Secret Server uses Advanced Encryption Standard 256 bit for encrypting data in the SQL database.
AES 256 encryption – the Rijandael algorithm – is approved by the U.S. Government and was declared for use by NIST after a 5-year standardization process.
AES 256 is the strongest encryption available for password protection software, and when you combine that with our other security features like DoubleLock, you’ll see why Secret Server is your best option for secure password storage.
Encryption Key Per Installation
Secret Server generates a unique encryption key during installation. This key is encrypted and kept in the encryption.config file. The combination of this file and your Secret Server database allows you to reconstitute your system at any point. So back up your encryption.config file and your database! In fact, you may as well back up your Secret Server application folder and the database for easy moving or restoring of the application. Use the encryption key when encrypting/decrypting data from the database using the AES algorithm.
Login Password Protection
Secret Server hashes and salts user passwords using a randomly generated salt and the SHA512 hashing algorithm. While SHA1 is secure, given the computing power of today’s computers, it is not as secure as previously thought. Secret Server changed to SHA512 in version 2.1 to become an elite, secure password manager.
To further tighten security, Secret Server has multiple options regarding user login. Choose from these options on the Configuration screen for your Secret Server to:
- Require username/password on every login.
- Block browser auto-complete functionality.
- Incorporate authentication against your Active Directory server.
- Allow “Remember Me” for a configurable time period, or disable it entirely.
- Set the number of login failures before a user is marked as inactive.
- Enforce login policy agreement for usage of system
- Enforce two factor authentication using RADIUS