Introduction
Credential Manager is an in-house developed module for our billing/support system. This allows our customers to safely share server login details and other sensitive information with our support team.
You can access Credential Manager by logging in and clicking on Support > Credential Manager in the nagivation menu at the top of our billing/support system.
How does it work?
1. The first time an entry is added to Credential Manager, it creates a unique asymmetric keypair just for your account. This means one key is able to encrypt data, and one can decrypt data. Both of these keys are generated and stored on a completley different server to our billing/support system.
2. Our billing/support system can retrieve the public key to encrypt data any time it needs to. However to decrypt data, you need to provide a temporary unlock key which grants our billing/support system access to retrieve your private key. You can generate an unlock key by clicking the button in Credential Manager, and the key will be sent via email from the Keyserver directly to you. Please check your spam/junk mail folders just in-case!
3. Once you have the unlock key you can paste it into the box on Credential Manager, and will be able to view all your data unencrypted until you logout, or until that key expires. Our support team can create unlock keys for your account without emailing you, and have a seperate dedicated system for this.
4. Last of all we should mention that all communication between these systems is over SSL, and your public/private keys are encapsulated in transit by another keypair.
How safe is my data?
The core concept of this solution is you have something a hacker does not, which is access to your email address. If your email address is compromised and they are able to access your billing/support account, they could generate an unlock key and view your unencrypted credentials. If you have set secret questions for password resets or enabled 2FA, this is very unlikely.
All keypairs are initially created with the email address associated with your billing/support account. If you update the email address on your billing/support account, the email address on your keypair does not change. If you see an error in Credential Manager and it needs to be updated, we may ask for proof of ID to verify it's really you, before we make that change.
If you wish to use a different email address specifically for receiving unlock keys (Which we think is a great idea), just open a ticket and we will update your keypair. Alternatively we can set your keypair to use an invalid email address, making it impossible for you to unencrypt data via your billing/support account. This is not something we reccomend, however you would still be able to update your credentials, just not view them.
No system is perfect, but we are confident this provides a better solution than most of our competitors.
Thank You.