Password Management

Hudu's password management system makes creating, managing, and securely sharing client passwords simple. Our password manager comes equipped with:
 
  • Password and TOTP generation tools;
  • PWNED counts;
  • Easy-read feature revealing the NATO-phonetic spelling,
  • Simple, secure password share options,
  • Browser extension to find and auto-fill all stored passwords,
  • ...and various other awesome features (see below!!)

    Passwords are protected with AES 256-bit encryption; searchable alongside the assets they reside in, and varying access can be granted to different user roles based on their security group permissions (Groups/Restrictions).

 

 
The three types of passwords that can be stored within Hudu are:
 
  1. General passwords
    • Passwords stored within a specific client/company space, used for anything. These can be related to other relevant assets or websites, and restricted via security permissions.
  2. Embedded passwords 
    • Passwords created via a confidential text field within an asset layout are considered embedded passwords; security permissions are inherited from the immediate parent asset.
    • These passwords do not show up in client password lists.
  3. Personal passwords 
    • Technicians can store any personal passwords within their My Vault on the Hudu Toolbar.
    • These can be imported from .csv or manually created using our password generator.

 

Guides

The sections below will assist and serve to guide you through the creation, editing, and management of passwords. Expand the sections to start learning!

    Access to passwords and the following password functions may vary depending on your Hudu user role as well as the security permissions placed upon you/your security group by the admin and super admin accounts at your organization.

 

Creating Passwords

Passwords can be created and implemented in multiple ways. Refer to the sections below depending on the type of password you're creating. Expand each section to view the respective passwords' guide.
 
General Passwords
This section will show you how to create, save and organize your general passwords in Hudu. If you want to import passwords, please refer to our Importing Data article.
 
  • Navigate to a specific client/company space and navigate to the Passwords tab on the left-side menu.
  • Click ((+)) that appears when hovering over the Passwords tab or you can click ((New Password)) in the top right.
  • In the New Password window, complete the fields:
    • Name
      • Give the password a name that will be easily identifiable (ex. "WordPress Admin")
    • Choose whether you'd like the password available in the portal (External Sharing).
    • Username (optional)
      • Name or email address associated with this password.
    • Password
      • Enter a secure password, or click Generate
    • One-time password (optional)
      • Enter the secret key given from any third-party authentication application or upload the QR code and we'll generate your 6-digit code, which resets every 30 seconds.
      • The secret key must be at least 16 characters long and use Base32 formatting.
    • URL (optional)
      • Enter a valid URL that you'd like tied to this password.
    • Notes (optional)
      • Relevant notes for this password can be added here.
    • Parent (optional)
      • This field can be used to tie the password to relevant assets or websites found elsewhere in your Hudu environment. For more information, see Tools - Relating Passwords below.
    • Folder (optional)
      • Select an existing Password Folder to place the new password in.
    • Color (optional)
      • Choose a color to color code your passwords.
    • Tags (optional)
      • Add new or existing tags to password to easily find passwords based on their tag(s)
  • Click ((Create)) to finish, OR ((Create and Add Another)) to continue adding passwords (repeat the above steps).

new_password.png

Embedded Passwords
This section will show you how to create embedded passwords. Embedded passwords are credentials stored directly within a particular asset card (visit Assets for more information).
 
  • In order to create an embedded password, we'll need to have access to the admin tab. From the admin tab, navigate to the Hudu admin >> Asset Layouts tab.
  • From here, click on a specific asset layout (ex. Desktops).
  • Click New Field.
  • From this window, you'll want to choose the Confidential Text field option. Give this field a name (ex. Administrator password for Desktop X).
  • At this time, ensure that this asset layout is active; you will not be able to perform the following steps if the asset layout is inactive.
  • Navigate back to an individual client/company page. Click on the asset layout that we've just edited.
  • From here, either:
    • Click ((+ New)) in the top right-hand corner if you're creating a brand new asset;

OR

    • If editing an existing asset, click Edit icon in the top right-hand corner once inside the asset.
  • The password field should now be visible and able to be filled out.
  • Ensure that you click Create OR Update (depending on the action being performed) at the bottom of the screen; updates to fields will not save without doing so.

