Secret Server uses Advanced Encryption Standard 256 bit for encrypting data in the SQL database.
AES 256 encryption – the Rijandael algorithm – is approved by the U.S. Government and was declared for use by NIST after a 5-year standardization process.
AES 256 is the strongest encryption available for password protection software, and when you combine that with our other security features like DoubleLock, you’ll see why Secret Server is your best option for secure password storage.
Encryption Key Per Installation
Secret Server generates a unique encryption key during installation. This key is encrypted and kept in the encryption.config file or managed by an HSM. The combination of this file and your Secret Server database allows you to reconstitute your system at any point. So back up your encryption.config file and your database! In fact, you may as well back up your Secret Server application folder and the database for easy moving or restoring of the application.
Login Password Protection
Secret Server hashes and salts local user passwords using a randomly generated salt and the PBKDF2-SHA256 hashing algorithm. Active Directory logins authenticate directly against the domain and their passwords are not stored in the Secret Server database.
To further tighten security, Secret Server has multiple options regarding user login. Choose from these options on the Configuration screen for your Secret Server to:
- Require username/password on every login.
- Block browser auto-complete functionality.
- Incorporate authentication against your Active Directory server.
- Allow “Remember Me” for a configurable time period, or disable it entirely.
- Set the number of login failures before a user is marked as inactive.
- Enforce login policy agreement for usage of system
- Enforce two factor authentication using RADIUS