Passwordstate 6.0 New Features

Hello Everyone,

Before we go into any detail about the new features of version 6, we just want to say a huge thanks to all our wonderful customers for their suggestions of what they would like to see in Passwordstate, and also for helping us test the various beta versions. It’s amazing how people will take time out of their day to provide feedback, and spend endless hours testing with us. Thanks Guys If you’re wanting to upgrade your beta install to this production release, please follow these instructions – http://www.clickstudios.com.au/forum/showthread.php/365-Upgrade-Instructions-for-Production-Release-(Build-6080) J

Now on to the features. We’re very pleased to finally release version 6 of Passwordstate. This is probably one of the biggest releases we’ve had to date, and it’s been 8 months in the making. We’ll go into some detail here for the major changes in version 6.

New User Interface
The first thing you will notice when using v6 is the new user interface. The main change is how the old navigation tabs in version 5 have now been moved to the bottom of the screen as a horizontal popup menu. This provides a little more screen real-estate, which is useful when the majority of your time is spent clicking around in the navigation tree, and access passwords in each of the different Password List screens. We’ve also had quite a few beta testers comment on the new version appearing to run much faster.

Two-Factor Authentication with RSA’s SecurID
Version 6 now has 9 different authentication options, which can be used when you first access the site, or as an additional authentication step when you need to access certain Password Lists. One of these new authentication options is two-factor authentication with RSA’s SecurID tokens – these can be physical or software based tokens. There’s obviously quite a few versions of the RSA Authentication Manager, and in our testing we’ve used version 7.1 SP4 Patch 22. RSA assures us that prior and new releases should work just fine. Read more here – http://www.clickstudios.com.au/blog/two-factor-authentication-with-rsa-securid/

Two-Factor Authentication with Google Authenticator
Can’t afford the investment for RSA’s SecurID solution, then use two-factor authentication with Google’s Authenticator. Google Authenticator is a software based solution, which can be installed on the majority of mobile clients. Read more here – http://www.clickstudios.com.au/blog/two-factor-authentication-with-google-authenticator/

Application Programming Interface (API)
With the new API built into Passwordstate, you can integrate your other applications and do away with hard coded passwords in scripts, etc. Data can be returned in either JSON or XML format.

It’s possible to perform the following API Calls:

  • Retrieve a Password record
  • Update a Password record
  • Add a new Password record
  • Retrieve all the history for changes to a Password record
  • Retrieve all Passwords records in a specific Password List
  • Retrieve all Passwords records across all Shared Password Lists
  • Search for Password records, based on various search criteria
  • Generate one or more random passwords
  • Retrieve details and settings for a Password List

For each Password List which you enable for the API (create and API Key), you can also configure which of the API calls above is allowed, or not allowed, as per the following screenshot:

 

Linking Password Lists to Templates
Password List Templates where introduced in version 5, which allowed you to specify some default settings which could then be applied to a Password List. With version 6, we’ve now introduced the feature whereby you can link a Template to one or more Password Lists, and manage the settings in one central location – the template itself. Read more here – http://www.clickstudios.com.au/blog/linking-password-lists-to-templates/

User Account Policies
User Account Policies allows you to specify various settings for how Passwordstate appears or behaves for users. Once you’ve created a policy, you can apply permissions based on user accounts, or security groups. You can even apply more than one policy to the same user. Examples of how this would be used are:

  • Specify a different Authentication Method for users who have higher privileges to systems i.e. Domain Administrators
  • You don’t wish for any of the charts to appear for your users – simply disable them with a policy
  • Allow only a certain number of users to use the ‘Auto Generate New Password’ feature when adding new passwords

Read more here – http://www.clickstudios.com.au/blog/user-account-policies-in-passwordstate/
More Generic Fields and Different Data Types
There are now up to 10 different Generic Fields you can choose from for your Password Lists, and each field can be configured as one of the following data types – Text Field, Free Text Field, Password Field, Select List, Radio Buttons or Data Picker. Read more here – http://www.clickstudios.com.au/blog/generic-field-improvements/


