Active Directory Single Sign-On

Single Sign-On, using your Active Directory credentials, is available for Windows PCs joined to the domain. When used, users are automatically authenticated to Active Directory and the Passwordstate web site, without the need for them to specify their username and password.

Manual Active Directory

If you prefer not to use Single Sign-On Active Directory Authentication method, you can choose to use Manual Active Directory Authentication, whereby the user must first manually authenticate using the site their AD username and password.

RSA SecurID Two-Factor

Certified EMC Partner

Make use of the leading two-factor authentication solution, and require your users to authenticate using RSA's SecurID tokens

YubiKey Authentication

Passwordstate also supports YubiKey authentication with the Yubico Cloud based OTP, or the OATH - TOTP and OATH - HOTP protocols -

Duo Two-Factor Authentication

Make use of the leading cloud-based two-factor authentication solution, and choose Duo Security's Authentication - either Push, SMS or Phone Call -

One-Time Password Tokens

Based on either the TOTP (Time-Based) or HOTP (Counter-Based) algorithms, you can use either hardware or software tokens for additional two-factor authentication. Can be used with most authentication services which support TOTP and HOTP, like Microsoft Azure MFA.

Google Authenticator

Google provides a free two-factor authentication solution called Google Authenticator, with authentication software available for most mobile clients -

RADIUS Authentication

Integrate authentication with your existing RADIUS infrastructure as well. Based on the RADIUS Protocol, free RADIUS servers such as can be used, as well as many commercials ones.

ScramblePad Authentication

ScramblePad Authentication works by assigning a Pin number to a user's account. When asked to authenticate, the user must match their pin number against a series of randomly generated letters.

Email and a Temporary Pin Code

When you first authenticate to Passwordstate, a temporary Pin Code can be emailed to an email address of your choice (could even be an SMS Gateway). The Pin Code is only active as long as the time period as specified by your Passwordstate Security Administrator(s).

SAML 2 Authentication

Passwordstate also supports SAML2 authenticator, with various SAML providers who support this standard. Providers such as,, or even Active Directory Federation Services (ADFS).

Local Account Authentication

If your preference is not to use the Active Directory Integrated authentication method, you can opt for Local Account authentication. With Local Account authentication, there is no reliance on AD at all, and users must supply username/password every time they wish to use Passwordstate.