Before protecting your windows 10 from Credential theft, you should know that this settings applicable only Windows Version of Home,education and PRO. For Windows 10 Enterprise version, you need to install domain credentials with windows defender credential guard.
Step by Step Method to protect against credential theft in Windows 10 Home,education and PRO edition
What is WDigest?
WDigest Authentication is a challenge/response protocol that was primarily used for LDAP and web-based authentication. It utilizes Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges to authenticate.
In Windows 10 WDigest credential caching is enabled by default. When it is enabled, Lsass.exe retains a copy of the user’s plain text password in memory. Microsoft recommends to disable WDigest authentication, to leave default if required.
open reg-edit and navigate to Computer HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProvidersWDigest Click UseLogonCredential, set REG_DWORD to ‘0’.
How to Set cached credentials settings
Open Local security policy > Local policies > Security Options >Interactive logon : Number of previous logins to cache
Set the number to 0 to 3
How to set credential manager in Windows 10?
Your logon credential are stored in Windwscredential manger, where hackers take view your credentials using a tool called Credentialsfileview.you can disable this by going here
Open Group policy editor >Computer Configuration> Windows Settings >Security Settings > Local Policies >Security options>Network Access: Do not allow storage of passwords and credentials for network authentication select disable.
How to Set LSASS in protected mode ?
Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It writes to the Windows Security log and verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
Open the reg-edit and navigate to HKEY_LOCAL_MACHINE >SYSTEM > CurrentControlSet > Control >Lsa set RunAsPP to ‘1’ restart your computer to take the effect
These 4 settings in Windows 10 will Protect your computer against credentials theft, try this settings and share your views in comments box.