    Passwords can be manually created or created using our password generator. Our OTP generator can also be used for embedded passwords, but these passwords, again, DO NOT show up in a clients' password list.

My Vault
This section will show you how to create personal passwords. For information on importing personal passwords from .csv, please refer to our Importing Data article.
  • Click My Vault on the Hudu Dashboard (person & lock icon for older versions) to open your personal password vault.
  • Click ((+ New)) to manually create password entries.
  • In the New Personal Password window, complete the fields:
    • Name
      • Give the password a name that will be easily identifiable (ex. "WordPress Admin")
    • Username (optional)
      • Name or email address associated with this password.
    • Password
      • Enter a secure password, or click Generate
    • One-time password (optional)
      • Enter the secret key given from any third-party authentication application or upload the QR code and we'll generate your 6-digit code, which resets every 30 seconds.
      • The secret key must be at least 16 characters long and use Base32 formatting.
    • URL (optional)
      • Enter a valid URL that you'd like tied to this password.
    • Notes (optional)
      • Relevant notes for this password can be added here.
  • Click ((Create)) to finish, OR ((Create and Add Another)) to continue adding passwords (repeat the above steps).
My Vault.png

 

Editing Passwords

Password details must be changed or updated from within the specific password. This applies to ALL password types.
  • Navigate into the specific password you'd like to change/update.
  • Once inside an individual password, click the Edit icon at the top right-hand side; this allows you to change the name, username, password, OTP secret key, URL, notes, parent, and password folder or tags.
  • Change/update the password details as required.
  • Ensure that you click Update at the bottom of the screen; updates to the password will not save without doing so.

    Revision histories can be found at the bottom of the right-hand sidebar when you're inside an individual password by clicking into a user's name in the Activity Feed. This dates back to password creation.

    All changes and edits of passwords are tracked in the Activity Logs (info-specific and global), visible only to admins and super admins.

 

Managing Passwords

Keeping passwords organized is a vital practice for ensuring up-to-date and accurate information. This section will show you how to use our organizational tools (tags and folders), as well as our management tools. This applies to general passwords only.
 

Bulk Actions

Inside the password list of a specific client, all passwords of that single client can be managed via the Bulk Actions, found above the password list after clicking the checkbox for one or more password. By managing passwords this way, you can:
  • Move passwords to different clients [spaces],
  • Archive passwords to the Museum.
  • Permanently Delete passwords.
  • Change the password(s) to a new folder.

Table View

Choose exactly which columns appear in the password list view within a company. Simply click the Column Visibility Dropdown and deselect/select which columns you would like to see:

password_column_edit.png

Individually Manage

Within an individual password, clicking More Options at the top right allows you management of that specific password. Passwords can be Favorited, Archived, Deleted, Changed to a new company, or you can Change Permissions and View Who Has Access (provided you have permission to do so).

 

Global Password View

To view passwords across all companies, navigate to the Global section of the toolbar. Only groups with access to Global will see this option on the toolbar. From there, select Passwords from the left-hand sidebar to see a list of all available passwords.
Please note that users in a security group will only see passwords according to their assigned permissions.

Passwords in the Global view can be filtered by company by clicking Filters in the top right next to the passwords search bar. 

global_passwords.png

 

Tools

The sections below will serve to introduce tools associated with password creation, organization, and management. Expand each section for an overview of the feature.
 
Password Folders
Password folders act as the primary tool for password organization. Folders allow you to group clients' passwords and can be created at a global or client-specific level. Password Folders can only be edited and created by Admin and Super Admin users. If a user is not permitted to access a folder, it will not appear for them.

For additional information on folders, visit our Password Folders article!

Password Tagging
Password tags are customizable markers that can be placed on passwords to help with organization. Tags are client-specific and can be added to previously created/stored passwords, allowing filtering based on tags.
Tags will be recommended if already used within the same client space. A password tag cannot be applied more than once to a single entity, nor can duplicate tags be created.

How to Apply Tags

  1. Navigate to the desired password.
  2. Under the Tags header, select + Tag.
  3. Type or select an existing tag and press return.
Password_Tag.png

To filter passwords by tags, select the labeled tags below the Search Passwords bar. The number to the right shows how many passwords are associated with that tag.

Flag
Flags can be added to any password. Click the Flag icon in the top right. Refer to our Flag Types article for more information on creating different flags.
Password Generator
Ensuring the security of your clients' passwords is a top priority. Use our password generator to create:
  • Unique, long, and complex passwords
  • Passwords that are easier to say, read, and remember
TOTP Generator
Our built-in TOTP generator supports traditional OTP code viewing, team collaboration, and secure external sharing. The secret key must be at least 16 characters long and use Base32 formatting.

If the secret key is not provided by the vendor, extract it from the OTP URL or use a tool like webqr.com.

Sharing
Traditional authenticators are limited when you need team or client access. Use our quick share feature or portal sharing for secure, fast access to passwords and OTPs.
Quick share links can be created inside an individual password (if permitted by admin/super admin).
  • Set expiration (30 minutes to 30 days)
  • Choose whether to include OTPs
  • Choose if the link expires after first view
With the external share portal, you can give end-users branded, secure access to selected passwords.
To share passwords via the portal:
  • Click Add to Portal in the individual password view
  • Or configure in bulk via the client’s external sharing tab

The portal must be activated before sharing and can be turned on/off anytime.

For setup instructions, visit our External Sharing article.

Reveal Options
Within a password entry, you can copy and reveal the password or OTP. All reveals are logged and viewable by admins.
OTP reveals include a countdown timer to show when the code will expire.
Once revealed, the Easy-Read function becomes available, using the NATO Phonetic Alphabet to simplify complex characters.
Relating Passwords
Passwords can be related to client entities (other passwords, KBs, websites, etc.).
Passwords can also be created within an asset. Use the sidebar’s password section to create new entries and link them to the client’s main password tool.

Passwords created within assets are automatically added to the client’s password section.

Learn more in our Relationships article.

 

Additional Abilities

The sections below will serve to introduce additional features associated with passwords. The items below can all be found at the bottom of the right-hand action menu when inside of an individual password page.

Revision History
Revision histories serve to provide a breadcrumb trail of when edits to the password were performed, as well as by whom. To access the revision history for a password, click on the user's name that last performed an action for the password. 
 
To view an older version, navigate down the timeline to the desired previous version or select the Older Version button.
Activity Logs
Activity logs serve to provide a detailed information page on what actions have been performed to the specific password you currently reside. Any action performed on a password is recorded within the password-specific activity log; as well as in the Hudu admin Global Activity Logs.
 
Activity logs can be filtered by:
  • Client name.
  • The action performed;
  • By the user who performed the action;
  • or by the IP address from which the action was performed.
View who has Access
This feature will allow admins and super-admins to view who has access to the specific password. Password access can be denied via security groups.
 
  • Users who have access to the password will be designated by a green check mark.
  • Users who are restricted from accessing the password will be designated by a red X.
PWNED Password Monitoring
Hudu's password manager has built-in dark web monitoring for passwords via HaveIBeenPwned.
Pwned_Password.png
View PDF
Physical copies of passwords may still be required; by clicking the Print icon in the top right-hand corner, you'll open a new tab with a copy of your password, in printable format.

FAQ

Why is my password prefilling with the last password created?

Answer: During password generation, if your password is prefilling a password, typically this is due to an autofill feature (either the browsers’ or a 3rd party extension’). To disable this, you’ll need to disable the autofill password feature of the password manager/browser.

How does the dark web monitoring with HaveIBeenPwned work?

Answer: We never send the password in plain text. A partial hash of the first 5 characters of a password are sent encrypted and searched using a k-Anonymity model.

 

Troubleshooting

  • Using the generator with Microsoft and products that support Push 2FA. If the product supports Push 2FA, you must use the non-Push mode. Your OTP will not work when choosing Push 2FA from Microsoft accounts and other similar products.
Was this article helpful?
1 out of 1 found this helpful