Jump to content


Popular Content

Showing content with the highest reputation since 03/13/14 in all areas

  1. 3 points

    Recycle Bin Options

    Hi, I would like to place this Feature Request here because I found nothing about it in the manuals. A member of a team here in my company using Passwordstate V8.3 (one of latest builds) was asking me - When are the accounts in the Recycle Bin deleted permanently? So I went to the System Settings Tab and tried to find out any option to set here but I found nothing about it. It would be nice to get such a feature to enable the auto delete for Recycle Bin's in order to delete accounts older (with regards to the deletion date) than e.g. 90 days. In addition to that it would be nice if a deletion date could be displayed in the "Recycle Bin view". Thanks Best Regards Philipp
  2. 3 points
    I would like to enforce a time limit for how long (in minutes) the contents of the SDM is available when opened. With the current configuration settings, recipients might forget to close their browsers, leave their computers without locking etcetera. With internal users this is normally not a problem as we can both train and restrict them using either technical or HR policies, but with the new (great) functionality in SDM more and more messages are sent to external parties.
  3. 3 points

    MFA - "Remember Me" Option

    Good morning, We would be interested in a feature to allow an option for "Remember Me on This Computer for X Days" in regards to entering in a multi-factor authentication token. This is common for most services that allow MFA so that the user is not prompted for a token each time they log in. This can be tedious when logging into PasswordState numerous times a day. As a Security guy I can live with it, but I can see the benefit of it. Details: A new computer/browser will always prompt for MFA. Option to specify timeout (Hours, Minutes, Days, etc) before prompted again.
  4. 2 points
    Hi all, I've some websites on which the Passwordstate browser extension is asking me all the time if I'd like to save a password. This happens e.g. when there are different password fields on a website, like when you manage users with a password field, this will happen all the time. After every form submit Passwordstate is asking if the password should be saved. This is very annoying. If you click "Ignore" (screenshot below), it leads to prevent Passwordstate from filling the form as well. There's currently no way from stopping the browser extension to ask for saving passwords and still let it fill the form. I really would like, if clicking on "ignore" would only prevent asking for saving passwords, but would not stop filling the form. For me it really doesn't even make sense to ask at this point about stop filling forms and I think this is not really obvious as well (that clicking on this ignore button, after entering credentials, will lead to stop filling of other credentials in the form on this site). I guess it's not only confiusing for me and I guess that many people unintended stopped the browser extension from filling the form by clicking on ignore there. From my opinion these are two completely different things: 1. Prevent Passwordstate from filling forms: I think it's good to have this as a user preference setting as it is right now. 2. Prevent Passwordstate from asking about saving a password: I think this should be handled in the browser extension. So here's my actual feature request: 1. Clicking on "ignore" on the screenshot showing above should not stop Passwordstate from filling any forms. Instead it should just stop asking for saving passwords. 2. I really would wish to have something like a checkbox or a switch displayed in the browser extension. There I could control if I would like have Passwordstate asking me to save passwords on the current site (should be enabled by default). A little mockup below, sorry for bad paint skills ;-) If you like this feature request, please post a "+1", highly appreciated! All the best, Fabian
  5. 2 points
    If you need to import all of your data from KeePass into Passwordstate, this is the preferred process due to the below Powershell script keeping the correct format of your KeePass database. We'd like to thank one of our customers Fabian Näf from Switzerland for writing this script for us. He did a great job and it's helped out many of our customers. This import process will create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass structure beneath this. For customers not familiar with Passwordstate, the equivalent of a "Group" in KeePass is a "Password List" in Passwordstate. We also have the concept of "Folders" which allow you to logically group Password Lists together. If you follow the process below, it should create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass group structure beneath this. Process Start: In Passwordstate, identify and note down your System Wide API key from Administration-> System Settings -> API and you will find it under “Anonymous API Settings & Key”. Ensure you save this page after you generate the new key. Create a Password List Template under the Passwords Menu -> Password List Templates. On this template please set the following options and then save the template: Disable the option to prevent the saving of password records if they are found to be a “Bad Password” (screenshot 1 below) Uncheck the option so the Password field is not required, and enable the URL field (screenshot 2 below) Identify and note down the TemplateID by toggling the column visibility (screenshot 3 below) In KeePass, open your database and export the contents to a XML file. This can be executed from File -> Export -> KeePass XML (2.x) Download the script from: https://www.clickstudios.com.au/downloads/import-keepass-xml.zip Extract this zip file and open with Powershell ISE or the straight Powershell shell, if you prefer You will be prompted to answer 5 pieces of information: The username of an existing Passwordstate user you wish to give Admin rights to all Passwords imported during this process. Generally you would just enter your own Passwordstate UserID here as you can modify permissions later and and example format for this is halox\lsand Your Passwordstate URL Your System Wide API key The FolderID you wish to create your KeePass structure under. Enter '0' to create this in the root of Passwords Home, otherwise find the Folder ID of any Folder you like and use this when running the script Your PasswordList Template ID It will ask you to browse to your Exported XML file That’s it, the script will now run through and automatically read all of the information out of the XML file, and import it into Passwordstate. From here, there are a few other things you might want to consider doing after the script has run successfully: You may want to rearrange your folder structure. Ie possibly you might want to create some new folders for each of your teams, and then drag and drop existing Password Lists/Folders inside of them Once you are happy with your Folder structure, you should start applying permissions to either Password Lists or Folders using the following video as a guide: https://www.youtube.com/watch?v=QBJE_xD185U Best practices are to use Security Groups to apply permissions, instead of individual users, if possible Screenshot 1: Screenshot 2: Screenshot 3: Regards, Support
  6. 2 points
    Hi, we just bought the passwordstate enterprise edition for our company and are very satisfied. Because we are a german company i would like to ask if there are any plans for adding the possibility to change the language to for example german. This would be a great feature and would help us to find more user acceptance. Thank you. Kind regards Achim
  7. 2 points
    Hi All, Just letting you know this is now available as of build 8782. Regards Click Studios
  8. 2 points
    Hey Everyone, Just a quick message to say we are very close to releasing a beta of our new Chrome extension. Possibly in the next couple of weeks, and this feature is in the new version:) We'll be announcing the beta release on Social Media soon, and we'll report back here to, and you are all welcome to test it out. Thanks again, Support.
  9. 2 points
    Hi Guys, Just letting you know that we've released build 8627 today, which includes your request mentioned above. Thanks for the suggestion - we appreciate it. Regards Click Studios
  10. 2 points
    Hey BH, No issues at all, and maybe we shouldn't be so sensitive ourselves. We're only a small company, and the hundreds of outstanding feature requests we have can be quite stressful at time, as we want to keep all customers happy - but this is our issue not yours. I'm happy to report that we've now finished this fix for you for the next release, which is scheduled for early next week. I'll post back here again as soon as we release the next build. Thanks again, and have a great weekend. Regards Click Studios
  11. 2 points

