FAQ: JumpCloud Password Manager

JC Password Manager is a password manager and 2FA authenticator that enables you to securely store and manage passwords and sensitive information such as credit cards, government IDs, and secure notes. JC Password Manager does not store data in the cloud. Your credentials are stored locally and synced in an end-to-end encrypted format through JumpCloud servers.

JumpCloud Password Manager relies on a decentralized architecture that is a hybrid between a cloud-based password manager and an offline password manager. This approach minimizes security risk by keeping credentials stored locally on user devices and by syncing vaults between devices through JumpCloud servers with end-to-end encryption. By eliminating the need for users to create, manage, and remember master passwords, JumpCloud Password Manager secures against targeted attacks that aim to steal master passwords to access user credentials stored in traditional cloud-based password managers.

Your data is stored locally and the JumpCloud Password Manager apps regularly create encrypted backups on your machine. These backups are only accessible by you, and it is recommended that you keep these backup files in a place alongside other important files (network, cloud, or external storage). The backup schedule and file path can be updated in the settings of the JumpCloud Password Manager app.

JC Password Manager has many advantages over existing password managers; the biggest is the way your data is stored and synced across devices. Also:  

• Security risk is minimized by the hybrid cloud-based and offline approach
• No master password to remember
• JC Password Manager can store and auto-fill 2FA tokens

Migrating from your previous password management solution is as simple as exporting your data and importing into the JC Password Manager via the browser extension. 

Yes, users can use the JumpCloud Password Manager on more than one device at the same time. 

On iOS and Android, the  JC Password Manager can be set as the default source for autofill actions. This can be done in the settings app of your phone.

The password manager is available on all popular browsers including Chrome, Edge, and Firefox.

Windows, Mac, and Linux

As of 18 April 2024 we will no longer support the Appimage Linux build for Password Manager. Both Debian and RPM support auto update. If you are using Appimage, delete your .appimage build file, then download RPM or Debian from the PWM download page and install one of those.

Additionally, biometrics do not work on Password Manager with Linux.

A sync issue should be extremely rare if you follow these best practices:

• Be sure that all the Password Manager apps are on the latest version, and that everyone you are sharing folders with also has their apps on the latest version.
• Make sure no one is experiencing connectivity issues.
• Once these steps have been taken, you can re-add items/users in question and it may be helpful to trigger a manual sync (found in app Settings).

Yes, passwords can be shared with other users by creating a shared folder.

Yes, you can share your credit card data with any JC Password Manager user by clicking on the card in the JC Password Manager app and by selecting your contact from the sharing tab.

2FA secrets can be shared with other users by creating a shared folder.

Two-Factor authentication is an added layer of security that can be put into place to protect your online accounts. When 2FA is added to an account, a user is required to know their username, password, and provide an additional form of authentication or approval to complete their login. This additional factor helps protect against compromised or weak credentials and even various phishing attacks. The two basic types of 2FA are push-based and TOTP (Time-Based One-Time Password). JC Password Manager supports TOTP.

The JumpCloud Password Manager allows you to save and assign TOTP codes to your login items. After scanning the code for 2FA setup, a constantly changing 6-digit code will be associated with your login item in the JC Password manager. With 2FA setup, JC Password Manager allows you to autofill usernames, passwords, and 2FA codes. You are also able to share passwords with 2FA enabled with the rest of your team.

Both apps have authenticator features. The Password Manager currently only supports TOTP-based 2FA; end users should continue to use JumpCloud Protect for push-based MFA.

Since the JumpCloud Password Manager and its vault live locally on your device, any additional authentication factors on your device inherently protect your Password Manager. For instance, if you enforce MFA on a JumpCloud managed device, your users will need to provide an additional factor to log into their device, further protecting the local installation of your password 

Yes, JC Password Manager can autofill all the credit card information in your browser via the JC Password Manager browser extension the same way that it auto-fills your usernames and passwords. When you see a credit card form with the JC Password Manager icon, click on it and select the credit card that you would like to auto-fill. This will send a login request to your phone and as soon as you approve it, JC Password Manager will auto-fill the data. 

The Jump Cloud Password Manager allows you to save and assign TOTP codes to your login items. After scanning the code for 2FA setup, a constantly changing 6 digit code will be associated with your login item in the JC Password manager and will auto-fill.      

JC Password Manager locally stores passwords, cards, notes, government IDs, and any custom category that you create. 

• Your browsing data is not recorded.                            
• Your keystrokes and mouse movements are not logged.                              
• We store an encrypted version of the phone number you signed up with in order to allow you to restore your data to a new device, to be able to send you notifications and to enable credential sharing between users.    

JC Password Manager stores your password vault locally across devices with JC Password Manager. Your vault is synced in an end-to-end encrypted manner across different JC Password Manager applications. Our relay servers are used to sync your encrypted vault between different devices. 

End-to-end encryption between devices that you have enrolled:                                       

• All traffic is over HTTPS. RSA2048 is used to encrypt an AES-256 key that is used to encrypt relayed data. Any message emitted is also digitally signed.
• The Key exchange happens by scanning a QR code.     

Shared Passwords are encrypted with a computer generated AES-256 key which is encrypted using RSA-2048 and stored in the secure storage service of the device (Apple Keychain or Windows credentials manager etc.).                            

No, by default admins do not have access to view or modify user-created passwords.