Account Types and Password Policies

Account types help identify and classify the accounts being added in Securden. Proper classification comes in handy to carry out various operations such as sharing, remote password resets, reporting, etc. You can also use account types to define specific characteristics like fields for the accounts, specific password policies for the accounts belonging to that type, and so on. Super Administrators, Administrators, and Account Managers have the privilege to add custom types, edit and delete existing ones.

You need to define account types separately for 'Work' and 'Personal' type accounts. The procedure is the same for both.

Creating a new account type

To create a new account type, navigate to Admin >> Account Types >> Work (or) Personal and click the button ‘Add Account Type’.

Enter a name for the new ‘Account Type’ being created. The name you enter here will uniquely identify the type. Add a description to the type too.

Associate a password policy

One of the most important aspects of Account Types is that password policies are associated at the account type level only. You can even create multiple password policies and associate them with different account types. The policy that is associated with a type will take effect for all accounts that belong to the type.

You may choose from the list of already available policies or create a new policy. Alternatively, if any of the types don’t require a password policy to be linked, you may choose the option “Don’t link any policy”.

Associate a Template

Securden allows you to perform various remote operations such as password resets on devices. The product comes with certain predefined templates to carry out those operations on various types of devices. In addition, you can create custom SSH templates to carry out remote password resets on devices that can be connected through SSH such as Linux devices, routers, server hardware, etc. You can define a command or a sequence of commands to be used for carrying out the password reset activity in the form of a custom template.

If the account type you are creating requires support for such remote operations, you may associate the required template in this step. At present, templates can be associated only at the time of creating the account type. Templates can’t be associated while editing the type.

Define the Fields

Accounts in Securden contain various fields such as ‘Username’, ‘Password’, ‘URL’ etc. Depending on the type of account, the fields will vary. You might even have some specific account types in your organization that require completely new fields and values. All such requirements can be met at the account types level.

You can define any number of fields required by this specific type and also granularly specify if the fields are to be mandatory (requiring users to compulsorily fill a value when adding accounts). You can also choose to hide certain default fields.

Primary Fields: The default ‘Password’ and ‘URL’ fields can’t be hidden or deleted, but you can mark if they are to be made mandatory or not.

Identifiers: The ‘Notes’, ‘Tags’, ‘Account Expiration Date’ fields are optional. You can choose to ‘show’ or ‘hide’ any of these fields as required. When you choose to ‘show’, you can also mark if it has to be mandatory or not.

Additional Fields: You can create any number of customized additional fields as required. To create additional fields, click the “Add Fields” button. When creating additional fields, you have the option to specify the field type - Text, Password, or File Store. While 'Text' represents the normal type, 'Password' helps mask the text from being displayed in plain text. 'File Store' type allows you to browse and choose files.

How to Create and Manage Account Types?

You can manage the existing account types from Admin >> Account Management >> Account Types section. The management operations include changing the password policy association, setting any type as the default type, disable a type, enable a disabled policy, editing the nature of various fields, and so on.

From Account Types >> More Actions drop-down,

  • You can quickly change the password policy association for any type
  • Enable/disable a type. Among the system-defined pre-built account types, five types - Web Account, Bank Account, SSH Key, File Store, and License Key cannot be disabled. All other types can be disabled. When you disable a type, the same will not be available for choosing it during account addition.
  • Set any type as the ‘Default Type’ (the type which is set as the ‘default type’ here will be the default selection of 'Account Type' in the 'Add Accounts GUI for 'Work Account Types')

If you want to edit multiple attributes, you may use the ‘edit’ icon present in the table.

Delete Account Types

  • You can delete any custom account types created. Select the type to be deleted and then click the button “Delete Account Types”. You can also click the ‘Delete’ icon present at the RHS of each entry. If the account type you are trying to delete has accounts associated with it, you will not be able to delete it. You may either edit the respective accounts and associate them with a different account type and then delete the type or you can simply disable this account type and restrict any further addition of accounts to this type
  • The default system defined account types cannot be deleted. They can only be disabled.

How to Create and Manage Password Policies?

Security best practices recommend the usage of strong, unique passwords for every account. Password policy in Securden helps you define the strength, complexity requirements, periodicity for password resets, and other conditions. Securden password generator helps you generate strong, unique passwords as per the policy defined.

You can define the password policy as per your organization’s IT policy and Securden helps you enforce it. You may even make use of the pre-built policy, if it meets your requirements.

Adding a password policy

You can define a new password policy from Admin >> Account Management >> Password Policy page.

Click the button “Add Policy”. In the GUI that opens, enter the following details:

  • Policy Name: Enter a name for the policy to uniquely identify it at various places.
  • Description: Lets you give a short brief of the policy which can be glanced at from the previous page.
  • Minimum Length (Mandatory): The minimum number of characters the passwords must have.
  • Password Age: Number of days after which the password expires and has to be reset.
  • Number of old passwords in history: The number of old passwords that are to be retained for future reference. This also helps you prevent users from recycling the same password again.
  • Denied characters: If you don’t want the passwords to contain certain specific characters, you may list them here.
  • Denied words: You might want to present the usage of certain words in passwords. For example, users might tend to use the company name in the password (like Securden123). You prevent the usage of any such words. You can enter multiple words in comma separated form.
  • Start with an alphabet: If you want the passwords of your organization to start with an alphabet, you may enforce that using this option.
  • Allow username itself as the password: Allowing the username itself as the password is a dangerous practice. You may prevent that using this option.
  • Complexity Rules: You can also granularly define the complexity rules for your passwords. Among the four conditions - numerals, uppercase letters, lowercase letters, and special characters, you can enforce the usage of any or all. You can also define the minimum number of times the character should appear. In the drop-down, select a value from 0 to 4 to specify the complexity rule selection. 0 represents no complexity rule selection. 1 represents, enforcing one of the four and so on.
  • Click “Save”.

Bringing policies to use

The above steps only mark the completion of the password policy creation. You need to do a few other steps to bring the policy to use.

Associate the policy with the required account types

Any policy created here will take effect only if it is associated with an account type. You can even create multiple password policies and associate them with different account types. You can also associate one policy with multiple account types. The policy that is associated with a type will take effect for all accounts that belong to the type.

To associate a policy with required account types, navigate to Admin >> Account Management >> Account Types section.

Enforce policies

While associating a policy with an account type helps generate passwords in accordance with the rules, the policy will not be strictly enforced. Users will still be able to add a password that doesn’t adhere to the complexity rules. Securden will capture such passwords as ‘compliance violations’ in reports.

If you want to enforce adherence to the policy at the time of password creation and resets, you need to switch on a configuration setting in Admin >> Customization >> Configurations >> Password Policy section. You will see the following entry:

Would you like to enforce password policy during account addition and local password resets?

If you set ‘Yes’ as the value for this, Securden will not allow any passwords to be added/modified without adhering to the policy.

Set as default policy

You can set any password policy as the default policy. This setting simply serves as the default selection when adding account types.

Deleting a policy

You can delete the custom policies created by you. You just need to select the policy to be deleted, and click ‘Delete Policies’. If the policy being deleted is associated with any account type, they will be associated with the policy marked as the default policy.