    Another request for info

    Hi Steve, Thanks again for your request, and kind words I will email you directly over the weekend regarding this, as we don't like to publicly disclose certain information like this, as many customers are still on older builds of Passwordstate - and we do not wish to put them at risk. Regards Click Studios
  12. 2 points

    Multi language support

    +1 For legal reasons, we need to translate certain messages into our native language. Like Jasper says, it would take a lot of time to translate the entire product. However, some kind of a translate table in the database would do the trick for me. In this way, i can be quite easy for administrators to translate words the way they like. Kind regards, Jeffrey
  13. 2 points
  14. 2 points

    External user access

    Getting there....
  15. 2 points

    Have I Been Pwned offline access

    We've had requests from another thread to make the Have I Been Pwned database available for offline access, so Passwordstate does not need to reach out the the internet to do the checks. This database is somewhere around the 40 gig mark in size. We'd need to find a way to search through 500 million records quickly if we were to implement this, but just putting it out there as a possible feature request. Please upvote if you'd like this investigated. Regards, Support.
  16. 2 points
    Hey there! Here's my updated version with some new features Fixes: UTF8, Check for Folder, htmlsafe notes, a litttle bit errorhandling New: Importing additional KeePass Fields with customized mapping New: Adding not handled additional fields to the Notes field New: Support for File-Attachments New: Support for enabled rights propagation and Linked Templates (not setting rights to an admin) Due to the increased number of options you are not longer prompted for them, instead fill in all options at the top of the config file (see also below) Thanks to Fabian for the initial version. Kind Regards Folke The configuration section looks like this Import-KeePass-XML-2018-08-14.ps1
  17. 2 points

