'Is it possible to bypass the Password to Login To Window?

I am developing a custom Windows Credential Provider for Local PC

The Idea is we want to make a passwordless Credential Provider.

From user prespective, they will just

  1. Select the desired username that you want to login with

  2. There will be 2nd factor authentication by Mobile Phone App

  3. If the User accept or confirm the authentication, Window will log the user in with the selected username

Currently my Credential Provider works as follows:

  1. I Create an executable to manage the password and the Username of desired Windows Account

  2. Everytime the user register their password and username, it will be saved somewhere in local PC (eg: C:\Temp\MyCredential\identity.txt). Since it I have no plan to join the PC with a domain, the domain value that saved in the database is their own's pc name

  3. When the user perform authentication and confirm it, The provider will take the domain, username, and password information from the file in step 2

  4. From the step 3, I feed / put the value to KERB_INTERACTIVE_UNLOCK_LOGON like this

HRESULT CMyCredential::GetSerialization(
    CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE* pcpgsr,
    CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs,
    PWSTR* ppwszOptionalStatusText,
    CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon
)
{
...
 KERB_INTERACTIVE_UNLOCK_LOGON kiul;

hr = KerbInteractiveUnlockLogonInit((PWSTR)wdomain.c_str(), (PWSTR)wusername.c_str(), (PWSTR)pwd.c_str(), _cpus, &kiul);
...
}

--------- QUESTION ------------------

Then something just comes up to our mind.

If the user change their password using Windows settings Settings -> Accounts -> Sign-in options -> change password, how do we let the user log in?

So far we thought that its impossible since we use the txt file which is not synchronized with the Windows password

But after do a quick search, I found Credential Provider in Windows for Bio-metric Authentication which explain that I have to create SSP/AP to make my Credential Provider able to do that mechanism https://msdn.microsoft.com/en-us/library/windows/desktop/aa375200(v=vs.85).aspx

Is it possible, or is it impossible?

windowswindows-10credential-providers


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

PowerShell Cannot dot-source this command because it was defined in a different language mode

I am making a calculator and I get TypeError: can only concatenate str (not "int") to str [closed]

libtorch throws c10::error after build on Windows 10 (VS2019)

SQLite3.exe shell not successfully creating database?

Is it possible to use output redirections from a cmd file using start?

Unable to create '/git/index.lock': File exists - but it doesn't

Set up Python simpleHTTPserver on Windows [duplicate]

Powershell - windows hard-disk health status is giving inconsistent results

TOX can't find the browser binary