Not logged in - Login
View History

Master Password Recovery


NOTE: The use of the Master Password recovery feature provides a useful business continuity mechanism, but also poses a threat related to the fact that the security of access to all system resources for users ultimately resides in the security of the password with which the administrator protected his or her own private key. We at Siber Enterprise Group recommend that multiple copies of the private key file be stored outside of the network and additional means of protection like a locked physical storage be used to provide additional security.

Setup

To setup Master Password Recovery, please follow these steps:
  1. Open RoboFormPolicyEditor.exe located in your SEGConsoleBuild installer package or downloadable from here.
  2. Click Generate New Key Pair to setup a Recovery Password. This password must be stored in a safe and secure location, as it is Not recoverable if lost. This is the password that will be used to recover your user's Master Passwords.
  3. This will create two files pub.rfk and pvt.rfk. These are public and private keys that will be used to encrypt and decrypt Master Passwords.
  4. Create a network share (or a folder under an existing network share) that is read/writable by all Users. This folder will store users encrypted copies of their master passwords.
  5. Place the PUB key in this folder
  6. Find the "PasswordRecoveryStorage" policy and enter a path to this shared folder.

Console Implementation

In order for Console to distribute credentials to users, it first needs to have their Master Password captured by the "PasswordRecoveryStorage" policy. This way the credentials can be encrypted with the user's Master Password and therefor be available to them for use.
If you are using the RoboForm Enterprise Managed Console, be sure to save the PUB key file in the MPR folder under the SEGConsoleBuild installation folder.

Recovery

Once you’ve set up your pvt.rfk and pub.rfk, you are able to recover encrypted passwords. Start by opening up the RoboForm Policy Editor. Click the "Recover RoboForm Master Password” button and find your PVT key file. The policy editor will open the pvt.rfk file and prompt you for your Recovery Password. Enter it and click OK.
Then find the .enp file that you wish to decrypt (this should be located in the PasswordRecoveryStorage folder. The policy editor will then show you the network login ID of the User and their Master Password in plain text.