← All Tweaks
🛡️ Firewall & Security
Cleartext Password Protection
Prevent storage of passwords in cleartext and enable token leak detection
Benefit
Prevents credential harvesting attacks that exploit cleartext password storage
Impact
highCommands (2)
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -Name UseLogonCredential -Value 0
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name TokenLeakDetectDelaySecs -Value 30
Warnings
- ⚠ WDigest cleartext passwords allow attackers to harvest credentials using tools like Mimikatz after system compromise.