The TCG Security Password Vault is where ESC stores the individual TPM Key Passwords that it manages for the current user.

The Password Vault is secured by the TPM. Access to the Password Vault is only granted after a valid authentication is performed. Users may authenticate to use the Password Vault with their authentication preferences to Windows Login (whether the Secure Windows Login feature is enabled or not).

The value of ESC's Password Vault becomes apparent once users begin using TPM-based applications regularly. Typically, each application will create at least one TPM Key, often more, and use them to protect various types of data. Each TPM Key requires the creation of another password. One can see where this could quickly become difficult for users to manage.

The ESC Password Vault solves this problem for users without undermining security. ESC allows users to save individual TPM Key passwords to the Password Vault. When TPM Keys are needed by an application, ESC retrieves them from the Password Vault. Users gain access to the Password Vault by entering their authentication preference (for example, Windows password, fingerprint, etc.).

Enable the ESC TCG Security Password Vault to simplify the user experience when using a TPM. Adjust the security settings to define how often users must be authenticated when using the TPM (see Figure 3.25).

Starting with Embassy Trust Suite version 5.3, we make configuring your Trusted Platform Module with Embassy Trust Suite easier with the new Embassy Security Setup Wizard, which launches the first time a user logs in after the software has been installed.