+1-202-802-9399 U.S. Headquarters
Free Trial

AES 256 Encryption

AES 256 Encryption and Password Management

Secret Server password management software uses Advanced Encryption Standard 256 bit for encrypting data in the SQL database.

AES 256 encryption – a subset of the Rijndael algorithm – is approved by the U.S. Government and was declared for use by NIST after a 5-year standardization process.

AES 256 is the strongest encryption available for password management software, which when combined with our other security features like DoubleLock, provides unsurpassed security for sensitive enterprise passwords.

If your organization already uses enterprise-level password protection software with AES 256 encryption, try Secret Server for free – the trial form is on the right – and see how much easier Secret Server is to install, customize, and use. And it won’t cost you more!

AES 256 Encryption feature in Secret Server

Encryption Key Per Installation

Secret Server generates a unique encryption key during installation. This key is encrypted and kept in the encryption.config file or managed by an HSM. The combination of this file and your Secret Server database allows you to reconstitute your system at any point. So back up your encryption.config file and your database! In fact, you may as well back up your Secret Server application folder and the database for easy moving or restoring of the application.

Login Password Protection

Secret Server hashes and salts local user passwords using a randomly generated salt and the PBKDF2-HMAC-SHA256 hashing algorithm. Active Directory logins authenticate directly against the domain and their passwords are not stored in the Secret Server database.

To further tighten security, Secret Server has multiple options regarding user login. Choose from these options on the Configuration screen for your Secret Server to:

  • Require username/password on every login.
  • Block browser auto-complete functionality.
  • Incorporate authentication against your Active Directory server.
  • Allow “Remember Me” for a configurable time period, or disable it entirely.
  • Set the number of login failures before a user is marked as inactive.
  • Enforce login policy agreement for usage of system
  • Enforce two factor authentication using RADIUS

A FREE 30-day trial of Secret Server is available here, or view Secret Server’s list of user-friendly features.

Start Your 30-Day Free Trial
Secret Server full-featured solution

Choose your deployment option:
By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.