Two-Factor Authentication with RSA SecurID

Hi Everyone,

As of today, we’ve finished implementing two-factor authentication in Passwordstate V6, using RSA’s SecurID solution. Once we have a beta of Version 6 available, we’ll be asking for testers of this functionality, as we’ve only been able to test using RSA Authentication Manager 7.1 SP4 Patch 22 – the Authentication Agent library we’re using is meant to be compatible with Authentication Manager 6.x, 7.x and the upcoming 8.x – due for release later this month.

Configuring Passwordstate to use SecurID is a fairly simple process, and we’ve written up specific documentation to assist customers with the initial configuration. Once done, you will be able to choose anyone of the following options:

  • Secure access to Passwordstate using SecurID Authentication – this is for both installs of either Active Directory authentication, or forms based authentication
  • Secure access to Passwordstate using both AD and SecurID Authentication – obviously only for AD users
  • Secure access to Password Lists using SecurID Authentication

We’ve also added a new option called ‘If one of the SecurID Authentication options are selected, auto-populate the UserID field based on the current logged in user – domain suffix will be dropped if using Active Directory version of Passwordstate’. If your Passwordstate UserID’s are the same format as your SecurID User ID’s, then this makes it a little quicker to authenticate.

Now for some screenshots:

Secure access to Passwordstate using SecurID Authentication

SecurID Authentication

 

Secure access to Passwordstate using both AD and SecurID Authentication

SecurID and AD Authentication

 

Secure access to Password Lists using SecurID Authentication
SecurID Authentication for Password Lists

 

 

We hope you like this feature when version 6 is available.

Two-Factor Authentication with Google Authenticator

Hi Everyone,

We’ve finished adding two-factor authentication using Google’s Authenticator to version 6 of Passwordstate. Google Authenticator is great for smaller companies who can’t afford the investment required to internally host other two-factor authentication solutions such as RSA’s SecurID.

Configuring your Passwordstate account to use Google Authenticator, is quite a simple process:

  • First install Google Authenticator on your mobile device – Android, iOS & Windows Phone
  • Visit the Preferences screen in Passwordstate, and click on the ‘Authentication Options’ tab
  • Select the ‘Google Authenticator’ option from the Authentication dropdown list
  • Generate a new barcode/secret key
  • Scan the barcode into Google Authenticator on your mobile/cell device, or manually type in the secret key
  • Click on the ‘Save’ button to save the secret key to your Passwordstate account.

Google Authenticator Settings

Once you have successfully enabled Google Authenticator with Passwordstate and on your mobile/cell device, then you will be presented with the following login screen next time you visit Passwordstate.

Passwordstate Google Authenticator Login

You will now have a maximum of 60 seconds to copy the verification code from your mobile/cell device (image below), into Passwordstate. After 60 seconds, a new verification code will appear on your device.

Google Authenticator for Android

 

We hope you like this new feature once version 6 of Passwordstate is released, and please leave us any comments you like regarding the feature.

Regards
Click Studios

New Menu System in Version 6.0

Hi Everyone,

Thought we’d share with you the new Navigation Menu System coming in Version 6 of Passwordstate, and what options are available to use with it.

So the tabs on the bottom left hand side of the screen are now gone, and replaced with a horizontal menu system at the bottom of the screen. By default, hovering over a menu item will cause it’s sub-menus to appear, as per the following screenshot:

Passwordstate Menu System

If you’d prefer the sub-menu items do not appear when you hover over them, there’s a new option in the ‘Preferences’ area where you can choose to show them instead by clicking on them.

Options for the menu showing

As a Security Administrator of Passwordstate, you can also control who is allowed to access the various menus and sub-menus. From the screen Administration -> System Settings ->Miscellaneous Tab, you can specify who can have access either by individual User Accounts, or Security Groups.

Control who has access to the menus

We hope you like this new navigation UI once version 6 is released.

Regards
Click Studios

Display Auditing Data Graphically in Passwordstate

In Version 6 of Passwordstate, we’ve added a new page called Auditing Graphs.

This page will allow you to filter on any of the 58 current audit record types, by platform (web, mobile, API or Windows Service), and by various duration’s – 6 months through to 3 years. Once you’ve selected your options, hit the Refresh button and the graph will be redrawn.

We’ve also listed all the Audit Activities and the end of this post, and this list will grow as we develop more features in the API, and start to develop the mobile client.

View audit data graphically in Passwordstate.

