BeyondTrust introduces free API for password management

Offers developers flexibility and security by eliminating hard-coded passwords.

  • Thursday, 22nd September 2016 Posted 8 years ago in by Phil Alsop
BeyondTrust has introduced a free, public API that allows stored credentials to be retrieved automatically from PowerBroker Password Safe. As the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, BeyondTrust designed the API to address the shortcomings of single sign-on, simplify developer access, and offer secure credential management. Since legitimate user credentials were used in most data breaches in 2015, with some 63 percent of them using weak, default, or stolen passwords (Verizon), it has never been more important for organizations to control access to their sensitive systems.
 
If credentials are retrieved automatically and securely from the PowerBroker Password Safe API, commercial application developers would never be required to enter a username and password for connectivity, and end users, like database administrators, never need administrator rights to access a database. This capability improves system security while enabling greater business agility.
 
Organizations and application developers will realize multiple benefits in using the PowerBroker Password Safe API:
 
1.      Secure credential management: Instead of entering static credentials, developers call on the PowerBroker Password Safe API to retrieve the latest credentials for the user, application, infrastructure, cloud solution, or database to authenticate and then release the credentials at the end of the session. This triggers automatic randomized cycling of the password. The end user is never exposed to the username or password. All authentication is performed silently behind the scenes with complete activity auditing, if desired.
 
2.      Simplified developer access: Improve the agility and responsiveness of IT by never requiring the entry of a username and password for connectivity to create custom applications. End users, like database administrators, never need administrator credentials to access a database if the tools retrieve stored credentials automatically. Management tools for services, remote access, and infrastructure automatically recognize the logged on user and the asset they are on, and seamlessly request and pass credentials for the application.
 
3.      Protection from SSO hacks: Since credentials can be passed within the application itself, directly from Password Safe, IT can secure runtime and avoid hacking techniques like pass-the-hash and keystroke logging, making this approach far more secure than single sign-on (SSO).
 
4.      Sample code to get started quickly: To enable developers to access the API and help secure their applications, BeyondTrust has provided sample code in the following formats: C# (.NET), PowerShell, Ruby, Python, Java, and Bash shell.
 
“In our dedication to preventing privilege misuse and stopping unauthorized access, BeyondTrust recognizes the importance of safeguarding sign-on credentials as the next step in secure authentication,” said Morey Haber, Vice President of Technology at BeyondTrust. “With this free, public API, we are proud to offer the first solution of its kind to developers, customers, and partners.”