Say goodbye to NTLM, an important Windows security protocol for password authentication

Microsoft drops NTLM in favor of Kerberos

Reading time icon 2 min. read

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Microsoft is retiring NTLM, an old security protocol used for password verification.
  • NTLM will still work for now but Microsoft recommends switching to the more secure “Negotiate” protocol.
  • They are looking for user feedback on issues with applications still using NTLM.

It’s official. Microsoft has officially announced the NTLM deprecation, an important security protocol on Windows devices that lets you prove you know your passwords without revealing them.

The Redmond tech giant says that all NTLM, including LANMAN, NTLMv1, and NTLMv2, will no longer be actively developed even though they still work just fine for now, or at least for the next Windows Server and Windows releases.

Microsoft considers them outdated, and instead, it recommends replacing NTLM with “Negotiate.” Negotiate attempts at Kerberos authentication first, which is more secure, and only falls back to NTLM if Kerberos isn’t available.

NTLM, short for NT LAN Manager, is a challenge-response authentication protocol used in Windows environments. It lets users prove they know the password for an account without sending the actual password across the network.

Talks about killing NTLM have actually happened a little while ago. A Microsoft spokesperson reached out to users on Reddit to actively understand what issues they face with applications still relying on NTLM. In another blog post dated October 2023, Microsoft also said that it’s dropping NTLM in favor of Kerberos for authentication.

It’s not the only product entering the Microsoft Graveyard, though. WordPad, the famed word processor app that has been around since the ’90s, will no longer be available in the upcoming Windows 11 24H2 massive update. Windows Mixed Reality (WMR) is also dead, just like Driver Verifier GUI (verifiergui.exe), Windows Speech Recognition, and more.