Access Granted
Access Removed
Access Updated
All Passwords Exported
Audit Records Purged
Document Deleted
Document Updated
Document Uploaded
Document Viewed
Email Sent
Email Template Enabled
Email Template Disabled
Email Template Updated
Emergency Access Event
Failed API Call
Handshake Approval Requested
Login Attempt Failed
Login Attempt Succeeded
Password Added
Password Copied to Clipboard
Password Deleted
Password History Exported
Password History Retrieved
Password List Added
Password List Authentication
Password List Deleted
Password List Retrieved
Password List Updated
Password Restored
Password Retrieved
Password Screen Opened
Password Updated
Password Viewed
Passwords Exported
Reporting
Security Administrator Added
Security Administrator Removed
Security Administrator Role Updated
Security Group Added
Security Group Updated
Security Group Deleted
Tab Authentication
Template Access Granted
Template Access Removed
Template Access Updated
Template Added
Template Deleted
Template Updated
User Account Added
User Account Added to Security Group
User Account Disabled
User Account Enabled
User Account Updated
User Account Deleted
User Accounts Exported
User Removed From Security Group
UserName Copied to Clipboard
Windows Account Synchronization

Regards
Click Studios

Generate Random Passwords

Passwordstate has a quite capable Password Generator, and can be used in a couple of ways – each user can have their own personal Password Generator options, or specific options can be assigned to individual Password Lists. We’ll run through some of the options now:

Alphanumerics & Special Characters
You can specify what letters, numerics and special characters will use when generating passwords, but selecting the appropriate options on the ‘Alphanumerics & Special Characters’ Tab. Options are:

  • Include Alphanumerics & Special Characters – if omitted, then only ‘Word Phrases’ will be used to generate the passwords
  • Length – specify the minimum and maximum length of characters/numbers generated
  • Lower-case – choose if you want to include lower-case characters
  • Upper-case – choose if you want to include upper-chase characters
  • Numbers – choose if you would like to include numbers
  • Include higher ratio of alphanumerics vs special characters – if you also choose to include special characters, then you can choose to generate a percentage of alphanumeric characters than special characters
  • Include ambiguous alphanumerics – characters like I , l, and 1 maybe be confusing as it’s difficult to read what they are, and you can choose to ignore these characters
  • Include the following special characters – you can use the predefined ones, or modify to suite your own requirements
  • Include the following brackets – again, you can choose the predefined brackets, or just specify the ones you want to use
Alphanumeric Password Generator Options

Alphanumeric Password Generator Options

 

Word Phrases
To make the passwords a little easier to read and remember, you can also choose to insert random words within the password itself. There are 10,000 random words which can be used. Options are:

  • Include Word Phrases – to include them or not
  • Number of Words – how many words you would like inserted in the password
  • Maximum Word Length – specify the maximum length of the word which will be generated
Word Phrase Password Generator Options

Word Phrase Password Generator Options

 

Generate Passwords
And now that you have specified all the settings for generating your password(s), on this tab you can specify how many passwords you would like to generate.

Generate Random Passwords

Generate Random Passwords

 

We hope you find this blog post useful, and please let us know if you have any other suggestions for posts you would like to see about our Password Manager software.

Regards
Click Studios

Flexible Options for Hiding Passwords

Hi Everyone,

Thought we’d share another little feature with you which might not be so obvious to you. On each of the Password Lists screens, there is a ‘Password’ column which shows the masked password and provides a image for you to click on copy the Password to the clipboard – see image below. Did you know there are three options for how long the Password will stay visible on the screen when you click the masked password text? Read on below to find out about each of the three options:

Masked Passwords
To find the option to change how quickly the Passwords will be hidden (masked), visit the page Administration -> System Settings -> Password Options Tab.

Option 1 – Hide Based on a Set Time
Regardless of the length or complexity of the Password, you can hide the Password based on a set time interval – in seconds.

Hide Password Based on Set Time

Option 2 – Hide Based on Complexity of the Password
As you’re aware, each Password is deemed to be of a certain ‘Strength’, and this strength can differ depending on which ‘Password Strength Policy’ is assigned to the Password List. You can set a specific time interval for each of the 5 different Password Strengths – Very Poor, Weak, Average, Strong & Excellent

Hide Password Based on Complexity

Option 3 – Hide Based on Password Length
It can be very difficult to read an unmasked Password in it’s entirety if it is a long password – more than likely it will be hidden before you’ve finished typing the password into a different screen somewhere. To overcome this, you can hide the Password based on different set time intervals, for three different Password Lengths – of which, all can be customized to your liking. Note that Length 3 is greater than or equal to, whereas the other two options are less than or equal to. This means you should set  Length 3 to be one value greater than Length 2.

Hide Password Based on Length

We’ll keep posting tips like this for our Password Management Software, and please leave us some comments if there’s anything specific you would like us to explain.

Regards
Click Studios

Email Notifications within Passwordstate

Passwordstate can generate up to 42 different types of emails, for which most can be enabled or disabled as required – certain email’s cannot be disabled due to the nature of them such as ‘Audit Log Tamper Detection’. What most people don’t realise is email notifications can be managed in three separate ways:

Managed By User
Each user can manage their own email notifications by visiting the ‘Preferences’ area for their account. From the ‘Email Notifications’ tab, they can select which email categories to enable or disable, depending on their personal preference.

