Storing Personal Passwords in PAM36014 minutes to read
In addition to enterprise passwords, PAM360 allows you to store personal passwords in the PAM360 repository. It is also possible to save personal details such as your personal email account information, credit card numbers, and other banking data, contact addresses, phone numbers. To store such sensitive personal data, PAM360 offers a private repository that only you can access, in the form of a Personal tab for each user role. The information stored in the Personal tab is encrypted independently and hidden from all other users, including the administrator; this is to ensure complete privacy and security of your data. To activate your Personal tab, supply an encryption passphrase for data encryption. In case your organization has enforced password complexity rules in your environment, PAM360 will also ask you to enter a passphrase that matches the complexity requirements. Once you set up your passphrase, PAM360 encrypts all your personal passwords using this passphrase. By default, PAM360 does not store the encryption key anywhere in the PAM360 database. You must provide this passphrase to access your personal passwords every time. If you forget the passphrase, you cannot reset or recover it, leading to a loss of access to your personal passwords stored in PAM360. At the end of this document, you will have learned the following:
1. Encrypting Personal PasswordsTo gain access to the Personal tab, you must provide an encryption passphrase. While using the Personal tab in PAM360 is optional, administrators can enforce creation of an encryption passphrase for all users from the General Settings. To set a strong password policy, go to Settings >> General Settings or navigate to Admin >> Resource Config >> Password Policies and customize password polices as per your requirement. Follow the below steps to set an encryption passphrase for your Personal tab:
PAM360 will use this passphrase to encrypt your data. Ensure that the passphrase you create is long and obeys the complexity rules for enhanced security. Whenever you need to access personal passwords in the Personal tab, you need to supply this passphrase. Remember, if you forget your passphrase, there is no way to retrieve your personal data. If the administrator disables the option that allows user to choose their own passphrase for the personal passwords section, PAM360 provides options to choose an encryption method for securing the data stored in the Personal tab. Please note that all your personal passwords will be encrypted and stored in the database. PAM360 will encrypt your personal data based on the encryption key you choose to use based on the options given below: Option 1: Use my encryption key and do not store it: If you choose this option, all your passwords will be encrypted using the encryption key you set up below. Note that this key will not be stored in the PAM360 database. To access your personal passwords you will have to supply this key every time and if you forget this key you will lose all your passwords. This is the recommended option for achieving a high level of security for your sensitive personal data. In choosing not to store the encryption key, the risk of it getting exposed and compromising your passwords is significantly low. Option 2: Use my encryption key and store it: If you choose this option, all your passwords will be encrypted using the key you supply below and the key will be stored securely in the PAM360 database. During the subsequent password retrievals you need not specify the key and it is also not necessary that you remember this key. Option 3: Use PAM360's encryption key: All your passwords will be encrypted with the same key as the enterprise passwords. You don't have to supply or remember any encryption keys. Choose the required encryption method, enter your encryption passphrase and click Save to save the changes. 2. Storing Personal AccountsOnce you have set your passphrase, proceed with adding your personal accounts in the Personal tab in the default categories provided by PAM360. The default categories cannot be deleted. However there is also provision to add your own custom categories, which is discussed in the next section of the document. The four default categories of accounts are:
2.1 Web AccountsTo add a new web account, follow the below steps:
2.2 Banking AccountsTo add a new banking account, follow the below steps:
2.3 Credit Card AccountsTo add a new credit card account, follow the below steps:
2.4 Personal ContactsTo add a new contact, follow the below steps:
2.5 Deleting AccountsTo delete any of the accounts, go to the respective accounts page,
3. Adding Custom FieldsIn addition to the default categories, add any number of additional custom fields to your Personal tab to store other information. For instance, if you wish to store details about the properties owned by you, add a custom category named Properties. 3.1 Creating Custom CategoriesFollow the steps below to add a custom field:
3.2 Managing Custom CategoriesIf any of the custom categories are no longer required, delete them in the Manage Categories page. Once you delete the categories, they will be deleted from the database once and for all. So, exercise care before deleting. You can also edit the custom categories. To manage a custom category,
4. Managing Passwords in BulkImport and export passwords added to the Personal tab in bulk. Click here to view file samples and learn more about file formats supported for importing. The data from the imported file will autofill the fields matching the column names. You can also choose which field in the imported file should map to the attributes of the corresponding personal category. Note: Earlier, it was possible to import a .txt file containing comma-separated data, and in step 2, the data would be listed as expected. However, from build 6400 onwards, if the entries are comma-separated, the file format must be .csv. Files with tab-separated values should be saved as .txt or .tsv for importing. 4.1 Importing PasswordsFollow the below steps to import passwords:
4.2 Exporting PasswordsExport personal passwords in PDF or XLS format using the Export option.
5. Reset Personal Passphrase
| |
[Webinar] Weave privileged access security into your org-wide ITSM workflows. Register now