Password Management

Updated March 09, 2023 17:04

Introduction

Hudu's password management system makes creating, managing, and securely sharing client passwords simple. Our password manager comes equipped with:

Password and TOTP generation tools;
PWNED counts;
Easy-read feature revealing the NATO-phonetic spelling,
Simple, secure password share options,
Browser extension to find and auto-fill all stored passwords (in beta currently),
...and various other awesome features (see below!!)

Passwords are protected with AES 256-bit encryption; searchable alongside the assets they reside in, and varying access can be granted to different user roles based on their security group permissions (Groups/Restrictions).

The three types of passwords that can be stored within Hudu are:

General passwords
- Passwords stored within a specific client/company space, used for anything. These can be related to other relevant assets or websites, and restricted via security permissions.
Embedded passwords
- Passwords created via a confidential text field within an asset layout are considered embedded passwords; security permissions are inherited from the immediate parent asset.
- These passwords do not show up in client password lists.
Personal passwords
- Technicians can store any personal passwords within their My Vault on the Hudu Toolbar.
- These can be imported from .csv or manually created using our password generator.

Guides

The sections below will assist and serve to guide you through the creation, editing, and management of passwords. Expand the sections to start learning!

Access to passwords and the following password functions may vary depending on your Hudu user role as well as the security permissions placed upon you/your security group by the admin and super admin accounts at your organization.

Creating Passwords

Passwords can be created and implemented in multiple ways. Refer to the sections below depending on the type of password you're creating. Expand each section to view the respective passwords' guide.

General Passwords

This section will show you how to create, save and organize your general passwords in Hudu. If you want to import passwords, please refer to our Importing Data article.

Navigate to a specific client/company space and navigate to the Passwords tab on the left-side menu.
Click ((+ New)) in the top-right corner.
In the New Password window, complete the fields:
- Name
  - Give the password a name that will be easily identifiable (ex. "WordPress Admin")
- Choose whether you'd like the password available in the portal (External Sharing).
- Username
  - Name or email address associated with this password.
- Password
  - Enter a secure password, or click Generate
- One-time password (optional)
  - Enter the secret key given from any third-party authentication application or upload the QR code and we'll generate your 6-digit code, which resets every 30 seconds.
  - The secret key must be at least 16 characters long and use Base32 formatting.
- URL (optional)
  - Enter a valid URL that you'd like tied to this password.
- Notes
  - Relevant notes for this password can be added here.
- Parent
  - This field can be used to tie the password to relevant assets or websites found elsewhere in your Hudu environment. For more information, see Tools - Relating Passwords below.
Click ((Create)) to finish, OR ((Create and Add Another)) to continue adding passwords (repeat the above steps).

Embedded Passwords

This section will show you how to create embedded passwords. Embedded passwords are credentials stored directly within a particular asset card (visit Assets for more information).

In order to create an embedded password, we'll need to have access to the admin tab. From the admin tab, navigate to the Hudu admin >> Asset Layouts tab.
From here, click on a specific asset layout (ex. Desktops).
Click New Field.
From this window, you'll want to choose the Confidential Text field option. Give this field a name (ex. Administrator password for Desktop X).
At this time, ensure that this asset layout is active; you will not be able to perform the following steps if the asset layout is inactive.
Navigate back to an individual client/company page. Click on the asset layout that we've just edited.
From here, either:
- Click ((+ New)) in the top right-hand corner if you're creating a brand new asset;

- If editing an existing asset, click ((Edit)) in the top right-hand corner once inside the asset.
The password field should now be visible and able to be filled out.
Ensure that you click Create OR Update (depending on the action being performed) at the bottom of the screen; updates to fields will not save without doing so.

Passwords can be manually created or created using our password generator. Our OTP generator can also be used for embedded passwords, but these passwords, again, DO NOT show up in a clients' password list.

My Vault

This section will show you how to create personal passwords. For information on importing personal passwords from .csv, please refer to our Importing Data article.

Click My Vault on the Hudu Dashboard (person & lock icon for older versions) to open your personal password vault.
Click ((+ Add)) to manually create password entries.
In the New Personal Password window, complete the fields:
- Name
  - Give the password a name that will be easily identifiable (ex. "WordPress Admin")
- Username
  - Name or email address associated with this password.
- Password
  - Enter a secure password, or click Generate
- One-time password (optional)
  - Enter the secret key given from any third-party authentication application or upload the QR code and we'll generate your 6-digit code, which resets every 30 seconds.
  - The secret key must be at least 16 characters long and use Base32 formatting.
- URL (optional)
  - Enter a valid URL that you'd like tied to this password.
- Notes
  - Relevant notes for this password can be added here.
Click ((Create)) to finish, OR ((Create and Add Another)) to continue adding passwords (repeat the above steps).

Editing Passwords

Password details must be changed or updated from within the specific password. This applies to ALL password types.

Navigate into the specific password you'd like to change/update.
Once inside an individual password, click ((Edit)) at the top right-hand side; this allows you to change the name, username, password, OTP secret key, URL, notes, parent, and password folder.
Change/update the password details as required.
Ensure that you click Update at the bottom of the screen; updates to the password will not save without doing so.

Revision histories can be found at the bottom of the right-hand sidebar when you're inside an individual password. This dates back to password creation.

All changes and edits of passwords are tracked in the Activity Logs (info-specific and global), visible only to admins and super admins.

