What our customers say about Team Password Manager

Security in Team Password Manager

Without security, Team Password Manager would be rather pointless, that's why we've taken extra steps to ensure that our security features are the tightest on the market.

Every time we develop a new feature, it is gauged against its security implications.
Security is our number one priority.

Trusted encryption technology

One of the ways Team Password Manager protects against hacking is by encrypting saved password data in AES-256. AES stands for Advanced Encryption Standard. AES is so trusted, that it has been adopted by the U.S. Government and is used world wide.

Password data is encrypted using AES-256

Each users' passwords are hashed using Bcrypt, providing further security to the application. Bcrypt is a cross-platform encryption utility that hashes passwords so that they are protected against rainbow tables and brute-force attacks.

By acting together, these two encryption processes form a strong wall of defense to protect against any would-be hackers that would like to get their hands on your password information.

Obfuscated PHP and web application vulnerabilities prevention

If hackers do try to use decryption software to break into the system, it will be nearly impossible due to the fact we use obfuscated PHP code, which prevents crackers from seeing how to decrypt data.

As far as the typical vulnerabilities found in web applications, such as Cross-site scripting (XSS), SQL injection or Cross-site request forgery (CSRF), our programming team has taken special care to fortify the defenses in this area. Some tables even use hash codes to prevent tampering.

Two-factor authentication

In addition to sophisticated encryption protection, Team Password Manager uses two-factor authentication with Google Authenticator, which provides a six digit number users must provide in addition to their username and password in order to login into services.

Two-factor authentication in Team Password Manager

IP Address Blocking

Team Password Manager can be configured to reject access from specific IP addresses, making brute-force attacks difficult or impossible.

IP address blocking can be configured in two ways: manual and automatic.

In manual IP blocking you just enter the IP addresses you wish to block:

Manual IP Address Blocking

With automatic IP blocking you set an interval (in seconds) and a number of login attempts. If the number of login attempts in this interval is greater than the one set, the offending IP address will be added to the list of blocked IP addresses. You can optionally enter some IP addresses to exclude (that would be your office IP address) and the admin user that will be notified by e-mail when an IP is automatically blocked:

Automatic IP Address Blocking

Configurable timeout and auto-logout

You can configure how long you want inactive sessions to last. In addition, the software will auto-logout from a session if the timeout has expired.

Edit timeout

Encrypt database configuration

The database parameters required for Team Password Manager to access the database can be stored as encrypted strings in the main configuration file, thus preventing unauthorised users to read them.

Encrypt db config

Try Team Password Manager now !

Start a Trial