Described herein is an implementation of a technology for managing credentials. With an implementation, a credential manager is domain-authentication aware and concurrent authentications with multiple independent networks (e.g., domains) may be established and maintained. Moreover, a credential manager provides a credential model retrofit for legacy applications that only understand the password model. The manager provides a mechanism where the application is only a "blind courier" of credentials between the trusted part of the OS to the network and/or network resource. The manager fully insulates the application from "read" access to the credentials. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.