NTLM (Basics)

NTLM is an older Windows authentication protocol with known security weaknesses.

Updated: 2026-03-05

Definition

NTLM is a challenge-response authentication protocol used in Windows environments.

Modern environments prefer Kerberos and stronger authentication methods.

Key points

Older Windows auth protocol
Can be vulnerable to relay and downgrade scenarios
Kerberos is generally preferred

Common mistakes

Assuming NTLM is 'fine' on modern networks without controls.
Not restricting legacy auth where possible.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

CompTIA A+ (220-1201 / 220-1202)

Free CompTIA A+ mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.