The authentication type Native Windows Accounts requires user credentials to initiate sessions. 

It is activated by configuring the PowerTag !NWASAVELOGIN=1. When enabled, user credentials will only be asked once, and then saved.

This feature is incompatible with apps configured with unauthenticated access.

Note: as of January 2023, this feature is only available on >= [next] channels only.


Passwords are saved in a secure browser cookie in an encrypted form, using AES encryption. The encryption key is kept on Cameyo's portal only, never on the workstation itself. In other words, only the combination of the two parts -- secure browser cookie and portal-side key -- can decrypt the password. The combination of these two elements is done in-memory during session start.