011 7:16 PM
  • Technically, the password is never stored, a hash of it, does.
    • Proposed as answer by indubious Tuesday, October 11, 2011 6:31 PM
    Tuesday, October 4, 2011 4:27 PM
  • Which hashing algorithm is used?
    Herman Van Uytven
    Monday, October 24, 2011 2:45 PM