Corporate users with third-party, Windows-based authentication systems such as VPNs could face a difficult transition to Microsoft’s Vista because of an overhaul of the core Windows logon architecture, according to independent software vendors and analysts. The good news for users is that those same observers say Vista, which is being touted for its security features, will eventually deliver a more secure and flexible authentication architecture than exists today in Windows. But ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture. During migrations, users will have key security infrastructures that straddle two different authentication environments, one for Vista and one for earlier versions of Windows, until migrations are complete. They also will have to support different client-side code and separate interfaces that will present retraining issues, experts say.