Password Management

Hudu's password management system makes creating, managing, and securely sharing client passwords simple. Our password manager comes equipped with:
 
  • Password and TOTP generation tools;
  • PWNED counts;
  • Easy-read feature revealing the NATO-phonetic spelling,
  • Simple, secure password share options,
  • Browser extension to find and auto-fill all stored passwords,
  • ...and various other awesome features (see below!!)

    Passwords are protected with AES 256-bit encryption; searchable alongside the assets they reside in, and varying access can be granted to different user roles based on their security group permissions (Groups/Restrictions).

 

 
The three types of passwords that can be stored within Hudu are:
 
  1. General passwords
    • Passwords stored within a specific client/company space, used for anything. These can be related to other relevant assets or websites, and restricted via security permissions.
  2. Embedded passwords 
    • Passwords created via a confidential text field within an asset layout are considered embedded passwords; security permissions are inherited from the immediate parent asset.
    • These passwords do not show up in client password lists.
  3. Personal passwords 
    • Technicians can store any personal passwords within their My Vault on the Hudu Toolbar.
    • These can be imported from .csv or manually created using our password generator.

 

Guides

The sections below will assist and serve to guide you through the creation, editing, and management of passwords. Expand the sections to start learning!

    Access to passwords and the following password functions may vary depending on your Hudu user role as well as the security permissions placed upon you/your security group by the admin and super admin accounts at your organization.

 

Creating Passwords

Passwords can be created and implemented in multiple ways. Refer to the sections below depending on the type of password you're creating. Expand each section to view the respective passwords' guide.
 
General Passwords
This section will show you how to create, save and organize your general passwords in Hudu. If you want to import passwords, please refer to our Importing Data article.
 
  • Navigate to a specific client/company space and navigate to the Passwords tab on the left-side menu.
  • Click ((+)) that appears when hovering over the Passwords tab or you can click ((New Password)) in the top right.
  • In the New Password window, complete the fields:
    • Name
      • Give the password a name that will be easily identifiable (ex. "WordPress Admin")
    • Choose whether you'd like the password available in the portal (External Sharing).
    • Username
      • Name or email address associated with this password.
    • Password
      • Enter a secure password, or click Generate
    • One-time password (optional)
      • Enter the secret key given from any third-party authentication application or upload the QR code and we'll generate your 6-digit code, which resets every 30 seconds.
      • The secret key must be at least 16 characters long and use Base32 formatting.
    • URL (optional)
      • Enter a valid URL that you'd like tied to this password.
    • Notes
      • Relevant notes for this password can be added here.
    • Parent
      • This field can be used to tie the password to relevant assets or websites found elsewhere in your Hudu environment. For more information, see Tools - Relating Passwords below.
  • Click ((Create)) to finish, OR ((Create and Add Another)) to continue adding passwords (repeat the above steps).

new password.png

Embedded Passwords
This section will show you how to create embedded passwords. Embedded passwords are credentials stored directly within a particular asset card (visit Assets for more information).
 
  • In order to create an embedded password, we'll need to have access to the admin tab. From the admin tab, navigate to the Hudu admin >> Asset Layouts tab.
  • From here, click on a specific asset layout (ex. Desktops).
  • Click New Field.
  • From this window, you'll want to choose the Confidential Text field option. Give this field a name (ex. Administrator password for Desktop X).
  • At this time, ensure that this asset layout is active; you will not be able to perform the following steps if the asset layout is inactive.
  • Navigate back to an individual client/company page. Click on the asset layout that we've just edited.
  • From here, either:
    • Click ((+ New)) in the top right-hand corner if you're creating a brand new asset;

OR

    • If editing an existing asset, click Edit icon in the top right-hand corner once inside the asset.
  • The password field should now be visible and able to be filled out.
  • Ensure that you click Create OR Update (depending on the action being performed) at the bottom of the screen; updates to fields will not save without doing so.

    Passwords can be manually created or created using our password generator. Our OTP generator can also be used for embedded passwords, but these passwords, again, DO NOT show up in a clients' password list.

