Allowed IP Ranges in Passwordstate

Hi Everyone,

We’ve just added a small, but important feature in version 6 of Passwordstate called Allowed IP Ranges. This features allows you to restrict which IP addresses are allowed to browse to the Passwordstate web site, and can be specified in the following format:

Individual IP Address – 192.168.1.50
Entire Subnets – 192.168.1.*
Subnet Ranges – 192.168.1.50-192.168.1.254

In the event you make a mistake in specifying Allowed IP Ranges and lock yourself out of Passwordstate, you can always gain access via logging on directly to your web server, or via the Emergency Access account. Here’s a screenshot of where you can specify the settings:

Allowed IP Ranges in Passwordstate

Regards
Click Studios

Two-Factor Authentication with RSA SecurID

Hi Everyone,

As of today, we’ve finished implementing two-factor authentication in Passwordstate V6, using RSA’s SecurID solution. Once we have a beta of Version 6 available, we’ll be asking for testers of this functionality, as we’ve only been able to test using RSA Authentication Manager 7.1 SP4 Patch 22 – the Authentication Agent library we’re using is meant to be compatible with Authentication Manager 6.x, 7.x and the upcoming 8.x – due for release later this month.

Configuring Passwordstate to use SecurID is a fairly simple process, and we’ve written up specific documentation to assist customers with the initial configuration. Once done, you will be able to choose anyone of the following options:

  • Secure access to Passwordstate using SecurID Authentication – this is for both installs of either Active Directory authentication, or forms based authentication
  • Secure access to Passwordstate using both AD and SecurID Authentication – obviously only for AD users
  • Secure access to Password Lists using SecurID Authentication

We’ve also added a new option called ‘If one of the SecurID Authentication options are selected, auto-populate the UserID field based on the current logged in user – domain suffix will be dropped if using Active Directory version of Passwordstate’. If your Passwordstate UserID’s are the same format as your SecurID User ID’s, then this makes it a little quicker to authenticate.

Now for some screenshots:

Secure access to Passwordstate using SecurID Authentication

SecurID Authentication

 

Secure access to Passwordstate using both AD and SecurID Authentication

SecurID and AD Authentication

 

Secure access to Password Lists using SecurID Authentication
SecurID Authentication for Password Lists

 

 

We hope you like this feature when version 6 is available.

Two-Factor Authentication with Google Authenticator

Hi Everyone,

We’ve finished adding two-factor authentication using Google’s Authenticator to version 6 of Passwordstate. Google Authenticator is great for smaller companies who can’t afford the investment required to internally host other two-factor authentication solutions such as RSA’s SecurID.

Configuring your Passwordstate account to use Google Authenticator, is quite a simple process:

  • First install Google Authenticator on your mobile device – Android, iOS & Windows Phone
  • Visit the Preferences screen in Passwordstate, and click on the ‘Authentication Options’ tab
  • Select the ‘Google Authenticator’ option from the Authentication dropdown list
  • Generate a new barcode/secret key
  • Scan the barcode into Google Authenticator on your mobile/cell device, or manually type in the secret key
  • Click on the ‘Save’ button to save the secret key to your Passwordstate account.

Google Authenticator Settings

Once you have successfully enabled Google Authenticator with Passwordstate and on your mobile/cell device, then you will be presented with the following login screen next time you visit Passwordstate.

Passwordstate Google Authenticator Login

You will now have a maximum of 60 seconds to copy the verification code from your mobile/cell device (image below), into Passwordstate. After 60 seconds, a new verification code will appear on your device.

Google Authenticator for Android

 

We hope you like this new feature once version 6 of Passwordstate is released, and please leave us any comments you like regarding the feature.

Regards
Click Studios

Display Auditing Data Graphically in Passwordstate

In Version 6 of Passwordstate, we’ve added a new page called Auditing Graphs.

This page will allow you to filter on any of the 58 current audit record types, by platform (web, mobile, API or Windows Service), and by various duration’s – 6 months through to 3 years. Once you’ve selected your options, hit the Refresh button and the graph will be redrawn.

We’ve also listed all the Audit Activities and the end of this post, and this list will grow as we develop more features in the API, and start to develop the mobile client.

View audit data graphically in Passwordstate.

