DPAPI (Data Protection API) is a Windows cryptographic API that encrypts credentials and secrets tied to a user account. Browsers, Outlook, and Wi-Fi passwords use DPAPI.
Mimikatz can extract DPAPI-protected data from memory or disk when running as the user. DPAPI blobs are decryptable with domain controller backup keys. A key target in credential harvesting attacks.