Two-Factor Authentication with RSA SecurID

Hi Everyone,

As of today, we’ve finished implementing two-factor authentication in Passwordstate V6, using RSA’s SecurID solution. Once we have a beta of Version 6 available, we’ll be asking for testers of this functionality, as we’ve only been able to test using RSA Authentication Manager 7.1 SP4 Patch 22 – the Authentication Agent library we’re using is meant to be compatible with Authentication Manager 6.x, 7.x and the upcoming 8.x – due for release later this month.

Configuring Passwordstate to use SecurID is a fairly simple process, and we’ve written up specific documentation to assist customers with the initial configuration. Once done, you will be able to choose anyone of the following options:

  • Secure access to Passwordstate using SecurID Authentication – this is for both installs of either Active Directory authentication, or forms based authentication
  • Secure access to Passwordstate using both AD and SecurID Authentication – obviously only for AD users
  • Secure access to Password Lists using SecurID Authentication

We’ve also added a new option called ‘If one of the SecurID Authentication options are selected, auto-populate the UserID field based on the current logged in user – domain suffix will be dropped if using Active Directory version of Passwordstate’. If your Passwordstate UserID’s are the same format as your SecurID User ID’s, then this makes it a little quicker to authenticate.

Now for some screenshots:

Secure access to Passwordstate using SecurID Authentication

SecurID Authentication

 

Secure access to Passwordstate using both AD and SecurID Authentication

SecurID and AD Authentication

 

Secure access to Password Lists using SecurID Authentication
SecurID Authentication for Password Lists

 

 

We hope you like this feature when version 6 is available.

Two-Factor Authentication with Google Authenticator

Hi Everyone,

We’ve finished adding two-factor authentication using Google’s Authenticator to version 6 of Passwordstate. Google Authenticator is great for smaller companies who can’t afford the investment required to internally host other two-factor authentication solutions such as RSA’s SecurID.

Configuring your Passwordstate account to use Google Authenticator, is quite a simple process:

  • First install Google Authenticator on your mobile device – Android, iOS & Windows Phone
  • Visit the Preferences screen in Passwordstate, and click on the ‘Authentication Options’ tab
  • Select the ‘Google Authenticator’ option from the Authentication dropdown list
  • Generate a new barcode/secret key
  • Scan the barcode into Google Authenticator on your mobile/cell device, or manually type in the secret key
  • Click on the ‘Save’ button to save the secret key to your Passwordstate account.

Google Authenticator Settings

Once you have successfully enabled Google Authenticator with Passwordstate and on your mobile/cell device, then you will be presented with the following login screen next time you visit Passwordstate.

Passwordstate Google Authenticator Login

You will now have a maximum of 60 seconds to copy the verification code from your mobile/cell device (image below), into Passwordstate. After 60 seconds, a new verification code will appear on your device.

Google Authenticator for Android

 

We hope you like this new feature once version 6 of Passwordstate is released, and please leave us any comments you like regarding the feature.

Regards
Click Studios

New Menu System in Version 6.0

Hi Everyone,

Thought we’d share with you the new Navigation Menu System coming in Version 6 of Passwordstate, and what options are available to use with it.

So the tabs on the bottom left hand side of the screen are now gone, and replaced with a horizontal menu system at the bottom of the screen. By default, hovering over a menu item will cause it’s sub-menus to appear, as per the following screenshot:

Passwordstate Menu System

If you’d prefer the sub-menu items do not appear when you hover over them, there’s a new option in the ‘Preferences’ area where you can choose to show them instead by clicking on them.

Options for the menu showing

As a Security Administrator of Passwordstate, you can also control who is allowed to access the various menus and sub-menus. From the screen Administration -> System Settings ->Miscellaneous Tab, you can specify who can have access either by individual User Accounts, or Security Groups.

Control who has access to the menus

We hope you like this new navigation UI once version 6 is released.

Regards
Click Studios

Display Auditing Data Graphically in Passwordstate

In Version 6 of Passwordstate, we’ve added a new page called Auditing Graphs.

This page will allow you to filter on any of the 58 current audit record types, by platform (web, mobile, API or Windows Service), and by various duration’s – 6 months through to 3 years. Once you’ve selected your options, hit the Refresh button and the graph will be redrawn.

We’ve also listed all the Audit Activities and the end of this post, and this list will grow as we develop more features in the API, and start to develop the mobile client.

View audit data graphically in Passwordstate.

Access Granted
Access Removed
Access Updated
All Passwords Exported
Audit Records Purged
Document Deleted
Document Updated
Document Uploaded
Document Viewed
Email Sent
Email Template Enabled
Email Template Disabled
Email Template Updated
Emergency Access Event
Failed API Call
Handshake Approval Requested
Login Attempt Failed
Login Attempt Succeeded
Password Added
Password Copied to Clipboard
Password Deleted
Password History Exported
Password History Retrieved
Password List Added
Password List Authentication
Password List Deleted
Password List Retrieved
Password List Updated
Password Restored
Password Retrieved
Password Screen Opened
Password Updated
Password Viewed
Passwords Exported
Reporting
Security Administrator Added
Security Administrator Removed
Security Administrator Role Updated
Security Group Added
Security Group Updated
Security Group Deleted
Tab Authentication
Template Access Granted
Template Access Removed
Template Access Updated
Template Added
Template Deleted
Template Updated
User Account Added
User Account Added to Security Group
User Account Disabled
User Account Enabled
User Account Updated
User Account Deleted
User Accounts Exported
User Removed From Security Group
UserName Copied to Clipboard
Windows Account Synchronization

Regards
Click Studios

Passwordstate 5.5 Released

Hello Everyone,

Click Studios is very pleased to announce the availability of Version 5.5 of Passwordstate with 30 new features, updates and bug fixes in total. Notable changes are:

  • Added Authorized Web Server functionality whereby you must now specify which web server names are hosting the Passwordstate web site. This mitigates against database theft, and hosting in an untrusted environment
  • A new Delta Permissions Email Notification report which alerts Password List Administrators of prior and post permission changes to Password Lists
  • You can now choose to send all Auditing data to a syslog server
  • Enumerated Password Permissions Report which shows access for all users accounts, even if permissions were applied via security group membership
  • Secondary authentication options for securing access to Password Lists and navigation Tabs
  • User must provide reason for accessing password value – either copy to clipboard, or view on screen
  • One-Time Access is now possible for password records – as soon as a password is viewed or copied, the user’s access is removed

You can download the latest release from here – http://www.clickstudios.com.au/downloads/passwordstate.zip, or watch the following short video showing some of the new features.

Passwordstate 5.3 Released

Hi All,

Click Studios is pleased to announce the availability of Version 5.3 of Passwordstate, which includes 13 new features, 8 enhancements & 12 bug fixes. Notable changes are:

  • We’ve introduced a new feature called Emergency Access. This access is only meant to be used when other forms of user authentication are not possible i.e. AD is unavailable, or users are unavailable
  • Recycle Bin for deleted passwords. You can now restore deleted passwords from the recycled bin if required
  • You can now specify which users (all, none, individuals or security groups members) can create Password Lists, Password Folders, Administer Password List Templates, or request access to passwords
  • Provided the feature whereby you can link passwords copying them between Password Lists – all details are synchronized between Password Lists
  • Multiple Password Generator options are now possible allowing you to assign each Password Generator to different Password Lists
  • User can now choose exactly which email notifications they would like to receive or suppress
  • You can now synchronize the enabled/disabled status of an Active Directory account in Passwordstate
  • When an Active Directory account is deleted, you can now either choose to delete, disable or ignore the matching user account in Passwordstate
  • Modify permissions for Password Lists now has the following options – Add, Edit or Delete passwords
  • When users has ‘Guest’ access to a Password List, you can now choose to allow them to also create new password records
  • You can now choose to receive a Daily Audit Report via email showing the past days activities for the Password Lists you have access to
  • Provided the option to disable the feature which allows you to purge all auditing records
  • Provided option to View or Email another user a direct link to a Password record

You can download the latest release from this location http://www.clickstudios.com.au/downloads/passwordstate.zip, and upgrade instructions are included in the download.

Regards
Click Studios

 

Password Attachments

Hello All,

In the upcoming release of Version 5.2 of Passwordstate we will be introducing a feature whereby you can upload/attach documents to password records. There is no restriction on what type of file type you can attach, and each time you upload, delete or view attachments, audit records are added to the systems. All attachments are stored within the database, so they can also be replicated to the High Availability instance of Passwordstate as well.

A couple small screenshots are:

Opening Attachments

 

 

 

 

 


Uploading attachments

Passwordstate Version 5.1 Released

Hi Everyone,

Click Studios is very pleased to annouce the availability of Version 5.1 of Passwordstate. We can’t thank our customers enough for their feature suggestions, and working with us to development a better product for everyone.

To upgrade to version 5.1, download from here http://www.clickstudios.com.au/downloads/passwordstate.zip, and follow these instructions – http://www.clickstudios.com.au/downloads/Upgrade_Instructions.pdf.

Please Note: Version 5.1 introduces the feature of continuous sharing of the Password Lists Navigation Tree with other users who have access to the same Password Lists. Because of this change, this upgrade will remove any nesting of Password Lists in the tree view which you may have created, and this will need to be redone once the upgrade is complete.

Changes in this version are:
[Read more…]

Passwordstate 5.0 Update – Build 5006

Hello everyone,

We have a few updates for Passwordstate, with the following changes:

  • Fix – The Image dropdown list was cutoff at the bottom of the browser when adding or editing Password Lists. Only effected small screen resolutions
  • Fix – When an unregistered users browses to the Passwordstate web site they receive the error – ‘Incorrect syntax near…. DEFAULT’
  • Fix – When exporting data to csv, some non-english character sets where not being translated correctly
  • Fix – Improved memory consumption for w3wp.exe process (IIS Worker Process)
  • Updated – Updated to the latest version of ASP.NET Ajax controls
  • Updated – Updated logout screen to provide the option to log back in

If you are experiencing these bugs and wish to upgrade, please follow these instructions:

  • Download the latest copy of Passwordstate from here – http://www.clickstudios.com.au/downloads/passwordstate.zip
  • Backup your passwordstate5 database
  • Take a copy of the web.config file in the root of the Passwordstate folder
  • Take a copy of the files in /images/lookupimages and /App_Data/RadSpell (only required if you’ve added new Account Type Images or added custom words to the Editor’s dictionary)
  • Uninstall Passwordstate from Control Panel (please note your database will not be touched during the uninstall)
  • Once uninstalled, reinstall Passwordstate
  • Replace the web.config and other files file from steps 3 & 4
  • Restart the Windows Service ‘Passwordstate Service’
  • If you have modified the standard ‘passwordstate’ cname DNS entry for the web site, or configured the web site to use a SSL certificate, you will need to redo these steps

Regards
Click Studios

Passwordstate 5 Beta Available

Hello All,

After more than 6 months of development, our first beta of Passwordstate 5 is now available for download.

If you’re interested in testing version 5, please contact us at support@clickstudios.com.au as we’ll need to generate a new license key for you. You can download version 5 from here Passwordstate 5 Beta, and the installation instructions are included within the zip file.

Passwordstate 5 Beta

Some of the new features in version 5 are:

[Read more…]