Master Password Recovery
NOTE: The use of the Master Password recovery feature provides a useful business continuity mechanism, but also poses a threat related to the fact that the security of access to all system resources for users ultimately resides in the security of the password with which the administrator protected his or her own private key. We at Siber Enterprise Group recommend that multiple copies of the private key file be stored outside of the network and additional means of protection like a locked physical storage be used to provide additional security.
- Open RoboFormPolicyEditor.exe located in your SEGConsoleBuild installer package or downloadable from here.
- Click Generate New Key Pair to setup a Recovery Password. This password must be stored in a safe and secure location, as it is Not recoverable if lost. This is the password that will be used to recover your user's Master Passwords.
- This will create two files pub.rfk and pvt.rfk. These are public and private keys that will be used to encrypt and decrypt Master Passwords.
- Create a network share (or a folder under an existing network share) that is read/writable by all Users. This folder will store users encrypted copies of their master passwords.
- Place the PUB key in this folder
- Find the "PasswordRecoveryStorage" policy and enter a path to this shared folder.
If you are using the RoboForm Enterprise Managed Console, be sure to save the PUB key file in the MPR folder under the SEGConsoleBuild installation folder.
Then find the .enp file that you wish to decrypt (this should be located in the PasswordRecoveryStorage folder. The policy editor will then show you the network login ID of the User and their Master Password in plain text.