My Vault
This section will show you how to create personal passwords. For information on importing personal passwords from .csv, please refer to our Importing Data article.
  • Click My Vault on the Hudu Dashboard (person & lock icon for older versions) to open your personal password vault.
  • Click ((+ New)) to manually create password entries.
  • In the New Personal Password window, complete the fields:
    • Name
      • Give the password a name that will be easily identifiable (ex. "WordPress Admin")
    • Username
      • Name or email address associated with this password.
    • Password
      • Enter a secure password, or click Generate
    • One-time password (optional)
      • Enter the secret key given from any third-party authentication application or upload the QR code and we'll generate your 6-digit code, which resets every 30 seconds.
      • The secret key must be at least 16 characters long and use Base32 formatting.
    • URL (optional)
      • Enter a valid URL that you'd like tied to this password.
    • Notes
      • Relevant notes for this password can be added here.
  • Click ((Create)) to finish, OR ((Create and Add Another)) to continue adding passwords (repeat the above steps).
My Vault.png

 

Editing Passwords

Password details must be changed or updated from within the specific password. This applies to ALL password types.
  • Navigate into the specific password you'd like to change/update.
  • Once inside an individual password, click the Edit icon at the top right-hand side; this allows you to change the name, username, password, OTP secret key, URL, notes, parent, and password folder.
  • Change/update the password details as required.
  • Ensure that you click Update at the bottom of the screen; updates to the password will not save without doing so.

    Revision histories can be found at the bottom of the right-hand sidebar when you're inside an individual password by clicking into a user's name in the Activity Feed. This dates back to password creation.

    All changes and edits of passwords are tracked in the Activity Logs (info-specific and global), visible only to admins and super admins.

 

Managing Passwords

Keeping passwords organized is a vital practice for ensuring up-to-date and accurate information. This section will show you how to use our organizational tools (tags and folders), as well as our management tools. This applies to general passwords only.
 

Bulk Actions

Inside the password list of a specific client, all passwords of that single client can be managed via the Bulk Actions, found above the password list after clicking the checkbox for one or more password. By managing passwords this way, you can:
  • Move passwords to different clients [spaces],
  • Archive passwords to the Museum.
  • Permanently Delete passwords.
  • Change the password(s) to a new folder.

Individually Manage

Within an individual password, clicking More Options at the top right allows you management of that specific password. Passwords can be Favorited, Archived, Deleted or you can Change Permissions and View Who Has Access (provided you have permission to do so).

 

Tools

The sections below will serve to introduce tools associated with password creation, organization, and management. Expand each section for an overview of the feature.
 
Password Folders
Password folders act as the primary tool for password organization. Folders allow you to group clients' passwords, and can be created at a global level or at a client-specific level! Password Folders can only be edited and created by Admin and Super Admin. For users not permitted to access a folder, said folder will not appear for them.
 

    For additional information on folders, visit our Password Folders article!

Password Tagging
Password tags are customizable markers that can be placed upon passwords to help with organization. Tags are client-specific and can be added to previously created/stored passwords and allow for filtering of passwords based upon these tags.
 
Password tags will be recommended if they have already been used within the same client [space] that the password was created within. Password tags cannot be applied more than once to a single entity, nor can you create duplicate tags.
 

How to Apply Tags

  1. Navigate to the desired Password.
  2. Below the Tags header, select +Tag.
  3. Write in an applied tag or choose a recommended one that may already exist and hit return after typing.
Password_Tag.png
 

    To filter passwords by tags, select the labeled tags below your Search Passwords bar. The number to the right of the title is how many passwords have that tag/how many passwords will show.

Password Generator
Ensuring the security of your clients' passwords is a top priority. With our password generator, you can create unique passwords that are long and highly complex OR passwords that are easier to say, read and remember.
TOTP Generator
Our built-in TOTP generator allows for traditional OTP code viewing; as well as team collaboration and secure, external sharing. The secret key must be at least 16 characters long and use Base32 formatting.
 

