Password Manager: Difference between revisions
No edit summary |
|||
| Line 1: | Line 1: | ||
__TOC__ | __TOC__ | ||
==Introduction== | |||
The Password Manager feature provides an end-to-end solution to track and manage passwords, in a secure and elegant way. It allows you to control the access to passwords, track passwords usage, and more. | |||
Passwords are linked to Accounts and optionally also to a selected Asset. | |||
Passwords can be easily searched and accessed from the Password Manager main window as well as the dedicated ‘Passwords’ tab under the Account and Asset windows. | |||
CommitCRM automatically keeps the Password history. Each password update is saved as a password version, keeping all history changes, allowing future access to each version. | |||
CommitCRM also automatically manages a complete audit log about who accessed a password and when. | |||
Advanced security tools that come with the Password Manager, provide a powerful toolset to control who has access to which password. | |||
In order to access and manage Passwords employees - | |||
1. Must have the relevant Privileges assigned to their user.<br> | |||
2. Must know a secret Passphrase in order to access actual passwords.<br> | |||
3. May be required to be granted with Security Tokens in order to access some Password entries.<br> | |||
==Start using the Password Manager== | |||
===Enabling the Password Manager and Setting a Passphrase === | |||
In order to start using the Password Manager, a CommitCRM administrator (aka SysAdmin) user should enable it first and set a global passphrase. | |||
Open the main Password Manager window by clicking the ‘Passwords’ icon located in the left side pane and the click the ‘Enable’ button. | |||
[[File:Password_manager_activation.png|center]] | |||
<br> | |||
As soon as the ‘Enable’ button is clicked you will be asked to select a Passphrase. | |||
After the Passphrase is set and the Password Manager feature is fully enabled, users are granted with different Privileges required to use the Password Manager. | |||
===What is a Passphrase?=== | |||
The Passphrase is an secret key that you need to share with all relevant users. | |||
Users must know the Passphrase in order to work with passwords. | |||
<pre style="color: red"> | |||
Important: | |||
Never lose your passphrase. Losing the passphrase means that you lose all access to all saved passwords. | |||
</pre> | |||
The Passphrase should be long, hard to guess and yet EASY to remember. | |||
Ideally the passphrase includes a mixture of uppercase and lowercase letters, numbers, spaces and punctuation characters.<br> | |||
'''Only standard ASCII characters should be used''', particularly when using international keyboards. | |||
An example of a passphrase: | |||
The snow is White. The ocean is Blue. Welcome 2 Baloo. | |||
===Changing Your Passphrase=== | |||
A CommitCRM administrator user (aka SysAdmin) can change the passphrase by activating the following menu option: ''Settings > Password Manager > Change Passphrase''. | |||
===Enable/Disable for the Web Interface=== | |||
A CommitCRM administrator user (aka SysAdmin) can enable or disable the Password Manager feature for the Web Interface. | |||
In general it is highly recommended to securely use Web Interface with SSL certificates and access it via the https protocol only. This is achieved by configuring the Web interface to work with Microsoft IIS as its Web server. This recommendation is even more so true when it comes to working with passwords. In case you have not yet migrated to using IIS [[Microsoft_IIS_as_the_Web_Server_for_the_Web_Interface|click here]] for all details. | |||
In order to enable or disable the Password Manager feature for the Web interface visit ''Tools > Options > Web Interface (Admin)'' tab: | |||
[[File:Password_manager_web_interface_activation.png|center]] | |||
'''Note:''' For further securing the Web interface consider enabling its 2-Factor Authentication feature. | |||
==Tips & Tricks== | ==Tips & Tricks== | ||
Revision as of 07:38, 10 July 2017
Introduction
The Password Manager feature provides an end-to-end solution to track and manage passwords, in a secure and elegant way. It allows you to control the access to passwords, track passwords usage, and more.
Passwords are linked to Accounts and optionally also to a selected Asset.
Passwords can be easily searched and accessed from the Password Manager main window as well as the dedicated ‘Passwords’ tab under the Account and Asset windows.
CommitCRM automatically keeps the Password history. Each password update is saved as a password version, keeping all history changes, allowing future access to each version.
CommitCRM also automatically manages a complete audit log about who accessed a password and when.
Advanced security tools that come with the Password Manager, provide a powerful toolset to control who has access to which password.
In order to access and manage Passwords employees -
1. Must have the relevant Privileges assigned to their user.
2. Must know a secret Passphrase in order to access actual passwords.
3. May be required to be granted with Security Tokens in order to access some Password entries.
Start using the Password Manager
Enabling the Password Manager and Setting a Passphrase
In order to start using the Password Manager, a CommitCRM administrator (aka SysAdmin) user should enable it first and set a global passphrase.
Open the main Password Manager window by clicking the ‘Passwords’ icon located in the left side pane and the click the ‘Enable’ button.
As soon as the ‘Enable’ button is clicked you will be asked to select a Passphrase.
After the Passphrase is set and the Password Manager feature is fully enabled, users are granted with different Privileges required to use the Password Manager.
What is a Passphrase?
The Passphrase is an secret key that you need to share with all relevant users.
Users must know the Passphrase in order to work with passwords.
Important: Never lose your passphrase. Losing the passphrase means that you lose all access to all saved passwords.
The Passphrase should be long, hard to guess and yet EASY to remember.
Ideally the passphrase includes a mixture of uppercase and lowercase letters, numbers, spaces and punctuation characters.
Only standard ASCII characters should be used, particularly when using international keyboards.
An example of a passphrase:
The snow is White. The ocean is Blue. Welcome 2 Baloo.
Changing Your Passphrase
A CommitCRM administrator user (aka SysAdmin) can change the passphrase by activating the following menu option: Settings > Password Manager > Change Passphrase.
Enable/Disable for the Web Interface
A CommitCRM administrator user (aka SysAdmin) can enable or disable the Password Manager feature for the Web Interface.
In general it is highly recommended to securely use Web Interface with SSL certificates and access it via the https protocol only. This is achieved by configuring the Web interface to work with Microsoft IIS as its Web server. This recommendation is even more so true when it comes to working with passwords. In case you have not yet migrated to using IIS click here for all details.
In order to enable or disable the Password Manager feature for the Web interface visit Tools > Options > Web Interface (Admin) tab:
Note: For further securing the Web interface consider enabling its 2-Factor Authentication feature.
Tips & Tricks
URL Field
The URL field can be used to execute any valid URL, for example, http://, ftp://
In addition, it can be used to execute commands by prefixing the field content with cmd:// .
By using the <<Username>> and <<Password>> placeholders you can easily embed the 'Username' and 'Password' field values in the executed URL / Command. The placeholder will get automatically replaced when the URL is executed.
Examples:
1. Open a text file in Notepad:
cmd://C:\Windows\Notepad.exe C:\Documents\SampleFile.txt
NOTE: Quotes (") should be used in case the file path contains spaces:
cmd://”C:\My Programs\Notepad.exe” “C:\My Documents\SampleFile.txt”
2. Launch an RDP session by executing a saved RDP configuration file:
cmd://c:\saved-rdp-settings\Server1.rdp
3. Log into a Website or access a Web service:
https://www.samplesite.com/default.php?user=<<USERNAME>>&pass=<<PASSWORD>>
4. Start a save PuTTY session and provide the user credentials automatically:
cmd://C:\PuTTY\PUTTY.EXE -load "saved-session-name" -l <<USERNAME>> -pw <<PASSWORD>>
Keyboard Shortcuts
CTRL+B - copy Username to clipboard
CTRL+C - copy Password to clipboard
CTRL+U - execute URL / command