Storing Personal Passwords in PAM360

In addition to managing enterprise passwords, PAM360 allows you to store personal passwords and other sensitive information in its repository, including sensitive personal information such as your email account information, credit card numbers, banking information, contact addresses, and phone numbers. PAM360 provides a private repository for each user role, accessible through the Personal tab, ensuring this information remains secure and private. The personal tab is encrypted independently and is not accessible to other users, including administrators, ensuring complete privacy and security of the data stored within.

To activate your Personal tab, you must provide an encryption passphrase. If your organization has implemented password complexity rules, PAM360 will require a passphrase that meets these requirements. Once set, PAM360 uses this passphrase to encrypt your personal passwords. By default, PAM360 does not store the encryption key in its database. Therefore, you should enter this passphrase each time you access your personal passwords. If you forget your passphrase, it cannot be reset or recovered, resulting in the loss of access to your stored personal passwords.

The following topics are covered in detail in this document:

1. Encrypting Personal Passwords
2. Storing Personal Accounts
3. Adding Custom Fields and Categories
4. Managing Passwords in Bulk
5. Reset Personal Passphrase

1. Encrypting Personal Passwords

To access the Personal tab, you must provide an encryption passphrase. While using the personal tab in PAM360 is optional, administrators can enforce the creation of an encryption passphrase for all users from the General Settings section. To set a password policy, go to Admin >> Customization >> General Settings or navigate to Admin >> Password Management >> Password Policies and customize password policies as per your requirements.

Follow the steps detailed below to set an encryption passphrase for your Personal tab:

1. Navigate to the Personal tab.
2. Enter a complex passphrase. Click the Tool-Tip icon to view the passphrase complexity rules.
3. Re-enter your passphrase to confirm it and click Save.
   

PAM360 will use this passphrase to encrypt your data. Ensure the passphrase you create is long and adheres to the complexity rules for enhanced security. You should provide this passphrase every time you access your passwords from the Personal tab. It is important to remember that you cannot retrieve your data if you forget this passphrase.

PAM360 offers several other encryption methods to secure the data stored in the personal tab if the administrator disables the option for users to choose their passphrase. You can choose from the following options to encrypt your data:

1. Use my encryption key and do not store it: If you choose this option, all your passwords will be encrypted using the encryption key you set up below. This key will not be stored in the PAM360 database. You must supply this key every time you access your personal passwords. If you forget this key, you will lose all your passwords. This option is recommended for achieving a high level of security for your sensitive personal data. By not storing the encryption key in the database, the risk of it being exposed and compromising your passwords is significantly reduced.
2. Use my encryption key and store it: If you choose this option, all your passwords will be encrypted using the key you supply below, and the key will be stored securely in the PAM360 database. During subsequent password retrievals, you do not need to specify the key. It is not necessary to remember this key.
3. Use PAM360's encryption key: Your passwords will be encrypted using the same key as the enterprise passwords, eliminating the need to supply or remember encryption keys.
   

Choose the required encryption method, enter your encryption passphrase, and click Save to apply the changes. All your passwords will be encrypted and securely stored in the database using the chosen encryption method.

2. Storing Personal Accounts

After setting up your passphrase, add your accounts to the Personal tab using the default categories provided by PAM360. You cannot delete these default categories but can add your custom categories. The four default account categories are:

1. Web accounts - Store and manage your personal web account credentials using the web accounts category. This option not only centralizes your login information but also supports Two-Factor Authentication (2FA) using TOTP, enhancing the security of your web accounts.
2. Bank accounts - Securely store and manage your banking credentials, including account numbers, branch details, and other sensitive information.
3. Credit card accounts - Manage your credit card information in one place, including card numbers, expiration dates, and security codes. This helps you keep track of your credit cards securely and conveniently.
4. Personal contacts list - Maintain a comprehensive list of personal contacts with their names, phone numbers, email addresses, and other relevant details. This ensures you have quick and secure access to your important contacts.

2.1 Add Accounts

Follow the steps detailed below to add a web account:

1. Navigate to the Personal tab and select Web Accounts from the left pane.
2. On the Web Accounts page, click Add Accounts.
3. In the Add Web Account pop-up window, fill in the following details:
1. Service Name: Enter the name of the web service.
2. Service URL: Enter the URL of the web service.
3. Login Name: Enter the login name of the web account.
   
4. Password: Enter the account password and choose a complexity from the drop-down list.
5. TOTP Secret Key: If your web account uses TOTP for 2FA, input the TOTP Secret Key to access the web account directly through the PAM360 interface, streamlining the generation of TOTP one-time codes alongside the added passwords.
   • By default, the website accounts configured with TOTP as the 2FA mechanism support the SHA1 Algorithm, 6-digit TOTP codes, and a validity of 30 seconds.
   • If your account supports a different set of parameters for TOTP codes, click the Settings drop-down beside the TOTP Secret Key field.
     
