How can I allow using passwords without displaying them in plain text?

Follow

In Password Depot Enterprise Server, you can allow users to access individual entries or folders without enabling them to see the passwords in plain text.

This means that you can hide the passwords from the users. However, the user in question cannot use a "conventional" browser for this feature since it would be very easy for any user to display the passwords in plain text through a workaround in such browsers.

Note: The Protected Sign-On feature is only available with the integrated browser that uses an instance of the Internet Explorer. Other modern browsers like Google Chrome, Mozilla Firefox or Microsoft Edge cannot be used for this since they cannot be controlled by third-party applications like Password Depot.

Thus, if you want to provide passwords to your users but do not want them to see those passwords in plain text at the same time, you can use the integrated browser in protected mode. However, please note that the protected mode is restricted. In this case, the add-ons and Javascript are deactivated before the login in order to make reading passwords impossible. The add-ons and Javascript will be activated again afterwards.

Now, the user can only use the hidden password through protected mode. In this case, it will open the integrated browser.

To hide a password but also allow users to access it at the same time, please go to the Server Manager and select the database it is located in (double click on it). Afterwards, select the correct user or group and double click on it to open their permissions. You can now see the General tab. Please uncheck here the access rights Read/Modify/Add/Delete Entries (for this particular user or group only) on database level in order to make sure that the selected user or group cannot access data located in the root directory of the database:

 

mceclip0.png

 

Afterwards, go to the Entries and folders tab. In the Database content area select the desired entry or folder and set the permissions as follows:

 

mceclip1.png

 

Only Access to entries must be activated. All other permissions need to be denied.

If the user opens the server database through the client, they can see the following:

 

mceclip0.png

 

The entry is displayed. Nevertheless, the user cannot open its properties. If they try to, they will receive a warning that they are not allowed to open the entry's properties. In order to use the data displayed in the client, the user has to right click on the entry and select the option Protected Sign-On:

 

mceclip1.png

 

Immediately, an instance of the Internet Explorer is used to make the entry available in the integrated browser:

 

mceclip2.png

 

mceclip3.png

 

The user can now enter the provided access data to login.

 

Tip: The feature Protected Mode is available for Password entries as well as Remote Desktop and PuTTY Connection entries.

8 out of 8 found this helpful

Comments

0 comments

Please sign in to leave a comment.