Cached Windows passwords: Risky or not?
There has been a lot of talk in the security press recently about "pass-the-hash" attacks, whereby attackers steal the hashes of passwords and use them to authenticate (without having to know the password itself). Then there was the big news story about how a supercomputer utilizing 25 GPUs could crack every possible eight character password in just a few hours.
With the security of passwords of such grave concern, it's no wonder people are thinking hard about the practice of caching logon passwords to allow for local logon when a domain controller isn't available, and considering disabling the feature.
Before you do that, read Roger Grimes' article in InfoWorld Security Central that explains why these cached passwords don't really pose the risk you might think, and the problems you might encounter if you do disable them: