Technical Note
Password Express is a next generation password management and
password synchronization tool that provides users with reduced sign on
experience across all applications and password self-service from any
device, anytime and anywhere. With Password Express, users only need to
remember one complex password and not many.
Password Express benefits
Increase user convenience
and productivity
Reduced sign-on across all web and
thick client applications
Password self-service from any device,
anytime and anywhere
Reduce password related help-desk
calls
Achieve compliance with extensive
auditing and reporting
SIMPLE SECURE SWIFT
Password Express Security – A technical note
Security in Password ExpressWith ILANTUS’s deep domain experience in IAM and security since year 2000,
Password Express has been architected ground up considering security best practices
to meet industry standard compliance norms. Password Express deals with some
sensitive data that makes it imperative to secure data either at rest or in motion.
Password Express Development Right from the development of the tool, the engineering team follows strict security
development lifecycle program based on AGILE SCRUM methodologies. Before any
version release is done, there are dedicated SPRINTS on peer code review,
vulnerability and penetration testing.
Security while data is in motionCommunication between all Password Express components is over a secured
channel as depicted in the diagram.
1. – This communication is over secured HTTP(S) channel and is User’s browser to Password Express Server
encrypted. Depending on Password Express deployment architecture, firewall, intrusion detection system, proxy or reverse
proxy could be some of the components that may be involved as well.
2. – This communication is over secured LDAP(S) channel and is encrypted. Password Express Server to LDAP
3. – This communication is over secured channel and is encrypted. Password Express Server to Database
Security while data is at restStatic data resides in Database. All tables that have sensitive information are encrypted using industry standard AES 256-bit
block cipher encryption with unique key per customer.
Below table highlights the various additional security parameters of Password Express
Security Parameter Remarks
Multi-Factor Authentication
In addition to regular userid/password based authentication, Password Express also supports
multi-factor authentication built on HMAC-SHA1 algorithm.
The second level of authentication adds additional layer of security for user authentication.
Secured Vault
For password self-service, Password Express stores challenge response questions in a secured
vault within the database.
All sensitive information such as challenge response question is encrypted with industry standard
AES 256-bit block cipher encryption with unique key per customer.
Password in Secured Vault Password Express at runtime synchronizes password across all applications. No password is stored
in the Password Express database or secured vault.
Vulnerability and Penetration
Testing
Every Password Express release undergoes thorough vulnerability and penetration testing to
ensure strict security standard is followed.
Extensive Auditing & Logging All events on Password Express are audited and log levels can be configured.
SIEM integration for
co-relations and analytics
SIEM solutions could be integrated with Password Express audit tables for co-relations to detect
anomalies at the enterprise level.
The following are the interactions between various components as indicated in the diagram:
HOSTING
ILANTUS is a pioneer in identity and access management for more than a decade in industry
delivering the most comprehensive identity solution through its unique Hosting Express (HXP).
The HXP is built on a unique framework that enables components from multiple vendors of
your choice to be integrated into a unified solution, delivered in cloud or on-premise, and
managed by you or ILANTUS. All major Identity & Access Management components - Identity
& Access Governance, User Administration & Provisioning and Identity & Access intelligence
are incorporated in the HXP framework.
Top Related