I've been using Thycotic Secret Server for a while now to store my personal account information, passwords and account notes. It acts as a secure vault for for this important information. Prior to this, I'm ashamed to say, I was using the same username and password for most of my accounts. Obviously this is a terrible practice, especially in this day an age where banks, stores, and websites are frequently under attack for this information.
The Heartbleed Bug in OpenSSL brought this to the forefront for me. I knew I had to change all my passwords with new complex passwords, but the challenge of trying to remember all those passwords was an impossible task. I tested several different password management solutions, but none of them worked as well and as trouble free as Secret Server.
The following are the list of requirements I needed in a password management program:
- Easy to use
- Available remotely
- Automatic complex password generation
- Automatic login to password protected websites
- Must work in the browsers I use (Internet Explorer and Chrome)
- Must work with my iOS devices (iPhone and iPad)
I installed Secret Server Express Edition on a dedicated Windows Server 2012 R2 web server, but you can also install it on an existing web server. You will need to install the IIS role and features, the .NET Framework 4.5.1, and Microsoft SQL Server 2012 Express. After that, the installation is a simple 5-step process and you can manage your passwords (secrets) right away. The comprehensive Secret Server Installation Guide walks you through the entire process, including prerequisites.
Once installed, you can access Secret Server through the IIS website you created. To add a new secret, select the Secret Template dropdown box in the upper right corner. The template you select contains all the relevant fields for the secret. I use the Web Password template for most of my secrets. This template allows me to use the Web Password Filler (described below).
Then click the Web Password Filler favorite when you want to logon to the website. You will need to login to the Secret Server if you aren't already, then Secret Server will automatically log you on to the website. for example, here's the automatic logon for Amazon:
Thycotic also has a free Secret Server app on the Apple App Store so you can access your secrets and passwords from iOS devices. It doesn't offer the same auto sign-in feature, but it does provide easy access to launch logon URLs and copy complex passwords.
- Roles-based access controls
- Full auditing and reports
- Email notifications
If you're looking for a full featured password management solution I encourage you give Secret Server a try. They offer a 30-day free trial.