How can I allow using passwords without displaying them in plain text?

Follow

In Password Depot Enterprise Server you can allow users to access individual entries or folders without enabling them to see the passwords in plain text.

This means that you can hide the passwords from the users. However, the user in question cannot use a "conventional" browser for this feature since it would be very easy for any user to display the passwords in plain text through a workaround in such browsers.

HINT: The Protected Sign-On feature is only available with the integrated browser that uses an instance of the Internet Explorer. Other modern browsers like Google Chrome, Mozilla Firefox or Microsoft Edge, too cannot be used for this since they cannot be controlled by third-party applications like Password Depot.

So, if you want to provide passwords to your users but do not want them to see those passwords in plain text at the same time you can use the integrated browser in protected mode. However, please note that the protected mode is restricted. In this case, the add-ons and Javascript are deactivated before the login in order to make reading passwords impossible. The add-ons and Javascript will be activated again afterwards.

Now, the user can only use the hidden password through protected mode. In this case, it will open the integrated browser.

To hide a password but also allow users accessing it at the same time, please go to the Server Manager and select the corresponding database (double click on it). Afterwards, select the correct user or group and double click on it to open their permissions. You can now see the General tab. Please uncheck here the access rights Read/Modify/Add/Delete Entries (for this corresponding user or group only) on database level in order to make sure that the selected user or group cannot access data located to the root directory of the database:

 

mceclip0.png

 

Afterwards, go to the Entries and folders tab. In the Database content area select the desired entry or folder and set the permissions as follows:

 

mceclip1.png

 

Only Access to entries must be activated. All other permissions need to be denied.

If the corresponding user does now open the server database through the client he can see the following:

 

mceclip2.png

 

The corresponding entry is displayed, nevertheless the user cannot open its properties. If he tries to he will receive a warning that he has no permission to open the entry's properties. In order to use the data displayed in the client the user has to right click on the entry and select the option Protected Sign-On:

 

mceclip3.png

 

Immediately, an instance of the Internet Explorer is used to make the entry available in the browser:

 

mceclip4.png

 

mceclip5.png

 

The user can now enter the provided access data to login.

 

TIP: The feature Protected Mode is available for password entries as well as Remote Desktop and PuTTY Connection entries.

8 out of 8 found this helpful

Comments

0 comments

Please sign in to leave a comment.