...
Introduction
When EmpowerID is installed in an environment, it generates a unique root certificate authority (CA). This CA issues personal certificates for encrypting and decrypting data linked to a person and for utilizing the Privileged Access Management (PAM) feature of EmpowerID. The first time a user creates a secret or attempts to check out shared credentials, EmpowerID prompts them to create a master password for encrypting and decrypting their secrets.
Understanding the Master Password Mechanism
Upon entering a password, it becomes the user's master password. EmpowerID then uses this master password to generate a public/private key pair certificate for the user. The public key is linked to the user, while the private key is encrypted with the master password using AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes. For security, the master password is discarded immediately, and EmpowerID keeps no record of it. This ensures only users can access their credentials, as neither administrators nor the EmpowerID system can retrieve the master password.
Purpose of the Master Password
The master password is essential for establishing a PKI (Public Key Infrastructure) key associated with the user's identity, enabling data encryption and decryption. When using PAM for the first time or create creating a secret, you the user must generate a master password. Thereafter, each time you need to view or create a password or secret, or check out a credential, you will utilize your master password to unlock them.
...
Subsequently, the master password will be used to unlock passwords, secrets, or credentials.
Steps to create a master password
On Using the EmpowerID navbar, expand navigate to Privileged Access and select > Secrets and Personal Creds.
Select the Privileged Access tab and expand the Secrets accordion.
Click Create Master Password.
Click Yes to confirm. The warning displayed by this dialog is for users who already have a master password.
Enter a password in the Password and Confirm Password fields and click OK. Please note that this password cannot be the same as the password you use to authenticate to EmpowerID.
You should see a message stating that the request has been completed.
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|