UseCase5_PersonalPassphrase - sandersdHES/PAMEmergingTech GitHub Wiki

6.5 Securing Personal Data with a Passphrase

Objective

This use case explains how to set up and manage a personal encryption passphrase within PAM360. This passphrase is essential for encrypting and securing sensitive personal data, such as credentials, financial records, or contacts—accessible only to the authenticated user.

Context

While PAM360 centrally manages shared resources and privileged accounts, it also allows each user to maintain a personal data vault. This private section is secured with a user-defined passphrase and is not accessible by administrators, ensuring complete ownership and confidentiality.

The passphrase acts as a local encryption key for securing your personal data. It is neither stored nor retrievable, which means:

  • Only the user knows it
  • Without it, the encrypted data cannot be decrypted
  • If forgotten, data recovery is not possible, and the vault will be reset

Official Documentation

Prerequisites

  • User must have access to the PAM360 Web Interface
  • No previous personal passphrase should exist (or it must be reset)

Step 1: Create Your Personal Passphrase

  1. Navigate to the “Personal” tab in PAM360
  2. You’ll be prompted to create a personal passphrase for data encryption

💡 Why is this important?

Your passphrase is used to locally encrypt your data within PAM360. Without it, no one—including administrators—can view or decrypt your personal entries. This is a core principle of zero-knowledge encryption.

image.png

PAM360 enforces complexity by default to protect your data against brute-force and dictionary attacks.

Ensure your passphrase meets the following conditions:

  • Minimum length requirement
  • At least one uppercase, lowercase, number, and special character

Tip: Use a passphrase that is strong but memorable (e.g., a sentence or phrase with symbols).

image.png

Step 2 : Re-access Your Personal Vault

Whenever you revisit the Personal section, PAM360 will request your passphrase to decrypt your data:

If entered correctly, you'll regain access to all personal entries in your encrypted store.

image.png

Step 3: Use the Four Default Personal Data Categories

Upon successful setup, you gain access to a secure, encrypted vault divided into four default categories:

  1. Web Accounts
  2. Bank Accounts
  3. Credit Card Accounts
  4. Personal Contacts

Each category allows you to store detailed, encrypted entries that only you can view.

Example with for bank accounts :

image.png

Step 4: What If You Forget Your Passphrase?

If your passphrase is lost or forgotten:

  • PAM360 cannot recover it
  • You must reset it
  • Resetting will permanently delete all existing personal data

❗ Warning: Treat your passphrase like a digital safe key—once lost, the contents inside are unrecoverable.

Conclusion

By setting a personal encryption passphrase, PAM360 empowers users with a private, secure vault inside the platform:

  • Your data is encrypted locally and can only be accessed with your unique passphrase
  • No administrator or system process can view or reset your data without your consent
  • It enforces best practices in data privacy, ownership, and zero-trust security

You now have a personal digital safe inside PAM360—protected by you, and you alone.

🛡️ Privileged Access Management (PAM360) & Admin Bastion Project
🔍 Built with a focus on Zero Trust, credential security, and hands-on Azure lab architecture.
🧠 Created as part of the 2025 Emerging Technologies module at HES-SO.

👨‍💻 Dylan Sanderson    👨‍💻 Johann Von Roten    👨‍💻 Maxime Bossi    👩‍💻 Nadja Lötscher
📚 Explore the Wiki • 📧 Contact us via GitHub if you have questions!

⚠️ **GitHub.com Fallback** ⚠️