The TCG Security Password Vault is where ESC will store the individual TPM Key Passwords that it is managing for the current user.

The Password Vault is secured by the TPM. Access to the Password Vault is only granted after a valid authentication is performed. Users may authenticate to use the Password Vault with their authentication preferences to Windows Login (whether the Secure Windows Login feature is enabled or not).

The value of ESC's Password Vault becomes apparent once users begin using TPM-based applications regularly. Typically, each application will create at least one TPM Key, often more, and use them to protect various types of data. Each TPM Key requires the creation of another password. One can see there this could quickly become difficult for users to manage.

The ESC Password Vault solves this problem for users without undermining security. ESC allows users to save individual TPM Key passwords to the Password Vault. When TPM Keys are needed by an application, ESC retrieves them from the Password Vault. Users gain access to the Password Vault by simply entering their authentication preference (for example, Windows password, fingerprint, or the like).

Enable the ESC TCG Security Password Vault to simplify the user experience when using a TPM. Adjust the security settings to define how often users must be authenticated when using the TPM (see Figure 3.10).