СОДЕРЖАНИЕ


Tool description

A secure and simple password management tool. Store and manage both personal and work passwords in it. Give employees access to the passwords they need with ease and control. Always know how many people have access to a password and change it on time, if necessary.

Security

When developing the password management tool, we put security in the first place. As a result, the storage of passwords is organized in the most secure way. 

All passwords are sent to the server in an encrypted form and cannot be decrypted without your intervention.
You assign a master password to each password category, which encrypts the passwords in that category. Without a master password, even with access to your account or directly to the servers, it's impossible to get your data.
Master passwords are never sent to the server and are known only to you. 
The master password is entered when creating a category, and is further requested whenever you take action with passwords in that category (not only decrypting the password itself, but also deleting, editing, adding a new one, and so on).
The master password is saved in the browser and is no longer prompted while you are viewing the password page. It is stored encrypted in the browser's main memory and cannot be seen by anyone.  When you refresh the page, change to another section or close a tab, the master password is erased from the browser and you have to enter it again.
Thus, your passwords are securely encrypted and are not stored anywhere openly. You can only decrypt your password with a master password that only you and your trusted people know.
You can read more details about the security of this tool in a separate article.

Read more about why it's safe here.

Operation process

General mechanics

You or your trusted employee saves passwords in the system. Together with the password, you specify additional information for convenience: login address, name, description, and login. Passwords can be organized into categories (folders) in order to keep them in a more organized manner. When creating a category, you set a master password, without which you cannot decrypt passwords within that category.
Then you give employees access to the desired passwords or categories in their entirety.
When a new password becomes available to an employee, he will be notified about it. In the tool, the employee will see only the passwords and categories that are available to him.
But without a master password, the employee will not be able to copy the password anyway, so you additionally give them the master password.
With a master password and access to the password, the employee can copy it to the clipboard to paste it into the desired authorization page.
When you need to take the password away from the employee, you simply take access to that password away from the employee. But at the same time, in fact, the employee still knows the password, since he might have saved it somewhere. The system automatically reminds you of this fact by showing you the employees who have had access to their passwords before. And thus reminding you that the password should be changed.

Creating categories

Before you can upload your passwords, you need to create categories. For each category, you need to set a master password, which will be used to encrypt your passwords and provide additional access verification (in addition to category access):
For simplicity, you can use the same master password in all categories, this will have almost no security impact.
Please note: the master password cannot be reset or restored, as this would compromise the security of storing your passwords. So if you lose it, you will not be able to retrieve your passwords and you will have to write down all your passwords again.
So make sure you keep the master passwords somewhere safe so you don't forget them. The master passwords themselves will not give anything to the attacker, because he will still need access to your account.

Adding passwords

In the created category, you can create passwords one by one or upload several at once. To create a password, you need to specify its name, login address, and the password itself. Additionally, you can specify a comment.

Mass Password Upload is available from the drop-down menu in each category:

The import panel gives you an example and displays errors in the text you inserted in real time:

Checking for duplicate passwords

All passwords are checked for duplicates. The check is performed as follows: URL and login are checked. Thus, these accesses will be highlighted as duplicates:

URL: mail.yandex.ru; Логин: ablaev.v
URL: disk.yandex.ru; Логин: ablaev.v

This is necessary in cases where there are many passwords and you may accidentally enter the same access, as well as to prevent you from creating the same access in the same system (To increase the security of your accounts).

Granting access

For each category you can grant access to an employee to view or edit. With editing access he will be able to edit the category itself and all passwords in it. 
You can also separately specify whether this employee can edit accesses himself (e.g. add other employees). If you enable it, he will only be able to grant access of his own level (view or edit) and only to his subordinates.
The same mechanism for setting up access to a specific password in a category. That is, you can give an employee access only to the password or passwords that he or she needs. 
To edit password access, click on the value in the "Available to" column: 

Revoked accesses

Revoked accesses are displayed for both passwords and categories. This is a list of employees who used to have access to that password/category, but now the access has been revoked.
If the password hasn't been changed since then, in fact this employee still has access to the password (he might have saved it when he had the chance). So when the number of revoked accesses grows, it's time to change the password. 
After the password is changed, the revoked accesses are reset because these employees no longer know the new password for sure.

Administrator access

In the project's accessibility settings, you can give "Password Administration" access. This access allows you to see and edit all and create new passwords and categories in the project. In this case, of course, the employee will also need the master passwords, without them he can only create new categories, but not to see the current passwords.