The authentication type Native Windows Accounts requires user credentials to initiate sessions.
It is activated by configuring the PowerTag !NWASAVELOGIN=1. When enabled, user credentials will only be asked once, and then saved.
This feature is incompatible with apps configured with unauthenticated access.
Note: as of October 2022, this feature is only available on >= [alpha] channels.
Passwords are saved in a secure browser cookie in an encrypted form, using AES encryption. The encryption key is saved on Cameyo's portal and is never saved on the workstation itself. In other words, only the combination of the two parts -- secure browser cookie and portal-side key -- can decrypt the password. The combination of these two elements is done in-memory during session start.