Allowed IP Ranges
Need to restrict which networks can access the Passwordstate web site or API? If so, then you can use the ‘Allowed IP Ranges’ feature, where you can specify individual IP Addresses, or a range of IP Addresses. Read more here – http://www.clickstudios.com.au/blog/allowed-ip-ranges-in-passwordstate/

Backups and In-Place Upgrades
Version 6 now has an automated backup feature built into it, where you can set a schedule for automatic backups of all the web files, and copies of the database. You can specify at what time of the day the backups should begin, how often they should be run, and how many copies to keep on disk. In addition to automatic backups, we now have In-Place Upgrades, which means no more uninstalling/reinstalling Passwordstate to get to the latest version – simply upgrade right from within the web site. You must have your automatic backups configured and working prior to using the In-Place Upgrades feature. Read more here – http://www.clickstudios.com.au/blog/backups-and-in-place-upgrades/

Active Directory & Windows Actions
When a Password List is configured to synchronize password changes with Active Directory, or local accounts on Windows Servers, you can now enable the feature ‘Active Directory & Windows Actions. With this feature you can perform certain account related tasks, such has unlocking account, disable accounts, etc. Read more here – http://www.clickstudios.com.au/blog/active-directory-actions/

Automatic Password Rotation
Again, when a Password List is configured to synchronize password changes with Active Directory, or local accounts on Windows Servers, you can take advantage of the ‘Automatic Password Rotation’ feature, which allows you to specify a set and forget schedule for automatically updating and synchronizing passwords when they expire. Read more here – http://www.clickstudios.com.au/blog/automatic-password-rotation/

Regards
Click Studios

Active Directory Actions

Hi Everyone,

We’ve added another new feature to version 6 called ‘Active Directory & Windows Actions’, and it can be enabled or disabled per Password List if required.

Active Directory & Windows Actions allows you to perform 4 different account related tasks, if your Password List is configured to synchronize changes with Active Directory or local Windows servers. The 4 functions are:

  • Unlock this account if locked
  • User must change password at next login
  • Disable this account
  • Enable this account

This feature is very useful for Help Desks who manage general user accounts within Passwordstate. You can also use this feature without having to update the Password record itself – simply click one of the options, hit the ‘Save’ button, and the action will be completed. Performing an Action by itself will not create a new Password History record – as history record is only created if you change one of the fields.

Note: If you use the ‘User must change password at next login’ option, then as soon as the user does change the password on the domain, then the password in Passwordstate will be out of Sync – this may not be an issue for some customers if they wish to use this feature this way.

A screenshot of the feature is below:

Active Directory & Windows Actions

 

If you don’t wish for your users to enable this feature on any of the Password Lists, you can disable it on the screen Administration -> System Settings -> Active Directory Options tab.

Regards
Click Studios

Automatic Password Rotation

Hello Everyone,

In Version 6 of Passwordstate, we have another new feature coming called ‘Automatic Password Rotation’.

With this feature, when a password expires (based on the ExpiryDate field), you can specify various options for automatically generating a new password and synchronizing the change with the Active Directory or Local Windows account.

You can specify the default values for these options at the Password List level, and then when you add or edit a password record, it will inherit the settings from the Password List. You can then choose to over-ride these values if you like. The options available are:

  • To enable/disable the feature
  • The time of day you want the password to be rotated
  • How many days you would like added to the ExpiryDate field
  • Whether or not to email Password List Administrators when the rotation was successful, or if it failed (for any reason)

Once you save the password record with these options, these settings will stay saved even after the initial rotation – effectively it’s a set and forget feature which will continually generate and update passwords when specified.

The following screenshot shows each of the options:

Automatic Password Rotation

 

We hope you like this new feature when V6 is released, which is just around the corner 🙂

Regards
Click Studios

Backups and In-Place Upgrades

Hi Everyone,

For the past couple of weeks, we’ve been working on the ability to perform backups of the Passwordstate database, and all the web files, right from within the Passwordstate application. In addition to this, and it’s been a long time coming (sorry), you can now perform in-place upgrades of Passwordstate – no longer do you need to uninstall and re-install Passwordstate every time there’s a new build released.

