Mobile Client Support in Passwordstate

In the upcoming release of Version 6.2 of Passwordstate, we will have Mobile Client support for iOS, Android, Windows 8 Phone and Blackberry. In this blog post, we will run through some detail for User and System Preferences for the Mobile Client, as well as the features available in the Mobile Client itself.

User Preferences

On the ‘Preferences’ screen on the main Passwordstate web site, you will find various settings which control how the Mobile Client will behave for you. Below is an explanation of each of these settings.

Default Home Page You can either choose your default home page to browse/filter all the Password Lists you have access to, or go straight to a screen where you can search for the password record you require
Limit the Number of Records to As cellular/mobile networks are typically slower than local networks, it’s recommended you limit the number of records returned to help with performance.
Mobile Pin Number The Pin Number you will use to authenticate with when using the Mobile Client – this is in conjunction with your UserID for Passwordstate

 

System Settings

The Mobile Access Options tab on the screen Administration -> System Settings allows you to specify multiple settings for how the Passwordstate Mobile Client behaves for your users.

Allow Mobile clients to access Passwordstate:
If you do not wish to allow Mobile Access to passwords, you can disable access altogether by selecting this option.

  • Note 1: If you choose to disable Mobile Access, it is recommended you set the option below to ‘No’, and then go to the screen Administration -> Passwords Lists -> Mobile Access Bulk Permissions, and then disable Mobile Access for all permissions
  • Note 2: Even if this option is enabled, your Firewall/System Administrators still need to configure external DNS and allow access through the firewall for anyone to access the Mobile Client web site

 

When adding new permissions to Password Lists, enabled Mobile Access by default:
When adding new permissions to a Password List, you can use to enable/disable Mobile Access by selecting the appropriate option here.

The Mobile Access Pin Number for user authentication must be a minimum length of:
You can choose the length of the Mobile Access Pin Number the users must use to authenticate with. When the users specify their own Pin Number on the Preferences screen, or use the option to generate one, it must meet the minimum length requirement of this setting.

The Inactivity Timeout for Mobile Access is (mins)
If the user forgets to log out of the Mobile session, this setting will automatically log them out after the set period of inactivity, and also clear their authenticated session.

Protect against brute force dictionary authentication attempts by locking out an active session after the following number of failed login attempts:
As the Mobile Access web site is generally externally accessible from your internal network, this setting will mitigate against any brute force authentication attempts by locking out authentication attempts when this setting has been reached.

 

 

Mobile Client Permissions

In addition to enabling Mobile Access for your users on the System Settings screen, access is also granted via applying permissions at the Password List level.

As you’re able to apply permissions at the Password List level, this means you don’t need to expose all passwords via the Mobile Access Client if you don’t want to.

Enabling/Disabling Mobile Access when Adding New Permissions
When you add new permissions to a Password List, you can choose to enable/disable Mobile Access using the ‘Mobile Access’ option on the screen.

Enabling/Disabling Mobile Access for Existing Permissions
With the permissions already applied to your Password Lists, you can choose to enable/disable Mobile Access by selecting the ‘Enable/Disable Mobile Access’ option under the ‘Actions’ dropdown menu.

 

Enabling/Disabling Mobile Access Permissions in Bulk
If you would like to enable/disable Mobile Access permissions for more than one Password List at a time, then you can do so via the page Administration -> Password Lists -> Mobile Access Bulk Permissions.

 

Mobile Client Usage

This following information provides instructions for how to use the Mobile Client itself. The following features are currently available in the Mobile Client:

  • Authentication
  • Browse/Search Password Lists that you have access to
  • Browse/Search Passwords within a selected Password List
  • Search for an individual password record, across all the Password List you have access to – similar to searching on the ‘Passwords Home’ page on the normal Passwordstate web site
  • View password records


Mobile Client Authentication
To authenticate using the mobile client, you need to specify your account’s UserID and the Pin Number associated with it.

Note: If using the AD Integrated version of Passwordstate, it’s not necessary to specify the UserID in the format of Domain\UserID – you can simply type just the UserID. The only exception to this would be if you had multiple Active Directory domains registered in Passwordstate, and there were duplicate logon names in AD.

 

Browsing/Filtering Password Lists
After you have authenticated, the default home screen is the one below which allows you to browse all the Password Lists your account has been given access to. A couple things to note about this screen are:

  1. The number of records displayed may be limited by the setting ‘Limit the Number of Records to’ on your User Preferences screen
  2. When searching/filtering Password Lists, you can search by the Title of the Password List, and also the Tree Path of the Password List in the Navigation Tree (the Tree Path is the logical structure/path of where the Password List is positioned in the Password List Navigation Tree on the main web site)

Browsing/Filtering Passwords for the selected Password List
After you have tapped on the appropriate Password List, you will be directed to the screen below which allows you to browse all the passwords in the selected Password List. A couple things to note about this screen are:

  1. The number of records displayed may be limited by the setting ‘Limit the Number of Records to’ on your User Preferences screen
  2. When searching/filtering passwords, you can search across all of the fields which can be configured for a Password record i.e. Title, Description, UserName, URL, Generic Fields, etc. The only fields you can’t search are the one’s which are encrypted i.e. the Password field, and any Generic Fields set as type ‘Password’

 

Viewing a Password Record
When you tap on one of the Password records on the screens above, you will be directed to the screen below where you can view the details of the password record. A couple of things to note about this screen are:

  1. An auditing record will be added, as you have viewed the details of this password record. If enabled in the main web site settings, any other users who have access to this password record will receive an email notification informing them you have accessed it
  2. Most mobile devices allow you to copy details to the clipboard if required, and majority of fields on this screen will allow you to copy their details
  3. If there are any ‘One-Time Access’ permissions enabled for this password record for your account, your access will automatically be removed after you have viewed the record

 

Password Search Home Page
If you have selected ‘Passwords Search’ as your default home page on the User Preferences screen, you will be directed to the screen below after you have authenticated. From here you can search for a password record across all of the Password Lists you have been given access to. This is a similar search feature which you will find on the ‘Passwords Home’ in the main web client.

 

When searching for Password records this way, a little more detail is shown on the screen so you know which Password List the password record belongs to.

 

Logging Out of the Mobile Client
When you tap on the ‘Exit’ button on the top right-hand side of the screen, you will be directed to the screen below and your Mobile Access session will be ended. If your leave your session inactive longer than the setting specified on the System Settings page, you will also be automatically logged out and directed to this screen.