Order now

PAVE – The Next Generation Password Manager

TAO Digital is proud to announce our latest product: the PAVE enterprise-level password manager. Five years in the making, PAVE combines the security of a locally hosted password manager with the flexibility and convenience of cloud-based solutions. Easily and efficiently manageable in all iterations, it offers several different deployment architectures to ensure you the solution you need, not one-size-fits-most. With unparalleled security to match the modern threat environment, a low-burden-backend for small IT teams and an easy experience for end-users, its the solution you’ve been waiting for.

How It Works

It’s like a cloud service – except it runs on your server, is manageable by your own IT team, and costs half as much. Yes, really.

Most locally hosted password managers on the market rely on symmetric encryption, where all users share the same password – and can only access the system on your local, trusted network. Asymmetric encryption gets around this by using secret and public keys. Handling these is difficult: People need to know which public keys are trustworthy and which are not. This is solved with digital signatures, where a central authority (Certificate Authority for SSL/TLS) validates keys. However, with cloud services, this central authority is not you, but the hoster, and many also keep the secret keys (as “backup”), circumventing all the safety features they promise for themselves. Unfortunately, secrets on cloud-service servers are never safe as the almost constant litany of high-profile data leaks in the news demonstrates – and any downtime for the cloud means paralysis for you.

PAVE uses asymmetric encryption – and runs on your server. You own the service – and you can run it with your own IT team.

The Features

  • Enterprise level solution – designed for hundreds of users, easy scaling and efficient central management.
  • Desktop clients for all major operating systems – check out our free version to see what it looks like and try out the front-end user experience (identical to the full version, of course.)
  • Password generator included for your convenience.
  • Quicksearch functionality – no waiting, no nested tree structures to navigate through.
  • Full metadata encryption – PAVE can handle user names, addresses and other sensitive data, not just passwords.
  • Fully asymmetric encryption with a transparent chain of trust.
  • State of the art encryption strength: PAVE eschews the common AES for the superior XSalsa20 cryptographic protocol.
  • Fine-grained, flexible access level control our competitors can’t match (passwords can be part of multiple groups with PAVE.)
  • Admin backend features; administrate everything from within the client.

Published on Nov 17, 2016 by James Simakas


James Simakas