The Password Safe API is designed to address single sign-on shortcomings, simplify developer access, and offer secure credential management. Since legitimate user credentials are used in most data breaches, it has never been more critical for organizations to control access to their sensitive systems.
If credentials are retrieved automatically and securely from the Password Safe API, commercial application developers would never be required to enter a username and password for connectivity. In this case, end-users, like database administrators, never need administrator rights to access a database. This capability improves system security while enabling greater business agility. Organizations and application developers realize multiple benefits in using the Password Safe API:
- Secure credential management: Instead of entering static credentials, developers call on the Password Safe API to retrieve the latest credentials for the user, application, infrastructure, cloud solution, or database to authenticate and then release the credentials at the end of the session. This triggers the automatic rotation of the password. The end-user is never exposed to the username or password. All authentication is performed silently behind the scenes with complete activity auditing if desired.
- Simplified developer access: Improve IT's agility and responsiveness by never requiring the entry of a username and password for connectivity to create custom applications. End users, like database administrators, never need administrator credentials to access a database if the tools retrieve stored credentials automatically. Management tools for services, remote access, and infrastructure automatically recognize the logged-on user and their asset and seamlessly request and pass credentials for the application.
- Protection from SSO hacks: Since credentials can be passed within the application itself, directly from Password Safe, IT can secure runtime and avoid hacking techniques like pass-the-hash and keystroke logging, making this approach far more secure than single sign-on (SSO).