meta data for this page
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
passwords [2023/09/14 15:40] – created johnny | passwords [2023/09/14 15:46] (current) – johnny | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Passwords ====== | ====== Passwords ====== | ||
- | TFlow allows you to store asset/URL credentials | + | ITFlow |
{{: | {{: | ||
- | Login Fields | + | ===== Login Fields |
* Name/Desc | * Name/Desc | ||
* Username | * Username | ||
Line 12: | Line 13: | ||
* Notes | * Notes | ||
- | ITFlow Login Helper Browser Extension | + | ===== ITFlow Login Helper Browser Extension |
+ | |||
+ | A browser extension is available for [[https:// | ||
+ | |||
+ | ===== How logins are protected ===== | ||
+ | |||
+ | All login password data is encrypted at rest, and ideally in transit as you're using HTTPS to access your ITFlow instance, // | ||
+ | |||
+ | In order to understand how ITFlow encrypts login entries, you must first understand the requirements: | ||
+ | |||
+ | - Securely protect login entries with encryption | ||
+ | - Never store the plaintext encryption key in the database / on disk | ||
+ | - Allow multiple users to easily and quickly access login passwords | ||
+ | - Not require a server TPM chip or third party server/ | ||
+ | |||
+ | With that in mind, the solution decided upon was to generate an AES master key during the initial installation and **encrypt this master key for each technician using their password** hash as their " | ||
+ | |||
+ | This approach is by no means perfect. It also means that **if you forget/lose all user account passwords and haven' | ||
- | A browser extension is available | + | I've abstracted some of the details here for readability. If you'd like to get into the technical detail of how this is done, please review the associated |