Access Granted
Access Removed
Access Updated
All Passwords Exported
Audit Records Purged
Document Deleted
Document Updated
Document Uploaded
Document Viewed
Email Sent
Email Template Enabled
Email Template Disabled
Email Template Updated
Emergency Access Event
Failed API Call
Handshake Approval Requested
Login Attempt Failed
Login Attempt Succeeded
Password Added
Password Copied to Clipboard
Password Deleted
Password History Exported
Password History Retrieved
Password List Added
Password List Authentication
Password List Deleted
Password List Retrieved
Password List Updated
Password Restored
Password Retrieved
Password Screen Opened
Password Updated
Password Viewed
Passwords Exported
Reporting
Security Administrator Added
Security Administrator Removed
Security Administrator Role Updated
Security Group Added
Security Group Updated
Security Group Deleted
Tab Authentication
Template Access Granted
Template Access Removed
Template Access Updated
Template Added
Template Deleted
Template Updated
User Account Added
User Account Added to Security Group
User Account Disabled
User Account Enabled
User Account Updated
User Account Deleted
User Accounts Exported
User Removed From Security Group
UserName Copied to Clipboard
Windows Account Synchronization

Regards
Click Studios

Checkout the amount of features we now have for Password Lists

Hello Everyone,

We’ve been gradually adding more and more features to Passwordstate, with the majority being suggestions from our fantastic customers – thanks guys. The following is a summary of features specific to Password Lists which are now available.

Password List Details
Image: You can choose an image to display in the Password List Navigation Tree
Password Strength Policy: Your Security Administrators of Passwordstate can create multiple Password Strength Policies, and they will all show under this dropdown field
Password Generator: Choose from one of the Password Generator options your Security Administrators can create – any time you see the little Calculator icon, you can
Code Page: Used for exporting data in the correct character encoding
Additional Authentication: When you click on a Password List in the navigation tree, you can choose to first make your users provide another level of authentication before you can access the Password List

Password List Settings
Allow Password List to be Exported
: Allow or disallow Security Administrators/List Administrators from exporting the contents of the Password List
Time Based Access Mandatory: Enforce one of the Time Based Access options – expire at a certain time for Password Lists, or for individual password records you can specify time-based, when the password changes, or one-time access
Handshake Approval Madnatory: Enforce the rule of two users needing to approve access prior to it being given
Prevent Password Reuse: You can specify the last (n) number of passwords cannot be reused
Prevent Non-Admin users from Dragging and Dropping the Password List: This relates to dragging and dropping Password Lists in the navigation tree
Prevent saving of Password records if a ‘Bad’ password is detected: Your Security Administrators controls the list of what is deemed to be a Bad password
Users must first specify a reason why they need to view, edit or copy passwords: By selecting this option, the users will be presented with a dialog asking them to provide a reason why the need to access the record. This reason is then stored in the auditing table
Prevent Non-Admin users from manually changing values in Expiry Date fields: If you have View or Modify access to a Password List, then you won’t be able to change the Expiry Date field if this option is selected
Reset Expiry Date field to Current Date +…: When this option is selected, changing the value of the password field will automatically update the Expiry Date field
Additional Authentication only required once per session: If you have chosen an ‘Additional Authentication’ option for this Password List, you can enforce users to authentication once for an active session, or every time they try to access the Password List

Copy Details & Settings From
This option allows you to clone settings from existing Password Lists, or any Password List template you have access to. This saves you on having to select all of the options mentioned above

Copy Permissions From
By selecting this option, you can quickly apply new permissions to this Password List, by either cloning the permissions on another Password List, or Password List Template

Regards
Click Studios

Passwordstate 5.5 Released

Hello Everyone,

Click Studios is very pleased to announce the availability of Version 5.5 of Passwordstate with 30 new features, updates and bug fixes in total. Notable changes are:

  • Added Authorized Web Server functionality whereby you must now specify which web server names are hosting the Passwordstate web site. This mitigates against database theft, and hosting in an untrusted environment
  • A new Delta Permissions Email Notification report which alerts Password List Administrators of prior and post permission changes to Password Lists
  • You can now choose to send all Auditing data to a syslog server
  • Enumerated Password Permissions Report which shows access for all users accounts, even if permissions were applied via security group membership
  • Secondary authentication options for securing access to Password Lists and navigation Tabs
  • User must provide reason for accessing password value – either copy to clipboard, or view on screen
  • One-Time Access is now possible for password records – as soon as a password is viewed or copied, the user’s access is removed

You can download the latest release from here – http://www.clickstudios.com.au/downloads/passwordstate.zip, or watch the following short video showing some of the new features.

Customized Fields and Screens

We had an interesting conversation with a customer recently, in that they weren’t aware they could choose which fields they would like to associate with a Password List, or that they could customize the look and feel of the main passwords screen.  To help other customers who may not be aware, we thought we’d write this post.

Customized Fields
When you first create a new Password List, you will see various tabs on the screen. The ‘Customize Fields’  tab is where you can specify which fields you would like to use, which ones you would like to make mandatory for data entry, and also gives you the option to rename any generic fields you choose to use.

If you already have an existing Password List you would like to modify, Administrators of the Password List can do so by selecting ‘Edit Password List Details’ from the ‘List Administrators Actions’ drop-down list.