Managed for Several Users at Once
As of Build 5416, we now have a feature called ‘Email Notification Groups’. This feature allows Security Administrators of Passwordstate to manage notifications for a collection of user accounts, or for members of specific security groups. In enabling this option for a user, it will disable their ability to specify their own settings under the Preferences section mentioned above.

Managed System-Wide for All User
Under the Administration area of Passwordstate, there is a feature called ‘Email Templates’. This feature allows the Security Administrators to customize the body of each of the emails sent, and also allows them to disable/enable all notifications system-wide – which overrides the two methods mentioned above. Generally most customers disable all email templates whilst they are configuring Passwordstate initially, to prevent a considerable amount of emails being generated as they add/import passwords from existing systems.
For your reference, a complete list of the Email Notifications can be found here – http://www.clickstudios.com.au/about/notifications.html

Regards
Click Studios

Time-Based Access to Passwords and Passwordstate

A couple of features we’ve had for quite some time now is Time-Based Access to Passwords, or to Passwordstate itself. To start with, we’ll show you time-based access to Password Lists:

Time-Based Access to Password Lists

When applying permissions to a Password List, you will notice a tab called ‘Time Based Access’. By clicking on this tab you can set the access to expire automatically at a specific time, or by a certain number of days, hours and minutes into the future.

After you have set the expiry date for the access, a new icon will be shown in the ‘Expires’ column of the Password Lists Permission page:

The Passwordstate Windows Service checks every one minute if any access has expired, and removes permissions if appropriate.

Time-Based Access to Passwordstate

Another useful feature is to automatically remove or disable a user’s account in Passwordstate at a set time. The screen for configuring expiry of an account is similar to the one for Password Lists, except this time you can also choose to disable or delete the user’s account.

This feature is very useful if you have contractors working in your organization, or if you have an employee leaving at a known time.

Regards

Click Studios

Passwordstate – Password Management Software

Synchronize Passwords with Active Directory

As of version 5.4 of Passwordstate, it’s now possible to synchronize passwords in Passwordstate with either Active Directory or local Windows Servers.

In order for a Password List to be ‘ready’ for synchronization, the following ‘Customized Fields’ are required for the Password List:

  • You must select the ‘User Name’ field
  • You must select one Generic Field and label it ‘Domain or Host’
  • You must select the ‘Account Type’ field

When a Password List is ready for synchronization, you will see the following graphic at the top-right hand side of the Password grid:

Now, when you edit a record, you will see the following screen:

  • 1 – You must select the ‘Account Type’ of Windows
  • 2 – The ‘Account Synchronization Enabled’ indicator will be shown
  • 3 – This icon allows you to confirm the password you are enter matches what’s stored in Active Directory or on the local Windows Server
  • 4 – This is what you click on to save the record in Passwordstate, and to change (sync) the password in Active Directory or local Windows Server

Note: When adding a new password record to Passwordstate, you cannot also add the account into Active Directory or local Windows Server, however you can confirm the password is correct by clicking on the Check Password icon.

As of Build 5416, we also have a report which you can run for Password Lists which validates in real-time if the passwords are synchronized. You will see the following drop-down menu option if the Password List is ‘ready’ for synchronization:


Troubleshooting Sync Issues

It’s possible that synchronization may not work with the default settings, due to different security restrictions customers may place on their Active Directory environment. If you receive a popup message when synchronizing to say there was an error, and to check your settings, you may need to specify an appropriate domain account to synchronize with. On the screen Administration -> System Settings -> Active Directory Options Tab, you can specify an account as per the screenshot below.

If you still have issues after this, something else which may be required is specifying the same AD account to use as the Application Pool identity in IIS – you can following the instructions in our installation documentation labelled ’11. Active Directory & IIS Application Pool.

adsync1

 

We hope you like to new feature, and look forward to hearing any feedback from you.

Regards
Click Studios
Passwordstate – Secure Password Manager

Passwordstate 5.4 Released

Hello Everyone,

Click Studios is very pleased to announce the availability of Version 5.4 of Passwordstate with 70 new features, updates and bug fixes in total. Notable changes are:

  • Synchronize Password changes with Active Directory or Windows Servers
  • Prevent Reuse of Passwords
  • Mandatory Password Strength options
  • Share Password List Templates with other users
  • Secondary authentication options for securing access to Password Lists and navigation Tabs
  • Improved document handling for Password Records and Password Lists
  • Search across all passwords in Password Folders
  • Audit Log Tamper Detection
  • Any many User Interface improvements

You can download the latest release from here – http://www.clickstudios.com.au/downloads/passwordstate.zip, or watch the following short video showing some of the new features.