Managing Passwords

Keeping passwords organized is a vital practice for ensuring up-to-date and accurate information. This section will show you how to use our organizational tools (tags and folders), as well as our management tools. This applies to general passwords only.

Bulk Manage

Inside the password list of a specific client, all passwords of that single client can be managed via the Bulk Manage option, found in the top right corner of your password list. By managing passwords this way, you can:

Move passwords to different folders,
Move passwords to different clients [spaces],
Archive passwords to the Museum.

Individually Manage

Within an individual password, clicking Manage at the top right allows you management of that specific password. Passwords can be archived, deleted or you can change security access (provided you have permission to do so).

Tools

The sections below will serve to introduce tools associated with password creation, organization, and management. Expand each section for an overview of the feature.

Password Folders

Password folders act as the primary tool for password organization. Folders allow you to group clients' passwords, and can be created at a global level or at a client-specific level! Password Folders can only be edited and created by Admin and Super Admin. For users not permitted to access a folder, said folder will not appear for them.

For additional information on folders, visit our Password Folders article!

Password Tagging

Password tags are customizable markers that can be placed upon passwords to help with organization. Tags are client-specific and can be added to previously created/stored passwords and allow for filtering of passwords based upon these tags.

Password tags will be recommended if they have already been used within the same client [space] that the password was created within. Password tags can not be applied more than once to a single entity nor can you create duplicate tags.

How to Apply Tags

Navigate to the desired Password.
Below the Tags header, select the Tag Icon
Write in an applied tag or choose a recommended one that may already exist.

To filter passwords by tags, select the labeled tags below your Search Passwords bar. The number to the right of the title is how many passwords have that tag/how many passwords will show.

Password Generator

Ensuring the security of your clients' passwords is a top priority. With our password generator, you can create unique passwords that are long and highly complex OR passwords that are easier to say, read and remember.

TOTP Generator

Our built-in TOTP generator allows for traditional OTP code viewing; as well as team collaboration and secure, external sharing. The secret key must be at least 16 characters long and use Base32 formatting.

If the secret key is not provided by the vendor, you will need to either strip it from the OTP URL provided or use a tool like https://webqr.com/ to grab the secret.

Sharing

Traditional authenticators work great... until you need to allow your team and/or end-users access as well. With our built-in quick share feature or by sharing passwords to the portal, you can share passwords and OTP codes fast, and securely!

Quick share links can be found once inside an individual password (as long as your admin/super admin hasn't disabled this option or is preventing your access via security permissions).

Choose...

the amount of time you want the share link to be active (from 30 minutes to 30 days);
whether to include OTP codes;
and if you want the password to expire after the first view or not.

Giving end-users extended access to passwords is also possible with our external share portal! The content shown to clients within the portal is brandable, and only the information you select is shared.

To share passwords with the portal:

Click Add to Portal at the top right of the page when inside an individual password
OR configure passwords in bulk in the external sharing tab of a client.

The portal must be activated before passwords can be added, and may be activated/deactivated at any time.

For information regarding setting up client portals, visit our External Sharing article.

Reveal Options

Within your password entity, you have the option to copy and reveal the password or OTP. This option allows users to directly see what the password is. Revealing a password will be recorded in the activity list seen by the admin. This will show when and by who.

When revealing an OTP, a timer will be included to show you how long until the code expires.

Once a password is revealed, the Easy-Read function will appear. This uses the NATO Phonetic Alphabet to assist in reading passwords containing similar and/or complex characters and symbols.

Relating Passwords

Passwords can be related to nearly any other client entities within Hudu; this could be to other passwords, KB articles, websites, etc.

Passwords can also be created within an asset. The passwords section on the right-hand sidebar will allow for the creation of new passwords; as well as add these passwords to the clients’ main password tool.

When creating a Password within an asset, it is automatically added to the password section of said client.

Visit Relationships for additional information!

Additional Abilities

The sections below will serve to introduce additional features associated with passwords. The items below can all be found at the bottom of the right-hand action menu when inside of an individual password page.

Revision History

Revision histories serve to provide a breadcrumb trail of when edits to the password were performed, as well as by who. Your current version will be notated at the top of the timeline.

To view an older version, navigate down the timeline to the desired previous version.

Activity Logs

Activity logs serve to provide a detailed information page on what actions have been performed to the specific article you currently reside. Any action performed on a password is recorded within the passwords specific activity log; as well as in the Hudu admin Global Activity Logs.

Activity logs can be filtered by:

Client name.
The action performed;
By the user who performed the action;
or by the IP address from which the action was performed.

View who has Access

This feature will allow admins and super-admins to view who has access to the specific password. Password access can be denied via security groups.

Users that have access to the article will be designated by a green check mark.
Users that are restricted from accessing the article will be designated by a red X.

View PDF

Physical copies of passwords may still be required; by clicking View PDF on the bottom of the right-hand sidebar, you'll open a new tab with a copy of your password, in printable format.

FAQ

Why is my password prefilling with the last password created?

Answer: During password generation, if your password is prefilling a password, typically this is due to an autofill feature (either the browsers’ or a 3rd party extension’). To disable this, you’ll need to disable the autofill password feature of the password manager/browser.

Troubleshooting

Using the generator with Microsoft and products that support Push 2FA. If the product supports Push 2FA, you must use the non-Push mode. Your OTP will not work when choosing Push 2FA from Microsoft accounts and other similar products.