In Passwork 6.2 we have introduced a range of features aimed at enhancing your security and convenience:
- Protection against accidental removal of vault
- Protection against 2FA brute force
- Accelerated synchronization with LDAP
- Improved API settings
- Bug fixes in role management
Now, when deleting folders and passwords, they will be moved to the Bin. If needed, they can be restored while preserving previously set access permissions. Vaults are deleted without being moved to the Bin — they can only be restored from a backup.
Who can view deleted passwords and folders in the Bin?
Inside the bin users can see the deleted items from those vaults in which they are administrators. For instance, an employee who is not an administrator of organization vaults will only see the deleted passwords and folders from his personal vaults when opening the Bin.
In addition to object names, the Bin also displays the usernames of people who deleted data. You can also see the initial directory name and the deletion date.
Objects from the Bin can be restored to their initial directory if it has not been deleted or moved. Alternatively, you can choose any other directory where you have edit and higher access levels.
When restoring deleted folders to their initial directories, user and role access levels will also be restored exactly as they were previously manually set in these folders. Other access permissions will be set based on the current permissions in the initial directory.
When restoring folders to a directory different from the initial, access levels will always depend on the current permissions in the selected directory.
Additional access to deleted passwords
If passwords have been shared with users, moving them to the Bin will remove them from the “Inbox” section, and any shortcuts or links to these passwords will become nonfunctional.
Restoring additional access
When restoring from the Bin, it is possible to regain additional access levels to passwords. Passwords that were shared with users will reappear in their “Inbox” section, access to passwords through shortcuts will be restored, and links that have not expired will become functional again.
You can delete selected items from the Bin or use the "Empty Bin" button to remove all items contained inside.
It's important to note that in the Bin you only see the items which were deleted from the vaults where you are an administrator. Objects from other vaults are not visible, and clearing the Bin will not affect them.
In future, the option to configure automatic Bin cleanup will be added.
Protection against accidental removal of vault
To confirm the deletion of a vault, you now need to enter its name. It will be permanently deleted along with all the data inside. Additionally, if there are passwords or folders from this vault in the Bin, they will also be removed.
Protection against 2FA brute force
Protection against 2FA brute-force attacks has been added. After several incorrect attempts to enter the 2FA code, the user will be temporarily locked. The number of attempts, input intervals, and the lockout time are set in the config.ini file.
- LDAP synchronization has been accelerated
- Descriptions of parameters and minimum allowable values for API token expiration time and API refresh token expiration time have been added to the API settings section
- Automatic assignment of "Navigation" to parent folders in role management has been fixed
- The issue when a vault administrator could not add roles to a vault and manage its permissions has been fixed
- The issue with showing additional access rights to passwords when moved to another vault has been fixed