    External user access

    Hey everyone, Thanks for the votes and with a couple of prods from the Reddit community we're going to try to prioritize this one:) We'll report back here with more info when we have it. Regards, Support
  18. 2 points
    Thanks Christopher. We finished this work yesterday, and it will be available in the next build. The supported Hash types will be HMAC HMACMD5 HMACSHA1 HMACSHA256 HMACSHA384 HMACSHA512 MACTripleDES MD5 RIPEMD160 SHA1 SHA256 SHA384 SHA512 Regards Click Studios
  19. 2 points
    Thanks, and I can see the issue now - I just tested this also: You have your Invoke-RestMethod inside the json object - although you probably have moved this out by now And the GenericField1 and Description fields do not have a double quote before the single quote for your PowerShell variables i.e. should be "GenericField1":"'+$ServerName+'", instead of "GenericField1":'+$ServerName+'", I know it's hard to see in this forum, but cut and paste the text above and you will see what I mean. Regards Click Studios
  20. 2 points
    I've developed a script, which uses PowerCLI/API (VMwares powershell-modules), instead of SSH. SSH is by default disabled on ESXi-hosts for security-reasons, and I want to keep it that way As mentioned needs PowerCLI installed on the server (Guide can be found here https://blogs.vmware.com/PowerCLI/2017/08/updating-powercli-powershell-gallery.html). No privileged account needed. Function Set-ESXiPassword { [CmdletBinding()] param ( [String]$HostName, [String]$UserName, [String]$OldPassword, [String]$NewPassword ) try{ $conn=Connect-VIServer $HostName -User $UserName -Password $OldPassword } catch { switch -wildcard ($error[0].Exception.ToString().ToLower()) { "*incorrect user*" { Write-Output "Incorrect username or password on host '$HostName'"; break} "*" {write-output $error[0].Exception.ToString().ToLower();break} } } try{ $change=Set-VMHostAccount -UserAccount $UserName -Password $NewPassword Disconnect-Viserver * -confirm:$false } catch { switch -wildcard ($error[0].Exception.ToString().ToLower()) { "*not currently connected*" {Write-Output "It wasn't possible to connect to '$HostName'";break} "*weak password*" { Write-Output "Failed to execute script correctly against Host '$HostName' for the account '$UserName'. It appears the new password did not meet the password complexity requirements on the host."; break } "*" {write-output $error[0].Exception.ToString().ToLower();break} #Add other wildcard matches here as required default { Write-Output "Success" } } } } Set-ESXiPassword -HostName '[HostName]' -UserName '[UserName]' -OldPassword '[OldPassword]' -NewPassword '[NewPassword]' Regards Stefan
  21. 2 points
    As stated by support, Copy & Link is available between as many lists as desired. Add a custom field, add your 'tags'. Make sure the field isn't encrypted so that it is searchable. We've done this to make it easy to find passwords related to applications or services; and another custom field so we can search by server name. It'd be wonderful to link security items through to hosts that exist in the system rather than using a custom field for it, but it's not a big deal. A drop down field with a simply 'True' 'False' or 'Yes' 'No' values would achieve this. The first value you set in the field is the default value when creating new security items. Radio buttons would also achieve this - you can only select one radio button at a time, so its either true or false.
  22. 2 points

