Passwords

Depending on your permissions, you can view or copy account credentials.

View Passwords

When you identify the account that contains the password you require, you can view the password, if you have the appropriate permissions. The password is displayed for a predetermined number of seconds, and then it is replaced by asterisks.

Copy passwords

Authorized users can copy passwords with or without displaying them in the following pages:

Chrome extension for copying passwords

The Chrome extension for copying passwords is only available in the Classic UI.

In Chrome, the first time you copy a password, the following message appears:

Install Chrome.png

Click Yes to download and install this extension,

After the Chrome extension is installed, press F5 to refresh the PVWA page. The next time you copy a password, the extension will work automatically.

 

The Copy passwords function is only supported in the chromium-based Microsoft Edge browser due to browser security and capabilities in Microsoft Edge.

Password version control

Authorized users can view versions of passwords in the Safe. The Versions tab in the Account Details page displays the different versions of the passwords that are currently retained in accounts in the Safe. In order to see the Versions tab, users require the following Safe member authorization:

  • Retrieve accounts

Password versions are saved according to one of the following Safe configuration:

Configuration Description

Previous versions

A predetermined number of password versions are saved in the Safe.

Previous days

All password versions from a predetermined number of days are saved in the Safe.

When an account is managed by the CPM, you may see temporary password versions (with a special indication), during the password change process. When a password change process ends successfully, the temporary version becomes a real version. If a password change process fails, the CPM reverts the password to the previously correct password. The temporary version will still be available in the versions list for troubleshooting purposes.

By default, temporary versions are not displayed in the list of password versions.

Split password mode

The Split Password mode restricts users to accessing either the first half of a password or the second half. In this mode, users access passwords according to group membership which defines which half of the password they can access as well as their Safe authorizations.  Users who have access to both halves of the password will be able to see the entire password.

Passwords in the PVWA can be accessed in Split Password mode. This mode is recommended only when passwords are managed and changed by the CPM, when end users do not need the “Update password value” authorization. In cases where the CPM does not manage the account and change the password in it, it is recommended to save the password in two different objects in the Vault, and assign the relevant permissions to end users, based on the half of the password they need to access or change

Split password mode is managed by platforms that enable this mode and define the user groups. For more information, refer to Split Password Mode.

Passwords that are configured for split password mode cannot be used in the following scenarios:

  • Logging onto remote machines transparently.

  • Exclusive password mode

 

Users who have ‘Use accounts’ authorizations can log onto remote machines transparently through the PSM in split password mode.