Once you have the edit screen open, then you can change the fields by clicking on the ‘Customize Fields’ tab again.

 

Customizing the Passwords Screen
To customize how the password screen appears, you can click on the ‘Screen Options’ button at the top of the page.

Once you have clicked this button, the following tabs will be available to you:

  • Password Columns – Allows you to choose which fields you would like displayed on the grid. If you hide some fields from the grid view, they are still available when you add or edit passwords. You can also choose to apply these field view settings to one or more Password Lists under the section ‘Apply to the following Password Lists’.
  • Passwords Grid – Allows you to choose how many records to display in the grid view, and whether you want to show the Header, Footer or Filters for the grid – as the name implies, Filters allows you to filter contents of the grid based on the values you specify for one or more fields
  • Recent Activity Grid – Similar to the ‘Passwords Grid’ tab, except this is for the auditing grid at the bottom of the screen. Difference here is you can choose to hide this grid completely if required
  • Pager Style – once the number of passwords exceeds the number of rows you want to display in the password grid, a ‘Pager’ will be displayed at the bottom of the grid, allowing you to page through the records. On this tab, you can choose the style of the pager you want displayed – either Buttons or a Slider
  • Chart Settings – To the right of the passwords grid, you can have two charts displayed if you choose – one for a summarized view of the password strength for all passwords in the Password List, and the other for who is most active in making changes in this Password List

 

Regards
Click Studios

Time-Based Access to Passwords and Passwordstate

A couple of features we’ve had for quite some time now is Time-Based Access to Passwords, or to Passwordstate itself. To start with, we’ll show you time-based access to Password Lists:

Time-Based Access to Password Lists

When applying permissions to a Password List, you will notice a tab called ‘Time Based Access’. By clicking on this tab you can set the access to expire automatically at a specific time, or by a certain number of days, hours and minutes into the future.

After you have set the expiry date for the access, a new icon will be shown in the ‘Expires’ column of the Password Lists Permission page:

The Passwordstate Windows Service checks every one minute if any access has expired, and removes permissions if appropriate.

Time-Based Access to Passwordstate

Another useful feature is to automatically remove or disable a user’s account in Passwordstate at a set time. The screen for configuring expiry of an account is similar to the one for Password Lists, except this time you can also choose to disable or delete the user’s account.

This feature is very useful if you have contractors working in your organization, or if you have an employee leaving at a known time.

Regards

Click Studios

Passwordstate – Password Management Software

Synchronize Passwords with Active Directory

As of version 5.4 of Passwordstate, it’s now possible to synchronize passwords in Passwordstate with either Active Directory or local Windows Servers.

In order for a Password List to be ‘ready’ for synchronization, the following ‘Customized Fields’ are required for the Password List:

  • You must select the ‘User Name’ field
  • You must select one Generic Field and label it ‘Domain or Host’
  • You must select the ‘Account Type’ field

When a Password List is ready for synchronization, you will see the following graphic at the top-right hand side of the Password grid:

Now, when you edit a record, you will see the following screen:

  • 1 – You must select the ‘Account Type’ of Windows
  • 2 – The ‘Account Synchronization Enabled’ indicator will be shown
  • 3 – This icon allows you to confirm the password you are enter matches what’s stored in Active Directory or on the local Windows Server
  • 4 – This is what you click on to save the record in Passwordstate, and to change (sync) the password in Active Directory or local Windows Server

Note: When adding a new password record to Passwordstate, you cannot also add the account into Active Directory or local Windows Server, however you can confirm the password is correct by clicking on the Check Password icon.

As of Build 5416, we also have a report which you can run for Password Lists which validates in real-time if the passwords are synchronized. You will see the following drop-down menu option if the Password List is ‘ready’ for synchronization:


Troubleshooting Sync Issues

It’s possible that synchronization may not work with the default settings, due to different security restrictions customers may place on their Active Directory environment. If you receive a popup message when synchronizing to say there was an error, and to check your settings, you may need to specify an appropriate domain account to synchronize with. On the screen Administration -> System Settings -> Active Directory Options Tab, you can specify an account as per the screenshot below.

If you still have issues after this, something else which may be required is specifying the same AD account to use as the Application Pool identity in IIS – you can following the instructions in our installation documentation labelled ’11. Active Directory & IIS Application Pool.

adsync1

 

We hope you like to new feature, and look forward to hearing any feedback from you.

Regards
Click Studios
Passwordstate – Secure Password Manager

Video – Password Recycle Bin

Hi Everyone,

The following video demonstrates how to use the Recycle Bin feature within Passwordstate. Any questions at all about the feature, please don’t hesitate to ask.

Regards
Click Studios