meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
passwords [2023/09/14 15:40] – johnny | passwords [2023/09/14 15:46] (current) – johnny | ||
---|---|---|---|
Line 3: | Line 3: | ||
{{: | {{: | ||
- | Login Fields | + | ===== Login Fields |
* Name/Desc | * Name/Desc | ||
* Username | * Username | ||
Line 12: | Line 13: | ||
* Notes | * Notes | ||
- | ITFlow Login Helper Browser Extension | + | ===== ITFlow Login Helper Browser Extension |
+ | |||
+ | A browser extension is available for [[https:// | ||
+ | |||
+ | ===== How logins are protected ===== | ||
+ | |||
+ | All login password data is encrypted at rest, and ideally in transit as you're using HTTPS to access your ITFlow instance, // | ||
+ | |||
+ | In order to understand how ITFlow encrypts login entries, you must first understand the requirements: | ||
+ | |||
+ | - Securely protect login entries with encryption | ||
+ | - Never store the plaintext encryption key in the database / on disk | ||
+ | - Allow multiple users to easily and quickly access login passwords | ||
+ | - Not require a server TPM chip or third party server/ | ||
+ | |||
+ | With that in mind, the solution decided upon was to generate an AES master key during the initial installation and **encrypt this master key for each technician using their password** hash as their " | ||
+ | |||
+ | This approach is by no means perfect. It also means that **if you forget/lose all user account passwords and haven' | ||
- | A browser extension is available | + | I've abstracted some of the details here for readability. If you'd like to get into the technical detail of how this is done, please review the associated |