First we’ll start with the backups. You have the option of performing manual backups whenever you need, or you can set a regular schedule and let them run themselves. You have the following options available to you:

Backup Settings

  • How many backups to keep on the file system
  • The path to where you would like to store the backups (ideally should be stored on a different location other than your Passwordstate web or database server)
  • Username and Password required for the backup (we’ll explain what permissions are required further below)
  • Whether you want to enable a regular set-and-forget schedule for the backups to occur
  • And finally, what time you would like the scheduled backups to begin, and how often you want a backup to occur.

Couple of screenshots to show you the status of backups, and also the Settings screen:

Backup Permissions
To allow backups to work through the Passwordstate web interface, you will need to specify an account (domain or Windows account), which has the following permissions:

  • Permissions to write to the Backup path you’ve specified
  • Permissions to stop and start the Passwordstate Windows Service on the web server
  • Permissions to write to the Passwordstate folder.

In addition to this, you must configure the SQL Server service to use a domain or Windows account which has permissions to also write to the Backup Path. To do this, you need to open the ‘SQL Server Configuration Manager’ utility on your database server, click on ‘SQL Server Services’, and the specify and account as per the next screenshot:

 

In-Place Upgrades
A prerequisite to being able to perform in-place upgrades in version 6, is to ensure your backups are configured and working correctly. If they aren’t, you will not be able to perform in-place upgrades. There are to main processes for an upgrade:

Upgrade Web Files
Prior to performing the upgrade of the database, the following occurs:

  • Passwordstate Windows Service is stopped
  • Compresses and backup all the web files
  • Backup up the database
  • Download the latest build from the Passwordstate web site (there is an option to manually download the upgrade file, if for whatever reason Passwordstate is unable to do it itself i.e. proxy issues)
  • Extract the latest build to a temporary folder
  • Overwrite all the files, and clean up any old files
  • Restart the Passwordstate Windows Service.


Upgrade Database

Once all the web files have been upgraded, you will be logged out of Passwordstate automatically, at which time you can log straight back in and finish the upgrade of the database. The reason the log out is required, is because modifying files in a IIS web site can cause sessions in IIS to be disrupted (ended).

We apologize it’s taken so long to come up with a better upgrade procedure, but as soon as version 6 is released, it should make upgrading to new builds a whole lot easier.

Regards
Click Studios

Linking Password Lists to Templates

Hi Everyone,

We’ve now introduced the feature in version 6 where you can link Password Lists to Templates, and control all of the settings from the Template itself.

With this feature it means you can control the settings for multiple Password Lists in the one location, and easily enforce some consistency across similar Password Lists.

Caution: In version 6 you can now configure the ‘Generic Fields’ to be of different field types i.e. text fields, date field, password fields, etc. If you link a Password List to a Template, and the Template has non-compatible generic field types, it will blank the data for these fields in the database. You will be prompted and reminded of this when linking Password Lists, but it’s something to be aware of.

When you link a Password List to a Template, it will appear on the Templates as per this screenshot (To link Password Lists to a Template, you simply select ‘Linked Password Lists’ from the Action drop-down menu):

Linked Templates

Once linked, the majority of controls on the ‘Edit Password List’ will be disabled, and you will be notified at the top of the screen as to which Template the Password List has been linked to:

Linked Password List Edit Screen

 

How To Clone a Folder

Hi Everyone,

Today we released Build 5638 of Passwordstate, which includes a new feature where you can clone a Password Folder, and any Folders or Password Lists nested beneath it. This feature is very handy for keeping a consistent structure for storing all your passwords.

To clone a folder, you first need to click on it in the Navigation Tree, then click on the ‘Folder Options’ button at the top of the screen, and then you will see the ‘Clone Folder’ link. From here you have the following options available to you:

  • Specify the new name of the folder to be cloned
  • Choose whether you want to clone all Folders and Password Lists nested below the chosen folder, or just clone Folders only
  • Choose what permissions you would like to apply to the new Folders and Password Lists – either clone the current permissions, apply permissions just for yourself, or don’t apply any permissions at all

When you have finished cloning the folder, it will place the structure in the root of the Navigation Tree. Standard processing occurs when cloning folders i.e. appropriate audit events are logged, and email notifications are sent informing users they have access to one or more new Password Lists. We’ve also provided a ‘Save & Clone Again’ button, so you can quickly repeat the process. Below is a screenshot from version 6 of Passwordstate, showing the options available to you.

