What is the Password Vault
Simply put the Password Vault is a secure and organized way to store links, usernames and passwords to any and all of the sites or systems that you manage. All information is stored as an encrypted value using aes-256-cbc encryption in the database. During the installation three 1024 random character keys are created to secure and protect your information.
How secure is the Password Vault
While no web site or application is completely secure, I have taken many steps to secure this system. With that said the Password Vault is most secure if it is not publicly accessible. However, if needed it can be publicly accessible and all the security features enabled.
- Login Captcha
- Brute Force Auto Blacklist
- Auto Logout
- Combination Lock
WARNING INPROPER SECURITY CAN RESULT IN A DATA BREACH!
Yes, the Combination Lock is not just a picture it is the first line of defense. You can create a combo code from 4 to 10+ numbers for the combination. Next up Brute Force Auto Blacklist, each time a visitor goes to the login page there IP address is entered into the blacklist if a login attempt is made the count starts, after 5 (Default setting) attempts are made the login form is inaccessible and no further attempts can be made. The Auto logout if enabled well remember the last page you were on, and go to a lock page, to login simply put in your password and off you go. I have also made usernames and passwords complex to prevent a user form using weak usernames and passwords. But no matter how secure the password vault is, weak server security can allow hackers to access your data.Back to top
Password Vault System Requirements
Password Vault Installation Help
Installation Troubleshooting, from time to time problems may accrue while installing.
- File or Folder write permissions
- Missing PHP Modules
- Session Timeout errors
The installer is a 6-step process that involves PHP Sessions, each step will add and remove sessions as completed. If this process is stopped for an extended length of time the session will expire and setup will fail. If this happens you must start over. The installer will not allow missing PHP Modules and will stop. However, if File or Folder write permissions are not set correctly the process will continue and will display the code for the following files.
The db-config.php file contains your database connection information, the public-key.php, private-key.php and password-hash.php files each contain 1024 random character keys. And the install.lock file is used to tell the system that the database is installed, and you have a working connection to it.Back to top