Secure Code & Secure Data
Ensure the integrity of your sensitive data with Passwordstate’s enterprise-grade security. Protect your back-end from database and web threats while safeguarding the front-end from unauthorized access.
Enterprise-Grade Approach to Secure Code and Secure Data
Leveraging industry-standard 256-bit AES encryption, advanced code obfuscation, and digitally signed components, Passwordstate delivers strong protection for your critical information across enterprise environments.
Encryption and Obfuscation
Protecting sensitive data is paramount in enterprise environments. Passwordstate employs 256-bit AES encryption through the .NET Framework, ensuring that all passwords and confidential information remain secure. To prevent unauthorized access or reverse engineering, our platform integrates advanced code obfuscation techniques and precompiled ASP.NET pages, safeguarding against unauthorized access to data.
Digitally Signed Executables, DLLs and Installers
To maintain the integrity of our software, all Passwordstate components, including executables, DLLs, and installers are digitally signed. This ensures that only verified and untampered files are deployed, providing confidence in the authenticity and security of the software ecosystem.
TLS 1.2 Support
Passwordstate supports TLS 1.2, a proven encryption protocol designed to secure data in transit. By encrypting communications between the server and clients, sensitive data is safeguarded from interception or unauthorized access during transmission.
Authorized Web Servers
Passwordstate can be limited to Authorized Web Servers, ensuring only preapproved environments can run the application and access the Passwordstate database. This minimizes exposure to potential theft and enforces tighter control over the infrastructure hosting your critical data.
Unique Initialization Vectors
To enhance data security, Passwordstate employs unique initialization vectors (IVs) for encryption processes. These IVs ensure that encrypted data remains random and unpredictable, even when the same plaintext is encrypted multiple times, mitigating risks of pattern recognition.
Data Integrity with HMAC-SHA512 Hashing Algorithm
To safeguard your sensitive data from unauthorized manipulation, Passwordstate employs the HMAC-SHA512 hashing algorithm combined with data salting. This ensures that data integrity is rigorously maintained, even within the database. For instance, if a database administrator attempts to alter data, such as modifying records to gain unauthorized access to passwords, Passwordstate will immediately detect the inconsistency. A data integrity error will be triggered, preventing access to the application and helping secure your organization’s critical information.
Key Capabilities
- 256-bit AES encryption
- Code obfuscation and precompiled ASP.NET pages
- Digitally signed executables, DLLs and installers
- TLS 1.2 encrypted communications
- Authorized Web Server deployment controls
- Unique initialization vectors (IVs) for encryption
Operational Security Strategy for Passwordstate
Secret Splitting for Enhanced Key Security
Every Passwordstate installation utilizes two unique encryption keys, divided into four independent secrets and stored separately across the web and database servers. This architecture significantly reduces single points of failure and increases the difficulty of compromise.
Encryption Key Rotation with Audit Trail
Organizations can schedule regular encryption key rotations to meet their security requirements. All data is re-encrypted during rotation, and detailed audit data records who performed the rotation and when it occurred. Encryption options are 256-bit AES or FIPS 140-2 based encryption.
Encryption Key Disaster Recovery
Encryption keys can be exported in split-secret format to a password-protected ZIP file for secure external storage. While not mandatory if you routinely back up your Passwordstate folder and database, this provides an additional recovery safeguard. All exports are fully audited.
Secure PowerShell Script Management
All built-in and custom PowerShell scripts are encrypted and securely stored within the database, helping protect critical automation tasks such as discoveries, backups, password resets, and validations from unauthorized tampering.
Encrypted Web.config File Settings
Passwordstate provides guidance for encrypting sensitive configuration values, such as the database connection string and split secrets, within the web.config file. This adds another layer of protection for critical settings.
Integrated Windows Authentication
Passwordstate supports Integrated Windows Authentication, including passthrough authentication for Single Sign-On (SSO) and manual domain credential entry with Multi-Factor Authentication (MFA) for added assurance.
Brute Force Dictionary Attack Detection and Blocking
Both the web interface and mobile client include configurable options to detect and block brute force dictionary attacks, proactively locking out repeated failed attempts.
Password Hiding and Clipboard Clearing
Passwordstate can automatically hide viewed passwords and clear copied passwords from the clipboard after a configurable time, reducing the risk of accidental exposure.
Automatic Logout Period
To prevent unauthorized access from unattended sessions, Passwordstate allows configurable automatic logout periods for inactive sessions, with tailored time-out settings for both in-office and out-of-office scenarios.
Click Studios Approach
Adherence to the OWASP Development Methodology
Click Studios follows the Open Web Application Security Project (OWASP) methodology throughout the software development lifecycle. This helps mitigate vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, and a broad range of other web security threats.
Comprehensive Application Penetration Testing
Click Studios conducts bi-annual penetration testing on networks, infrastructure, and the production instance of Passwordstate. While internal or customer penetration testing results are not shared, customers are encouraged to perform their own testing within their environments to validate security against their specific requirements.