   • Select the appropriate TOTP Algorithm and TOTP Digits from the respective drop-down list.
   • Enter the validity duration for the TOTP codes in the TOTP Validity field.

     Additional Detail

     If the values for TOTP Algorithm, TOTP Digits, and TOTP Validity do not match those used by your web account, the authentication mechanism will fail due to incorrect one-time code generation. The TOTP Secret Key for the account cannot be retrieved after configuration. Therefore, ensure that the values you enter or select here match those supported by your web account to avoid any issues.

6. Tags: Enter the keywords that can help you search for the account on the Web Accounts page.
4. Click Save to store the account information securely.

Similarly, you can create accounts for Banking, Credit Cards, and Contacts from the respective category window on the Personal tab.

2.2 Delete Accounts

Follow the steps detailed below to delete your personal accounts:

1. Navigate to the Personal tab
2. Click the desired category of accounts from the left pane.
3. Select the required accounts using the checkboxes and click Delete Accounts from the top menu.
4. Click OK in the confirmation dialog box to complete the deletion.

3. Adding Custom Fields and Categories

3.1 Adding Custom Fields

In addition to the default fields under each category, PAM360 allows you to add custom fields based on your requirements. To add a custom field,

1. Navigate to the Personal tab and switch to the desired category on the left pane.
2. Click the Customize Fields option on the respective category window.
3. On the Customize Category window, you can choose from different types of additional fields such as Character/List, Numeric, Password, and Date. The customization options for each category type are available as separate tabs.
   
4. Switch to the desired tab and enter a column name and description for the custom field of your choice.
5. Additionally, you can set default values for the additional fields of type Character/List and Numeric. You can enter multiple values in the comma-separated format. These values will appear as a drop-down list in the Add/Edit Account windows. You can select the desired option from this drop-down list while adding or editing an account.
6. After entering the required details for the selected category, click Save to save the configured additional field(s).

Similarly, you can include custom fields of desired type for all default and additional categories available on the Passwords tab.

3.2 Creating Custom Categories

In addition to the default categories, you can add multiple custom categories to your Personal tab to store additional information. For example, if you wish to store details about properties you own, you can create a custom category named Properties. To add a custom category:

1. Navigate to the Personal tab and select Add New Category from the left pane.
2. In the Add New Category window, enter a name for the new category in the Category Name field.
   
3. You can choose from available types such as Character/List, Numeric, Password, and Date. The customization options for each type are available as separate tabs. You can add a maximum of nine Character/List fields, four Numeric fields, three Password fields, and four Date fields to the new category.
4. Switch to the desired tab, enter a column name and description, and set default values (if applicable) for the custom field of your choice.

   Caution

   Ensure you add all the necessary custom fields and information for this new custom category before saving. You cannot modify the custom fields after creating the custom category.

5. Click Save to add a new category based on the configured options.

3.3 Managing Custom Categories

If you do not need any available custom categories, you can remove them from the Manage Categories page. You can also edit the custom categories based on your varying needs. To manage a custom category, follow these steps:

1. Go to the Personal tab and select Manage Categories from the left pane.
   
2. Click the Edit icon beside the desired custom category to modify its name.
3. If you want to delete a custom category, click the Delete icon beside the desired custom category.

   Caution

   Exercise caution while performing this action because once you delete a category, it is removed from the database permanently.

4. Managing Passwords in Bulk

You can import and export passwords added to the Personal tab in bulk. Click here to view sample files and learn more about the supported file formats for importing. When you import a file, PAM360 will automatically fill in the fields matching the column names. Additionally, you can manually map fields in the imported file to the attributes of the corresponding personal category.

4.1 Importing Passwords

To import your personal passwords from a file,

1. Go to the Personal tab and click the Import Accounts option from the top menu.
2. In the Import Passwords from File pop-up window, choose category, file type, and file format.
   
3. Click Browse and select the file from your machine that contains the passwords.
4. Click Next and map the fields according to the data available in the attached file.
   
5. Click Import to complete the import process.

4.2 Exporting Passwords

Follow these steps to export your personal passwords in the PDF or XLS format:

1. Go to the Personal tab of your PAM360 account.
2. Click the Export icon in the top right corner of the screen.
   
3. Select PDF or XLS format based on your preference. The passwords will be exported to your machine as a PDF or XLS file based on your selection.

5. Reset Personal Passphrase

Follow the steps detailed below to reset the passphrase for the Personal tab:

1. Go to the Personal tab and click the Forgot Personal Passphrase? option under the Enter your passphrase field.
2. In the pop-up window that appears, provide a reason for the passphrase reset in the Reason field and click the Reset Passphrase button.
   

You have successfully reset your personal passphrase for the Personal tab.