Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. We have been testing / using PasswordState for several months on a Windows 10 PC. We decided to continue using it and placed it on a Windows 10 virtual machine. The build on the VM is 8180 and I believe we had 8165 installed before. We did a backup on the old machine and restored it onto the new build on the VM. Since this has been completed, we have been having issues with a "Master template" we have been using for the Password List. Now, we are REQUIRED to enter a "Account Type" and "Domain or Host". We do not want those field to be required, but cannot find out where this has become required to change it. Any help at all would be appreciated! Chuck
  3. Today
  4. Hi again! Eyeing your page on the secure design and implementation of PasswordState, I noticed that it's not yet possible to integrate with HSMs: Hardware Security Modules. Right now, when installing PasswordState, we're given a password-protected ZIP file that has the encryption keys to the password database. These are a vulnerable target and will be a sought-after prize for any attacker. Instead of handling the encryption keys in such a manner, I would like to request that PasswordState be remodeled in such a way that all crypto keys can be locked away in an HSM. I've already put Thales nShield HSMs to good use in other use-cases and environments, and they've proven very valuable. Not only does an HSM ensure that your keys will never be stolen (if implemented correctly), depending on the make and model they will also ensure safe and secure backups of the keys. Many HSMs integrate nicely with Microsofts CNG API, thus providing a standard method for applications to hook into them.
  5. More verbose access log

    Too true 'Buckit'. We received support calls all the time from customers where they have enabled an option, but then completely forgot about it later on
  6. More verbose access log

    Not necessarily. There's a reason why "I swear I didn't change a thing!" is one of the oft-heard excuses at /r/talesfromtechsupport.
  7. Yesterday
  8. I just noticed i need to use the Standard Fields (had it unchecked) and not the Generic Fields And Firefox addon is bugging for me. Work´s good now in IE and Chrome Thanks
  9. Permissions for generating API key

    Yup! You will find the menu-bar configuration under Administration > Feature Access > Menu Access. There, you can define permissions for menu-blocks (Tools, Reports, Preferences, Help), but also per-item in each menu-block. In my case, I've set up the menus in such a way that my default users cannot see anything besides the "Request access..." items in the Passwords menu. All the other options are reserved to administrators and senior users.
  10. Permissions for generating API key

    Ah, so there's another setting somewhere controlling this. Thanks for letting me know, again couldn't find it using google, pdf, help search.
  11. More verbose access log

    Thanks Azkabahn - we appreciate it.
  12. Permissions for generating API key

    Hello Valentijn , The link in the Help menu is visible to all users by default - you must have changed this in the Feature Access menu in the Administration area? Regards Click Studios
  13. Permissions for generating API key

    Thanks, but the question is not where to find the documentation but how users can find it. Currently the link in the help menu is hidden, even when the user has permission to toggle the API key visibility. It seems that the visiblity of the menu item is linked to whether the user can generate api keys, where it might seems more logical to link it to the permission of being able to toggle the api key visibility? Also, it only hides the link from the menu. The link still works, so it is not really a security control. There may also be users that may want to consult the api documentation even if they do not _yet_ have permission to use it / see API keys. So my suggestions: - Make the link to api documentation always visible - Make the search function in the help section return a pointer to the api documentation in some way.
  14. More verbose access log

    What Buckit is saying is very true as well in some cases. This kind of logging would make life a bit easier for security admins to do an investigation. In some cases, the users complain that something is wrong after quite some time and it's really difficult to trace back and figure it out what has been changed. The only option is to restore the backup to test instance and do the comparison :)
  15. Backup account: use a managed account

    Hi Guys, Just letting you know that we've released Build 8204 today which includes this feature request - thanks for the suggestion Regards Click Studios
  16. Hi Everyone, Today we have release build 8204, which includes 17 updates and 7 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios
  17. Last week
  18. Hello HA4g3n, Private Lists are configured with the URL selected by default. Also, there is the following System Setting below (under Password List Options tab) to automatically provision a new Private List for all new user accounts added into Passwordstate. Regards Click Studios
  19. Ahh, nice! But i forgot to mention so the users don't need to create a Private Password List manually and it works with URL field "out of the box" if possible, a pre cloned private list with URL field. Is there a way of accomplish this? Thanks
  20. Bulk Import from Password Safe

    Hi Sarge Probably you can use my script: Best regards, Fabian
  21. Nope, not seeing that because we have zero email capabilities, hence why I'd like to have more built-in logging capabilities.
  22. Bug report: API vs WINAP in examples

    Well that's embarrassing We'll get that fixed for the next release. Regards Click Studios
  23. Permissions for generating API key

    Thanks Buckit
  24. Bulk Password Resets

    Hi, Yes, that is correct. You can do Host filtering in your Account Discovery Job, but with 4600 workstations to interrogate, it will take some time - especially if some are turned off, as the script first needs to timeout before it moves on to the next Host. Regards Click Studios
  25. Tagging, flagging, or sharing passwords

    Excellent - thanks.
  26. Hello, None of the browser developers allow this anymore unfortunately - event in IE 11. They done this for security reasons. Regards Click Studios
  27. More verbose access log

    Hi Guys, At this stage it is not possible. We would need to figure out some logical manner of reporting on changes, as there are quite a few options and fields which can be changed. "And sometimes the user will try to actively hide what they've done" - sound like someone might have some staffing issues Regards Click Studios
  1. Load more activity