Prevent account takeovers with
zero-knowledge password vault

Hideez password vault pushes password managers to the next level by moving the password storage to a dedicated MFA device and applying governance to the credential management and implementing audit and compliance:

• — Hideez solution doesn’t rely on keeping credentials on the workstations or in the cloud;
• — Other password managers don’t provide workstation authentication / authorization;
• — Unlike other password managers, Hideez works with native apps (only web);
• — Hideez provides built-in 2nd factor even for legacy systems.

To use Hideez Enterprise Password vault, an admin needs to deploy Hideez Enterprise Server (HES), provision user accounts, and distribute Hideez Keys to the users.

With Hideez vault, the account credentials are kept exclusively on the Hideez key device that resides with the user. The vault consists of two parts - enterprise vault, and personal vault, so a combination of enterprise provisioned resources and user provisioned resources can be used, providing for a good password hygiene across all user accounts. The enterprise template vault accounts are provisioned via Hideez Enterprise server and are downloaded to the keys. Unique strong passwords are created at the time that the enterprise vault is attached to the user profile.

Hideez vault is integrated with Active Directory or other IDP systems via LDAP or SCIM interfaces / connectors. These connectors allow the administrator to import the accounts from IDP, update the passwords to randomly generated ones, as well as set up credentials for the “down stream” systems and applications that support SCIM protocol.

By establishing an enterprise vault, the URL are provisioned for each of the resources that employee has the need to access. Upon use the key, the URL that employee is trying to access is verified against the url in the template, thus preventing spoof URL’s from deceiving the users to input legitimate service credentials.