Note: Cloning Password Lists will not clone any of the passwords contained within them – only settings, customisations and permissions will be cloned.

Cloning Folders in Passwordstate

We hope you like this new feature, and please leave us some comments if you like.

Regards
Click Studios

 

Generic Field Improvements

Hi Everyone,

When version 6 is released, you will notice a few enhancements we have made to the Generic Fields you can associated with Password Lists.

To start with, we have extended the number of Generic Fields from 3 to 10, and now the following Field Types are also available:

  • Text Field – just a normal text field as you currently have in version 5 of Passwordstate
  • Free Text Field – an unlimited text field for entering larger bodies of text
  • Password – an encrypted password field, which is also salted in the database, and allows you mask the contents as per a normal Password field i.e. ******, and you can also copy to clipboard as per normal
  • Select List – allows you to specify multiple fixed values, which shows as a drop-down list
  • Radio Buttons – allows you to specify multiple fixed values, which shows as a Radio Button
  • Date Picker – similar to the Expiry Date field, this one gives you a popup calendar for specifying date values

We hope you like this feature once version 6 is released, and below are a couple of screenshot for how you configure your Password Lists, and how it looks on an Edit Password screen.

Configure Generic Field Settings for a Password List

Generic Field Setting for a Password List

 

How the Edit Password Screen looks with Generic Fields
Generic Fields on Edit Password Screen

Regards
Click Studios

Allowed IP Ranges in Passwordstate

Hi Everyone,

We’ve just added a small, but important feature in version 6 of Passwordstate called Allowed IP Ranges. This features allows you to restrict which IP addresses are allowed to browse to the Passwordstate web site, and can be specified in the following format:

Individual IP Address – 192.168.1.50
Entire Subnets – 192.168.1.*
Subnet Ranges – 192.168.1.50-192.168.1.254

In the event you make a mistake in specifying Allowed IP Ranges and lock yourself out of Passwordstate, you can always gain access via logging on directly to your web server, or via the Emergency Access account. Here’s a screenshot of where you can specify the settings:

Allowed IP Ranges in Passwordstate

Regards
Click Studios

Two-Factor Authentication with RSA SecurID

Hi Everyone,

As of today, we’ve finished implementing two-factor authentication in Passwordstate V6, using RSA’s SecurID solution. Once we have a beta of Version 6 available, we’ll be asking for testers of this functionality, as we’ve only been able to test using RSA Authentication Manager 7.1 SP4 Patch 22 – the Authentication Agent library we’re using is meant to be compatible with Authentication Manager 6.x, 7.x and the upcoming 8.x – due for release later this month.

Configuring Passwordstate to use SecurID is a fairly simple process, and we’ve written up specific documentation to assist customers with the initial configuration. Once done, you will be able to choose anyone of the following options:

  • Secure access to Passwordstate using SecurID Authentication – this is for both installs of either Active Directory authentication, or forms based authentication
  • Secure access to Passwordstate using both AD and SecurID Authentication – obviously only for AD users
  • Secure access to Password Lists using SecurID Authentication

We’ve also added a new option called ‘If one of the SecurID Authentication options are selected, auto-populate the UserID field based on the current logged in user – domain suffix will be dropped if using Active Directory version of Passwordstate’. If your Passwordstate UserID’s are the same format as your SecurID User ID’s, then this makes it a little quicker to authenticate.

Now for some screenshots:

Secure access to Passwordstate using SecurID Authentication

SecurID Authentication

 

Secure access to Passwordstate using both AD and SecurID Authentication

SecurID and AD Authentication

 

Secure access to Password Lists using SecurID Authentication
SecurID Authentication for Password Lists

 

 

We hope you like this feature when version 6 is available.