Microsoft fixes password bug in Windows 10 apps

Sinziana Mihalache
by Sinziana Mihalache
Author
Sînziana loves getting people to better understand products, processes, and experiences beyond a simple user guide, either in writing or making use of images. She joined the team after a long-term collaboration with one... Read more
Affiliate Disclosure
  • Microsoft will release a fix for a password bug that has been affecting S4U tasks for some months now.
  • A workaround has been available until now.
  • After the fix, users will no longer be logged out of frequently-used programs such as Outlook or OneDrive.
  • The solution is already available for those in the Insider channel.

Not long ago, Windows 10 users noticed that after installing Windows 10 Version 2004 Build 19041.173 and related updates, their passwords were no longer recognized by some programs.

Notable issues were confirmed even by Microsoft with Outlook, Edge, or Chrome, but other Windows apps were affected as well.

Final fix for password bug to be released soon

After the mentioned update, certain services failed to load, which caused cookies and sync to reset. As a result, users were logged out of their programs and forced to re-enter their passwords each time they opened the same apps.

The issue has been monitored since April and Chrome developers have closely collaborated with Microsoft to find the cause and a stable fix.

At some point, Chrome developers discovered that it affected only S4U tasks and a proposed workaround was mentioned in September, to disable them via the Task Scheduler.

If you open Task Scheduler and disable all the tasks it lists, I think this bug will go away.

(If you really need those tasks, make them non-S4U, i.e. the Do not store password checkbox)

This is because the RPC that UBPM uses to create the S4U token can sometimes delete your saved credentials in LSASS. Amongst other things, your saved credentials (or rather, the hash of them) are used to generate your DPAPI user encryption key, and when they’re deleted LSASS just uses the hash of the empty string.

Microsoft suggested the same workaround, but only in November 2020

Now, a Microsoft Edge official mentioned in their internal channel that the problem affected only a small number of users and that a fix has already been released for the Insider channel.

For the rest of the Windows 10 users, the fix will be included in one of the upcoming official updates (expected in the first months of 2021).

So if you’ve also been repeatedly logged out of your most used apps, a solution is on the way. If you’re part of the Insider program and have already installed the fix, tell us about your experience in the comments.

This article covers:Topics: