Scorpion Software Blog

Today, we'll show you how to update your AuthAnvil URLs from HTTP to HTTPS. 

Using a scheduled task, you can configure Windows to routinely backup the AuthAnvil database and make the backup available to your normal server backup sets. Plus, using Password sync-chains, you can automate the credentials used to run the task. We’ll cover the procedure for the AuthAnvil Password Server backup tool, but the same procedure applies to every AuthAnvil product.

Creating The Task

To get started, create a task in the task scheduler to execute AAPSBackup.exe. You can find the parameters and such in the backup section of the Password Server Install Guide. We recommend having this task run nightly, shortly before your usual server backup.

NOTE: A PSB file stores all AuthAnvil Password Server users, configuration and audit data, and should be properly secured. You may wish to copy the BackupTool directory or the directory that the “Start in” field is pointed to (Windows Server 2008 and later) to a secure location and further tighten NTFS ACLs so permissions will only allow the backup account privileges to read and access the .psb files created, along with the administrative account which needs to execute the aapsbackup tool. All other access should be explicitly denied.

Syncronizing The Password

Normally, if you used a local administrator account to execute your scheduled task, changing the password for that account would force you to manually update the task with a new password. With AuthAnvil, that’s not an issue anymore.

Assuming that you’ve already stored and synchronized this password in AuthAnvil, just add the task as an additional step on the synchronization page. This creates a sync chain that will make the sync agent update the local administrator password as well as the task anytime that credential changes.

Moving Forward

Now, as per most backup procedures, you will want to periodically verify your backups. The best way to do so is perform a full restore in a test environment. We also recommend creating a quarterly hard copy of the passwords stored in AuthAnvil. This hard copy can be generated by a mass export function from inside AuthAnvil, which in turn should be immediately printed on a secure printer. The resultant document should be sealed and placed in the company safe or the deposit box at the bank for use in case of extreme emergency.

If you want to learn more best practices when it comes to your passwords, check out the Password Management Playbook for free.

by: Cody Marbach

Today, I'd like to talk about SQL Azure support for the AuthAnvil Password Server.

Most people don't know, but AuthAnvil Password Server supports SQL Azure right out of the box, from install to backup. Using SQL Azure, you can be confident in the reliability and availability of your data. For more information on SQL Azure, please check out Microsoft's website.

From version 1.6.0.10 forward, AuthAnvil Password Server is fully compatible with SQL Azure, and all backups from previous version will likewise be compatible. Once you've got your own Windows Azure account set up, simply install AuthAnvil Password Server, and select the option for a SQL Azure database.

From here, you can perform a new install, or restore your existing data from a backup, as normal. If you have any questions about this or other AuthAnvil Password Server topics, please post in the comments below!

If you're still shopping for a password management system, or you're just curious if you need such a thing, check out this free eBook. We'll show you the 10 things that take a password management system from good, to great!

Welcome back to our series on auditing and reports in the AuthAnvil Password Server. Today, we're going to talk about Permissions reports. Previously, we took a look at Password reports, which allow you to see information on sync status, policy override, and expiration. Permissions reports allow you to review the permissions of User and Roles, as well as temporary password approvals.

The user report will show all permissions directly tied to that user, and their role memberships. If they are a direct (non-role) member of any vault, the permissions they have will be listed here. Likewise, the role report will show all of the vault permissions that a given role has.

We hope that all of this will be useful in managing your password policy, and maintaining your own auditing of sensitive password information. We'll be continuing with more AuthAnvil Password Server Reports next week. Until then, if you have any questions about this or other AuthAnvil Password Server topics, please post in the comments below!

Welcome back to our series on auditing and reports in the AuthAnvil Password Server. Today, the topic is Password Reports. The User Password Reports from last time focus on a single user at a time, and how much that user still knows or has access to. These reports cover passwords as a whole, allowing you to find certain groups of passwords that may need attention.

We're going to look at three of these reports today, dealing with expiring passwords, out of sync passwords, and passwords overriding vault policy. All three of these reports are very straight forward, and provide you with lists of passwords that meet the report criteria. The 'about to expire' report gives you a summary of all passwords that are close to expiring. The 'out of sync' report gives you a list of all passwords currently in an out-of-sync state.

Here, we can see that three passwords are currently overriding Vault policy. It's easy to see from their names and descriptions that these are door and safe codes, and thus the input options are probably limited. Since a simple number pad or safe dial doesn't give you the option to use letter or special characters, you have the option to manually ignore Vault policy in order to input a password that is actually usable on the end device.

Password reports allow you to stay on top of Sync status, Overrides, and Expiration among your passwords. We'll be continuing with more AuthAnvil Password Server Reports next week. Until then, if you have any questions about this or other AuthAnvil Password Server topics, please post in the comments below!

Welcome back to our series on auditing and reports in the AuthAnvil Password Server. Today, we're going to talk about our User Password Reports. These reports give you a summary on all of the password data that a user has access to. We've broken it down into three separate reports, based around three different questions you may ask about the password knowledge of your users.

These reports can tell you what passwords a user can see, has ever seen, and still knows. From the 'can see' report, we take a look at a users current vault permissions, their role membership, and password authorizations to give you a complete list of every non-private password that user can see. Likewise, with the 'has seen' report, we look through our audit data, and compile a list of every password a user has ever actually revealed. For the 'still knows' report, we define this as having revealed the password at least once since the last time it was changed.

The 'still knows' report has one extra feature. From this report, you can force the rotation of all passwords a user still knows. Synchronized passwords are automatically changed and re-synced, while static passwords are flagged for manual rotation to vault owners. Making use of these reports allow you to keep a close eye on what passwords you users have access to, as well as easily make a list of passwords to be changed in an employee leaves.

We'll be continuing with more AuthAnvil Password Server Reports next week. Until then, if you have any questions about this or other AuthAnvil Password Server topics, please post in the comments below!

Learn more about how the AuthAnvil Password Server can benefit your business. Download the free Password Management Playbook below and learn that passwords don't need to be a headache.

by: Cody Marbach

With the AuthAnvil Password Server, our aim is to give you the tools you need to make a password policy for you organization both strong and practical. One of the most important parts of any policy, password or otherwise, is the ability to evaluate and adjust as time goes on. That's why the AuthAnvil Password Server includes a full set of reporting and auditing tools, to help you make informed decisions.

We've included reporting options on user activity, password policy, vault permissions, and a slew of other categories.

One of the most direct reports is the Password Activity Charts. With these reports, you'll be able to get a graphical view of how often, and at what times, the AuthAnvil Password Server is being used. Simply click the link “When have passwords been revealed lately?” and you'll be given the most recent automatically generated reports. If you need up to the minute results, you can manually regenerate the charts by hitting the link at the top of the page.

In the coming weeks, we'll be talking about some of our core reports, and how you can use them to evaluate your password policies and employee behaviors in regards to passwords. If you have any questions about this or other AuthAnvil Password Server topics, please post in the comments below!

If you are interested in what the AuthAnvil Password Server can do in your organization, download the Password Management Playbook. Learn what makes good password practice and policy, as well as how AuthAnvil ties it all together.

Cody Marbach

Today, We have a useful and powerful new feature to talk about today, our mass export functionality.

AuthAnvil Password Server Administrators will be able to create XML exports of critical data. This complements our current backup tool by being a clear-text, human readable format. You can easily create an export, and store a printout in a secure location as part of any regulatory compliance requirements your business may have.

To use this feature, simply navigate to the Admin Tools page, accessible to any Organization level administrator. Select the type of export you would like to create, click the button, and then wait a few moments. Exports containing password data can take several seconds, since the data needs to be decrypted for export. Shortly, you'll have an XML files that contains your export data. As a warning, ALL PASSWORD DATA IS IN CLEAR TEXT WHEN EXPORTED. You are responsible for protecting this data if you choose to export it.

XML files generated in this way can be used for imports, or you can create your own. To use an import XML, click to the Admin page.

We hope that this new feature will help our customers meet some of their compliance and security needs. Please ensure that you protect any exported data, since it is in a human readable format. If you have any questions about this or other AuthAnvil Password Server topics, please post in the comments below!

by Cody Marbach

In the AuthAnvil Password Server, we've supported two kinds of vaults, Shared and Private. Shared vaults allowed a variety of permissions to be applied, and for certain types of passwords to be synced using our AuthAnvil Sync Agent. Private vaults added an extra layer of security, with a non-recoverable personal password that protects all the passwords in your Private vault, in exchange for the multiple user and synchronization features.

Now, in version 1.7, we're introducing Personal vaults, which bridge the gap between these two types.

Like Private vaults, you will have a separate listing of your own Personal vaults, which other users won't be able to see. However, like a Shared vault, the passwords will be available for synchronization.

Administrators will also be able to see a list of all Personal vaults, and the owner of Personal vaults will be able to grant access to Administrators if they so desire. As we increase the number of password types that support synchronization, Personal vaults will give you the flexibility to use strong passwords in your individual professional accounts.  

Cody Marbach is one of Scorpion Software's developers who works on the AuthAnvil Password Server.

Want to learn more about how the AuthAnvil Password Server can benefit your business? Download the free Password Management Playbook below and find out that passwords don't need to be a headache.