Encryption and Obfuscation
Protecting sensitive data is paramount in enterprise environments. Passwordstate employs 256-bit AES encryption through the .NET Framework, ensuring that all passwords and confidential information remain secure. To prevent unauthorized access or reverse engineering, our platform integrates advanced code obfuscation techniques and precompiled ASP.NET pages, safeguarding against unauthorized access to data.
Digitally Signed Executables, DLLs and Installers
To maintain the integrity of our software, all Passwordstate components, including executables, DLLs, and installers are digitally signed. This process ensures that only verified and untampered files are deployed, providing organizations with confidence in the authenticity and security of their software ecosystem.
TLS 1.2 Support
Passwordstate supports TLS 1.2, a proven encryption protocol designed to secure data in transit. By encrypting communications between the server and clients, we safeguard sensitive data from interception or unauthorized access during transmission.
Authorized Web Servers
We limit the deployment of Passwordstate to Authorized Web Servers, ensuring only preapproved environments can run the application and access the Passwordstate database. This minimizes exposure to potential theft and enforces tighter control over the infrastructure hosting your critical data.
Unique Initialization Vectors
To enhance data security, Passwordstate employs unique initialization vectors (IVs) for encryption processes. These IVs ensure that encrypted data remains random and unpredictable, even when the same plaintext is encrypted multiple times, mitigating risks of pattern recognition.
Data Integrity with HMAC-SHA512 Hashing Algorithm
To safeguard your sensitive data from unauthorized manipulation, Passwordstate employs the HMAC-SHA512 hashing algorithm combined with data salting. This ensures that data integrity is rigorously maintained, even within the database.
For instance, if a database administrator attempts to alter data, such as modifying records to gain unauthorized access to passwords, Passwordstate will immediately detect the inconsistency. A data integrity error will be triggered, preventing access to the application and ensuring the security of your organization’s critical information.
Operational Security Strategy for Passwordstate:
Secret Splitting for Enhanced Key Security
Every Passwordstate installation utilizes two unique encryption keys, which are divided into four independent secrets. These secrets are stored separately across your web and database servers. This architecture ensures that compromising your encryption keys would require breaching multiple platforms and technology stacks, significantly enhancing security and mitigating single points of failure.
Encryption Key Rotation with Audit Trail
Organizations can schedule regular encryption key rotations to meet their specific security requirements. During this process, all stored data is re-encrypted using the new encryption keys, ensuring continuous protection. Passwordstate logs detailed audit data, providing complete traceability of key rotations, including the identity of the individual performing the rotation and the exact time of the operation. Encryption options are 256-bit AES or FIPS 140-2 based encryption.
Encryption Key Disaster Recovery
To ensure business continuity, Passwordstate allows encryption keys to be exported in their split secret format to a password-protected zip file for secure external storage. While not mandatory if you routinely back up your Passwordstate folder and database, this option provides an additional layer of protection. All exports are fully audited, ensuring traceability and accountability.
Secure PowerShell Script Management
All PowerShell scripts used within Passwordstate, including both built-in and custom scripts, are encrypted and securely stored within the database. This guarantees the integrity and security of scripts utilized for critical tasks such as discoveries, backups, password resets, and validations, safeguarding your operations from unauthorized tampering.
Encrypted Web.config File Settings
To further secure access to the database and encryption keys, Passwordstate provides detailed instructions for encrypting sensitive information, such as the database connection string and split secrets, within the web.config file. This additional layer of security ensures critical configuration data is protected against unauthorized access.
Integrated Windows Authentication
Passwordstate supports Integrated Windows Authentication, offering robust secure access options. Enterprises can configure passthrough authentication for Single Sign-On (SSO) or require manual domain credential entry with Multi-Factor Authentication (MFA) for an added layer of security.
Brute Force Dictionary Attack Detection and Blocking
Both the web interface and mobile client include configurable options to detect and block brute force dictionary attacks. This proactive defense mechanism locks out failed attempts, significantly enhancing the security of your Passwordstate environment.
Password Hiding and Clipboard Clearing
Passwordstate offers options to automatically hide viewed passwords and clear copied passwords from the clipboard after a configurable time. These measures reduce the risk of accidental exposure and unauthorized access to sensitive credentials.
Automatic Logout Period
To prevent unauthorized access from unattended sessions, Passwordstate allows you to configure automatic logout periods for inactive sessions. Tailored time-out settings can be specified for both in-office and out-of-office scenarios, ensuring flexible and comprehensive session management.
Click Studios Approach:
Adherence to the OWASP Development Methodology
Click Studios strictly follows the Open Web Application Security Project (OWASP) methodology in its software development lifecycle. This approach is designed to mitigate vulnerabilities such as Cross-Site Scripting (XSS), SQL Injections, and a wide range of other security threats. By aligning with OWASP best practices, we ensure that Passwordstate is developed to meet the highest security standards, providing a robust and reliable solution for enterprise environments.
Comprehensive Application Penetration Testing
To ensure the security and resilience of our systems, Click Studios conducts bi-annual penetration testing on our networks, infrastructure, and the production instance of Passwordstate. While we do not share internal or customer penetration testing results, we strongly encourage our customers to conduct penetration testing in their own environments. This enables organizations to validate the security of Passwordstate in the context of their unique infrastructure and requirements.
