Jump to content


Popular Content

Showing content with the highest reputation since 11/15/18 in all areas

  1. 2 points

    Another request for info

    Hi Steve, Thanks again for your request, and kind words I will email you directly over the weekend regarding this, as we don't like to publicly disclose certain information like this, as many customers are still on older builds of Passwordstate - and we do not wish to put them at risk. Regards Click Studios
  2. 2 points

    Multi language support

    +1 For legal reasons, we need to translate certain messages into our native language. Like Jasper says, it would take a lot of time to translate the entire product. However, some kind of a translate table in the database would do the trick for me. In this way, i can be quite easy for administrators to translate words the way they like. Kind regards, Jeffrey
  3. 1 point

    Title in Google Authenticator

    Aswell it would be nice to add an image/logo - which has been specified under branding ;-)
  4. 1 point
    Hi tburke, Can you try to change the URL under Administration -> System Settings -> Miscellaneous to the most recent URL you have in bindings? After saving this, you should be able to save the API key. Please let me know if this doesn't help, or if you have any issues with the import! Regards, Support..
  5. 1 point
    Steve D.

    Another request for info

    Gents, I gave a second demo of the test environment to more of our InfoSec team this week. They continue to be impressed with the product, including a senior resource that is particularly hard to impress. (thanks for that. :)) I'm pretty sure pws is now the front runner for company wide password management tools that are being evaluated by them. I'm busy granting them access to the test environment so they can test configuration and do some pen testing themselves. They have been reviewing information on the www site and have run across references to CS having outside parties perform pentests on the product. They asked me to see if I could get more detailed information about that. What group/s performed the pentests, on what schedule, and perhaps a summary of results. They are evaluating how far they want to extend it at this point I suspect. Weather to expose it to the "outside" or contain it to the corporate lan. There is discussion of doing multiple implementations to break out types of lists and groups so breach of one implementation doesn't expose the entire environment. I'm working to show them the ease and speed which the product provides for correction once such a breach is detected but they may still want to split this into multiple implementations. They are also asking questions about something I asked previously regarding the ability to implement multiple www servers and filter list type access based on the www access point used. They want to prevent shared lists from being exposed on an access point deployed in the cloud for inet access while giving users access to their personal lists. VPN or secure lan access grants all lists. Can this be slotted as a feature request? Can you point me at more detailed info about the pentests please? Thanks, Steve D.
  6. 1 point

    Another request for info

    Hi Buckit - just emailed you the same info. Regards Click Studios
  7. 1 point

    URGENT - upgrading from 7.6 failed

    Hi Scot, We don't think there's an easy fix for this, as we've never seen these errors before. It almost looks like possibly some Anti-Virus software is killing sessions on your web server during the upgrade - although this is just a guess based on the 'Thread was being aborted" errors. Do you have any AV Software on your web server? If so, can you try disabling/uninstalling it, then restore a backup of your database. Once you've done this, and restart your browser, it should prompt again to try and upgrade the database. Regards Click Studios
  8. 1 point
    I agree the query works fine, but it requires SQL access. I wouldn't want to allow too many servicedesk people access to the database (and bypassing audit logs). So would be nice to have the report in place. The primary usecase I would use this report is when/before deleting a user. So ideally the report would be "Password lists for which a user is the only admin".
  9. 1 point
    Hi Click Studios, For Self Destruct Messages, its already possible to enforce the use of Passphrase protection for every message sent. I would like to have an option to enforce this for external contacts only. External contacts can be defined as: - Contact doesn't exists in address book - Whitelist domains which are considered as internal domains. In certain situations, we like to share passwords with customers of technical support teams. As the Password is "leaving" the corporate network, we would like to enforce this extra layer of protection. Thanks for your consideration Regards, Jeffrey
  10. 1 point
    Hello Support, we are trying to implement the Remote Session Launcher in our environment. The Passwordstate is already published through a reverse-proxy and is working without any issues. However, when we try to start a remote desktop, we get an error page saying, "Web Proxy Gateway Connection Issue". We can however perform the gateway SSL Connection test without any issues. When capturing the traffic using Wireshark, we noticed that when we start the Remote Session, it switches from HTTPS to WSS (WebSockets Secure) protocol. Can you please conform that this is by design? Thanks in advance!
  11. 1 point

    Title in Google Authenticator

    Jasper, I'm not sure if they will want to add an option to do this...but it could be handy for those that want to customize it. In the meantime, you can create your own barcode via the following format: otpauth://totp/Passwordstate?secret=XXXXXXXXXXXXXXXX&issuer=Password´╗┐state Just grab the secret from your authentication options page and run it through a QR generator. I made a simple PowerShell module to generate custom QR codes... https://github.com/arnydo/qrgenerator/blob/master/invoke-qrgenerator.ps1
  12. 1 point

    Title in Google Authenticator

    Hey! I will do some testing but it was either the "issuer" or the "label" that was missing and some authenticator apps did not show "Passwordstate". Ill see which one it was and report back.
  13. 1 point

    Title in Google Authenticator

    Hi Guys, We use the issuer parameter here, as per the following: "otpauth://totp/{0}?secret={1}&issuer=Passwordstate" Are you wanting to change this from Passwordstate? If so, can we ask why as this does accurately identify the account in Google Authenticator. Regards Click Studios
  14. 1 point

    Title in Google Authenticator

    Hey Jasper. I brought this up quite a bit ago but didn't see any updates yet. It looks like they are not including the "Issuer" parameter when generating the QR codes. Some authenticator apps use this for the Title. Others just use the Label. I have been generating my own QR codes for a separate application and this works as expected. The URI should be similar to: otpauth://totp/Passwordstate:SmithJ?secret=JBSWY3DPEHPK3PXP&issuer=PasswordState https://github.com/google/google-authenticator/wiki/Key-Uri-Format
  15. 1 point

    Freeipa Users

    Passwordstate with LDAP integration is something I requested some time ago, under tracking ID PS-1992. Assuming theres enough demand for it, it would allow integration with IPA for authentication and host discovery. IPA is a bundle of tools, ldap being one of the tools it bundles. We also use IPA for our Linux servers authentication. Assuming wkleinhenz would like this as a feature request, I'd have to +1 it.
  16. 1 point
    Hello, Thanks for your request. As a work around, you could run the SQL Query below. Any Password Lists with a TotalPermissions of 0, means there is no Admin on the list. USE Passwordstate SELECT PasswordLists.PasswordListID, PasswordLists.PasswordList, PasswordLists.Description, PasswordLists.TreePath, (SELECT COUNT(PasswordListID) FROM [PasswordListsACL] PSSWD WHERE (PSSWD.PasswordListID = PasswordLists.PasswordListID) AND (PSSWD.Permissions = 'A')) As TotalPermissions FROM [PasswordLists] WHERE (PasswordLists.PrivatePasswordList = 0) AND (PasswordLists.Folder <> 1) GROUP BY PasswordLists.PasswordListID, PasswordLists.PasswordList, PasswordLists.Description, PasswordLists.TreePath ORDER BY PasswordLists.PasswordList Regards Click Studios