In a recent blog post, cybersecurity expert Narendran Vaideeswaran from Crowdstrike explained the differences between NTLM and Kerberos in the authentication process. NTLM relies on a three-way handshake between the client and server to authenticate a user, while Kerberos uses a two-part process based on a ticket-granting service or Key Distribution Center. Kerberos is considered “secure by design,” unlike NTLM, which is easier to implement but lacks the same level of security.
One of the reasons for the continued use of NTLM is its simplicity and ease of implementation. Additionally, when Kerberos fails, NTLM often serves as the fallback solution. Another challenge is that NTLM is also used to implement Remote Desktop Services, adding to its continued relevance in many environments.
Microsoft has long been trying to phase out NTLM in favor of more secure alternatives. However, the transition has been slow, with many customers facing difficulties in implementing more secure options or transitioning to new Microsoft cloud services. This has led to frustration among some users, as highlighted by a tweet from “Brian in Pittsburgh” expressing the challenges faced by customers in adopting more secure authentication methods.
In a blog post from October 2023, Microsoft announced plans to enhance the reliability and flexibility of Kerberos while reducing dependencies on NTLM. The company aims to completely deactivate NTLM in Windows 11, although a specific timeline for this change has not been announced yet.
Overall, the move away from NTLM towards more secure authentication methods like Kerberos represents a positive step towards improving cybersecurity in Windows environments. As Microsoft continues to prioritize security and reliability in its authentication protocols, users can expect a more robust and secure authentication experience in the future.