Duplicate login tiles may occur with the EmpowerID Credential Provider installed

You may be surprised to find several credential providers are suddenly available for logon on a computer with the EmpowerID Credential Provider installed. Multiple credential providers causes duplicated login tiles at the login screen, as seen in the example screenshot below:

This issue can be caused by a Windows Update that reinserts the original Microsoft credential provider into the registry. While this does not break the login functionality it can be confusing for users when logging into Windows. The presence of the Credential Provider PasswordProvider at the registry key indicated below causes this behavior:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}

The recommended solution is to repair the EmpowerID Credential Provider. If you have installed the EmpowerID Credential Provider manually you can perform a repair install from the Programs and Features Control Panel applet of the affected computer. Find the entry labeled "EmpowerID Password Manager Windows Client", right click the entry and choose Repair.

Alternatively, if you utilize Group Policy you can redeploy the EmpowerID Credential Provider to all the computers at once. Open the Group Policy Management Editor and right click on the Group Policy object that contains the EmpowerID Credential Provider package. Navigate to "All Tasks" and then click "Redeploy application". Redeploying will re-install the software on all the computers covered by that policy.

 

Duplicate logon tiles from other credential provider software

If you are seeing duplicate tiles coming from another piece of software such as a fingerprint sensor on a computer you will need to exclude that specific tile through Group Policy to prevent it from showing on the login screen. You can identify this tile by clicking on both and examining the text below the the password field. Below is a screenshot showing duplicate tiles with the EmpowerID Credential Provider installed on an HP laptop with a fingerprint sensor and the appropriate software installed.

Clicking on the left tile shows that this tile is coming from the EmpowerID Credential Provider as the text reads "Click here to Reset Password":

Clicking on the right tile shows that this tile is coming from the fingerprint software as the text reads "Swipe finger to log on; Log on with Wizard...":

Open the Group Policy object where you want to define this exclusion and navigate to Computer Configuration > Policies > Administrative Templates > System > Logon. On the right pane double click on "Exclude credential providers".

Click the Enabled radio button and enter the GUID of the credential provider that you will want to exclude. In the example above that is the HP fingerprint sensor credential provider. Enter the GUID in the "Exclude the following credential providers:" text box and make sure that the GUID is surrounded by curly brackets as shown in the image below.

Note: You can find the GUID in the following registry key on the computer exhibiting this behavior:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

You will have multiple entries in the Credential Providers key in the registry. You will need to identify which one is causing the duplicate tile. You can do this by contacting support for the vendor's software (in the example above that would be HP) or you can pick an entry that may make sense depending on the software name or vendor name and add it to the exclusion list and apply that Group Policy object to one computer for testing. Excluding a credential provider needed by Windows may break the login ability on the computer so please do this with caution on a test computer.

Please feel free to contact us by e-mail at support@empowerid.com or by phone at (877) 996-4276 (Option 2) if you have any questions or concerns regarding this guide.