    Temporary access

    Hi Kinglsulgard, Thanks for your interest in our software and we do have a couple of options that you can try to resolve this problem: First solution: I don't think this is what you are after but we have a feature called remote session launcher. This allows you to remote into machines on your network without the need to enter a username and password. You could give your contractors access to this feature, and they do not even need to know the password. This means they will connect to the machine using a username and password that you have pre-configured, and they can then perform their work. As long as they don't need to know the password to do their work, this might be a good option for you. Here's how to set up the Remote Session Launcher: https://www.clickstudios.com.au/community/index.php?/topic/2110-how-to-set-up-the-remote-session-launcher-passwordstate-8/ Here's how to use the remote session launcher without even knowing the password: https://www.clickstudios.com.au/community/index.php?/topic/2112-remote-sessions-without-access-to-password-credentials/ Second Solution: Give the user Time Based access to the individual password, and force the password to be changed once that access runs out. To do this, go to the permissions on the password from the Actions Menu: And then choose the user to grant access to on the access permissions tab, and then on the time based access tab do something like this: If you take this one staep further, and set up the account for automatic password resets, passwordstate will also reset the password on the remote system. An example of this is if you are giving your contractor access to a privileged Active Directory Account, when their time based access runs out, it will reset the password in Passwordstate, and also it will reset it in Active Directory, keeping them in Sync. Please see this forum on how to set up automatic password resets for remote systems, and the Active Directory link is down the bottom: https://www.clickstudios.com.au/community/index.php?/forum/31-password-resets/ Third Solution: This may also be suitable for you, our Password Check Out/Check In feature: https://www.clickstudios.com.au/community/index.php?/topic/1687-using-the-password-check-out-feature/&tab=comments#comment-3368 Hope this helps! Support
  23. 2 points
    Hello HA4g3n, We cannot really use a gMSA account here, because we need to 'Impersonate' the account in code when performing backups and upgrades, and when impersonating you need to specify the password for the account - which is not possible for gMSA accounts. We did finish this feature request yesterday, and it will be available in the next release. Regards Click Studios
  24. 2 points

    New phone when using Google Auth

    Hi Greg, If you go to the screen Administration -> User Accounts, you can email the user a copy of their QR Code - basically it will be a link which takes them back to the Passwordstate web site, where they can scan the QR code in. You will find this option on the Authentication tab for the user's account. Regards Click Studios
  25. 2 points
    Hi Greg, We'll need to consider your request in a future release - maybe we could extend the feature where you can copy and link passwords, but allow you to have unique values on certain fields, instead of exact copies. Regards Click Studios
  26. 1 point
    Hi Fabian. We've found another site we've replicated this with, and we will have a fix in the next few days. It only seems to be certain web servers which cannot handle the trailing /, which is why we have never noticed it before. Regards Click Studios
  27. 1 point
    Hello Beau, I'm so sorry - I misread your original post. We haven't had any other reports of this, so we're not sure of the cause at this stage. Could you try the following to see if it will help: Restart IIS, then try logging into Passwordstate again Clear your cache in Chrome, and then try again Go to the Help Menu in Passwordstate, open the Web API Documentation page, and then open the Standard Documentation - does this load okay And can you check if this is working for any other users? Thanks Click Studios
  28. 1 point
    Hi Kurt, We've seen this a couple of time before if customers have tried to install the launcher more than once - because a configuration file is changed during the install, the uninstaller does not remove it unfortunately. Can you uninstall the launcher, manually delete the folder C:\Program Files (x86)\Passwordstate Remote Session Launcher, and then re-install the launcher again. This should fix it for you, but please let us know if it does not. Regards Click Studios
  29. 1 point
    Hi Greg, Sorry, but this is not possible - we only support the two fields for now, but are planning on looking into this in the future. Regards Click Studios
  30. 1 point
  31. 1 point
    Hi Jeff, As the exports are a password protected zip file, the standard unzip functionality in Windows does not support this. Can you try something like 7zip instead? Regards Click Studios
  32. 1 point

    Title in Google Authenticator

    Hey! I will do some testing but it was either the "issuer" or the "label" that was missing and some authenticator apps did not show "Passwordstate". Ill see which one it was and report back.
  33. 1 point

    Freeipa Users

    Passwordstate with LDAP integration is something I requested some time ago, under tracking ID PS-1992. Assuming theres enough demand for it, it would allow integration with IPA for authentication and host discovery. IPA is a bundle of tools, ldap being one of the tools it bundles. We also use IPA for our Linux servers authentication. Assuming wkleinhenz would like this as a feature request, I'd have to +1 it.
  34. 1 point

    Passing the password to an application

    Extract them via the API and pump them into SAP via its API.
  35. 1 point
    +1 to the Address Book API. At this stage we wouldn't use it, but I can certainly see its benefits.
  36. 1 point

    SAML2 Attribute and Claim Types

    Thanks for confirming Christopher We'll report back here once we've been able to work on this. Regards Click Studios
  37. 1 point