    If the secret key is not provided by the vendor, you will need to either strip it from the OTP URL provided or use a tool like https://webqr.com/ to grab the secret.

Sharing
Traditional authenticators work great... until you need to allow your team and/or end-users access as well. With our built-in quick share feature or by sharing passwords to the portal, you can share passwords and OTP codes fast, and securely!
 
Quick share links can be found once inside an individual password (as long as your admin/super admin hasn't disabled this option or is preventing your access via security permissions).
Choose...
  • the amount of time you want the share link to be active (from 30 minutes to 30 days);
  • whether to include OTP codes;
  • and if you want the password to expire after the first view or not.
Giving end-users extended access to passwords is also possible with our external share portal! The content shown to clients within the portal is brandable, and only the information you select is shared.
 
To share passwords with the portal:
  • Click Add to Portal at the top right of the page when inside an individual password
  • OR configure passwords in bulk in the external sharing tab of a client.

    The portal must be activated before passwords can be added, and may be activated/deactivated at any time.

    For information regarding setting up client portals, visit our External Sharing article.

Reveal Options
Within your password entity, you have the option to copy and reveal the password or OTP. This option allows users to directly see what the password is. Revealing a password will be recorded in the activity list seen by the admin. This will show when and by who.
When revealing an OTP, a timer will be included to show you how long until the code expires.
 
Once a password is revealed, the Easy-Read function will appear. This uses the NATO Phonetic Alphabet to assist in reading passwords containing similar and/or complex characters and symbols.
Relating Passwords
Passwords can be related to nearly any other client entities within Hudu; this could be to other passwords, KB articles, websites, etc.
Passwords can also be created within an asset. The passwords section on the right-hand sidebar will allow for the creation of new passwords; as well as add these passwords to the clients’ main password tool.
 

    When creating a Password within an asset, it is automatically added to the password section of said client.

    Visit Relationships for additional information!

 

Additional Abilities

The sections below will serve to introduce additional features associated with passwords. The items below can all be found at the bottom of the right-hand action menu when inside of an individual password page.

Revision History
Revision histories serve to provide a breadcrumb trail of when edits to the password were performed, as well as by whom. To access the revision history for a password, click on the user's name that last performed an action for the password. 
 
To view an older version, navigate down the timeline to the desired previous version or select the Older Version button.
Activity Logs
Activity logs serve to provide a detailed information page on what actions have been performed to the specific password you currently reside. Any action performed on a password is recorded within the password-specific activity log; as well as in the Hudu admin Global Activity Logs.
 
Activity logs can be filtered by:
  • Client name.
  • The action performed;
  • By the user who performed the action;
  • or by the IP address from which the action was performed.
View who has Access
This feature will allow admins and super-admins to view who has access to the specific password. Password access can be denied via security groups.
 
  • Users who have access to the password will be designated by a green check mark.
  • Users who are restricted from accessing the password will be designated by a red X.
PWNED Password Monitoring
Hudu's password manager has built-in dark web monitoring for passwords via HaveIBeenPwned.
Pwned_Password.png
View PDF
Physical copies of passwords may still be required; by clicking the Print icon in the top right-hand corner, you'll open a new tab with a copy of your password, in printable format.

FAQ

Why is my password prefilling with the last password created?

Answer: During password generation, if your password is prefilling a password, typically this is due to an autofill feature (either the browsers’ or a 3rd party extension’). To disable this, you’ll need to disable the autofill password feature of the password manager/browser.

How does the dark web monitoring with HaveIBeenPwned work?

Answer: We never send the password in plain text. A partial hash of the first 5 characters of a password are sent encrypted and searched using a k-Anonymity model.

 

Troubleshooting

  • Using the generator with Microsoft and products that support Push 2FA. If the product supports Push 2FA, you must use the non-Push mode. Your OTP will not work when choosing Push 2FA from Microsoft accounts and other similar products.
Was this article helpful?
1 out of 1 found this helpful