Deprecating NT LAN Manager (NTLM) has been a huge ask from our security community as it will strengthen user authentication, and so we are announcing that deprecation of NTLM is planned in the 2nd half of 2024 in Windows.
Why?
- No server authentication (read: can’t verify malicious authentication servers)
- Legacy MD4 encryption used for hashing password (read: weak & guessable)
- Password submitted not salted (read: offline crackable)
- Only supports password-based authentication (read: no certs, biometrics, MFA, FIDO, etc.)
- Bugs (read: vulnerabilities)
Read more at:
- New Windows 11 features strengthen security to address evolving cyberthreat landscape | Microsoft Security Blog
- We, Microsoft, are deprecating NTLM, and want to hear from you : r/sysadmin (reddit.com)
- The Evolution of Windows Authentication
- BlueHat Oct 23. S18: Deprecating NTLM is Easy and Other Lies we Tell Ourselves
kurtsh
Kurt Shintaku's Blog 
You must be logged in to post a comment.