7. Dynamic passwords

7.1. Introduction

Dynamic passwords are appplication-specific passwords, used to access services that request direct usage of a password for various reasons.

The goal is to avoid using the password of your SSO account, improving security.

You can generate and revoke a dynamic password when you want, using the interface. For most services, the modification is instantaneous (and if it’s not the case, details will be stated in the description).

Some services allow you to have more than one password, some services only allow one. If you regenerate a password in the latter case, the old one won’t be valid anymore.

Some services may have different passwords for different cases, with different rules. For example, a service may have a set of dynamic passwords to login using the web interface, and a set of dynamic passwords to login when using a network share.

Warning

You should handle those passwords as passwords, and store them only in secure locations.

7.2. Usage

7.2.1. List

To list all services that you have access to using a dynamic password, click on the “Dynamic password” menu on the left. The list will be displayed. Details about the services, including endpoints are also shown here.

../_images/list.png

7.2.2. Details

You can display details about a dynamic password by clicking on the title or on the “Details” button.

A modal will be shown with a small description and details on how the dynamic password behave.

../_images/detail.png

7.2.3. Generate a new password

To generate a new password, click on “Create new password”. You will be asked for an optional name that you may use as internal reference.

../_images/new.png

When the generation is done, a confirmation message will be displayed. You can use the copy or the display button to copy and use the password.

You may also use the QR code button to generate a QR code. This allows you to easily transfer the password to an external device like a phone.

Note

The password will only be displayed once. If needed, securely store the password for future uses.

../_images/created.png

7.2.4. Enable or disable a password

If you need to disable a password, you can click on the ‘Disable’ button in the list.

A disabled password won’t work anymore, but if you need to use it again in the future it can be renabled.

If you need to enable a password, click on the enable button.

For most of services, changes are applied immediatly. However, some services cache your credential and won’t revoke the session for a while.

Dynamic passwords are enabled or disabled individually: disable a password won’t do anything for other passwords.

../_images/disabled.png

7.2.5. Revoke a password

To revoke a password, click on the delete button and confirm the deletion in the modal. The password will be lost forever.

../_images/delete.png

Note

For some services, you can have multiple dynamic passwords. Revoking a password does not affect the other passwords.