Question About My Account Settings for Credential Accounts
Hello,
When we configure our credentials for a "credential account" (such as a Keeper account) in File -> My Account Settings, we have a couple options - one is "keep in memory" and then there is an option at the bottom "save location". Can somebody explain how these work please? See attached screenshot for the settings I am referring to.
I found one link on the "keep in memory" setting (but it talks about it pertaining to "my personal credentials", not Keeper account creds but I assume the idea is similar) - it says if you check this box you enter creds once and they remain for that session only. Does that mean next time you open RDM, if you wanted to do this again, you'd have to go back into My Account Settings and repeat the same process again? Also - if this is the way it works - how come when we check the "keep in memory" box for Keeper account settings, it greys-out the password box? How will it keep the creds in memory if I can't enter them in the first place?
Regarding my second question, the "save location" - I see the default is the DB - so that means the creds I enter for my Keeper account here are stored in the shared data source? How are these protected? Of course, credentials for accessing a password management solution could be very sensitive, so there's a little bit of a security concern with those being stored in a shared location. The other option, local, implies it is stored on my local machine obviously, but I haven't been able to find any documentation on where/how - can somebody shed some light? Are these stored in the registry, a (hopefully encrypted) file, or somewhere else?
Any information is appreciated, thank you!
Best regards.
David Willis
MyAccountSettings_KeeperAccountOptions.JPG
All Comments (8)
Hello David,
Thank you for reaching out to us regarding this,
To provide accurate information regarding your questions, I would like to confirm which version of RDM you are currently using and also what type of data source you are using?
That being said all passwords stored in the application database are encrypted, we have the following knowledge base article regarding this:
https://docs.devolutions.net/rdm/mac/overview/security/
Let me know,
Best regards,
Samuel Dery
Hi Samuel,
Thanks for the response - I am on 2023.3.39, using MS SQL Server as a data source.
Good to hear passwords in the application's DB are encrypted! Looking forward to any additional info you can provide.
Best regards
David Willis
Also one more related question, I see there is no setting in the specific popup window for "my personal credentials" and "my privileged account" - where are those stored? I do see what appears to be a more "global" setting at the bottom of the "my account settings" main page which is set to "database" by default - does that mean the my personal/my privileged are stored in the DB by default? Or would they still be stored locally?
Thanks in advance!
David Willis
Hello David,
Thank you for your reply,
Did you have further questions regarding the Encryption after having a look at the provided knowledge base article?
That being said, you are correct, if the Save Location for "My Account Settings" is set to "Database" then this information will be saved in the database allowing you to connect to the data source with your user on another workstation and still be able to use these credentials, while if this is set to "Local" if you change workstation you will need to enter them again.
Let me know if this helps,
Best regards,
Samuel Dery
Hi Samuel,
Thank you for the information - two additional questions:
If we change the setting at the bottom of "my account settings" page from "database" to "local", does that automatically clear any saved creds in the DB for that user? Or does the user need to manually go to each thing that they've set and clear all fields and save prior to changing the save location in order to clear the info from the DB, and then change the location to local?
Other question is, does the database/local setting at the bottom of "my account settings" page also apply to user-specific settings? What I mean is, if we set this to "local" because we dont want our creds saved in the DB (just in case it were to be compromised somehow), does that also mean that user-specific settings won't be saved in the DB either (and thus won't persist across different machines for that user) or are those handled differently and still saved in the DB anyway?
Best regards
David Willis
Hello David,
Thank you for your reply,
I've done some quick testing on my end, and changing the "Save Location" from "Local" to "Database" seems to keep all current configurations for the existing entries.
This does not apply to User Specific Settings, these are stored on the Database, If you wish to have them stored locally, you can use Local Specific Settings.
Let me know if this helps,
Best regards,
Samuel Dery
Got it, ok that makes sense. So would it be accurate to say that to clear saved settings from the database (e.g. when switching from "database" to "local"), we need to manually clear out any configured fields and save them first, before switching?
Thanks very much for all your help!
Best regards
David Willis
Hello David,
Thank you for your reply,
I believe so yes,
Let me know if you have further questions,
Best regards,
Samuel Dery