    ELK and PasswordState

    Hi, i would like to start this thread to get some insights if any of the other customers are using external syslog server to ship the logs from PasswordState. I am using ELK stack. Currently i am trying to create custom filters in Kibana to filter out the logs from PasswordState. I have the question, does the PasswordState always include "Passwordstate" value in the logs that are being sent to syslog server? host:X.X.X.X @timestamp:September 12th 2017, 17:17:29.728 @version:1 message:<110>2017-09-12 16:15:52 X.X.X.X Passwordstate: Failed 'Forms Based' login attempt for UserID 'n.lastname' from the IP Address 'X.X.X.X'. Client IP Address = X.X.X.X _id:AV_aAXYurEipAt82YaPZ _type:logs _index:%{type}-2017.11.20 _score: - Feature Request - it would be great to have support for TCP ports
  38. 1 point
  39. 1 point

    Time-out when deleting folders

    Hi Michael, This issue is a timeout with your SQL Server, and in the .NET Framework the default is set to 30 seconds for database connections. We're going to make a change in the next release as we've had a few customers run into this issue recently, as we've developed a more efficient script which should hopefully help with this. For now, if you can contact us via our support page on our web site (https://www.clickstudios.com.au/support.aspx) I can provide the SQL script to you now so you can run this manually in SQL Server Management Studio. Regards Click Studios
  40. 1 point

    Duplicate Password check

    Hello, Sorry, we do not have a report for this at the moment, but I've added your request for our next round of reporting improvements. Regards Click Studios
  41. 1 point

    Randomize Local Admin Password

    But not on Linux boxes Buckit Okay, I'll leave that one alone now Hey now! I wasn't going on about Linux boxen thankyouverymuch, they were IoT-devices! My Linux boxen are just fine and dandy Sure, the IoT-devices also run Linux, but they're Special Little Snowflakes (tm).
  42. 1 point
    I'd love to pitch in and help figure this stuff out, but right now my workload's a bit too much. Studying for my next exam, which is where I learned about Swagger and OpenAPI
  43. 1 point

    LDAP over SSL

    Hi Everyone, We've released Build 8256 today, which now supports LDAP over SSL (LDAPS) for communicating with Active Directory. This can be enabled/disabled per domain, on the screen Administration -> Active Directory Domains. Regards Click Studios
  44. 1 point

    Error during upgrade

    To be more specific the application is Solarwinds Orion. We use it to monitor the service and when it stops Orion will restart it. To resolve it we disabled the monitor and did a manual install of the upgrade which worked great. Thank you.
  45. 1 point
    Hi Guys, If needed, we can always assist in recovering your password for the Emergency Access login account as well - even if everyone in your organisation has forgotten it. Obviously we cannot do this without your help, but the option is there. Regards Click Studios
  46. 1 point

    Backup account: use a managed account

    Hi Guys, Just letting you know that we've released Build 8204 today which includes this feature request - thanks for the suggestion Regards Click Studios
  47. 1 point
    Fabian Näf

    API Create Password with $ in it

    Hi All I'm not sure if this helps (I had no time to test it). I usually create the JSON as following: Create a Powershell Object, then convert it to JSON. If you do it like this, then you dont have to struggle with the string-creation. $Body = @{ PasswordList = $Name Description = $Description ApplyPermissionsForUserID = $global:UserToPermit CopySettingsFromTemplateID = $global:PasswordstateTemplateID LinkToTemplate = "False" Permission = "A" PrivatePasswordList = "false" NestUnderFolderID = $ParentFolderID APIKey = $global:PasswordStateSystemWideAPIKey } $jsonBody = $Body | ConvertTo-Json (just an example, it doesn't fit to your requirement) Best regards, Fabian
  48. 1 point

    Where to find PasswordList ID

    Hi Greg, We did remove the hover function for this a while back, purely to increase performance. Good news is there's another way to find this easily, by toggling the visibility of the Web API ID from the List Administrator Menu on the Password List, as per below screenshot. I hope this helps! Regards, Click Studios
  49. 1 point
    Hi Mike, Sorry you've run into this issue, and this seems to be caused by a recent Microsoft Patch and IIS caching issue. If you have a look at the following forum post, it will explain how to perform a manual upgrade to the latest release which resolves the issue- the latest release seems to re-cache all files which fixes the problem - https://www.clickstudios.com.au/community/index.php/topic/1630-passwordstate-not-responding-and-iis-reset-takes-over-a-minute-to-execute/ This is the first time in 10 years this has ever happened, so we do not expect it to happen again. Regards Click Studios
  50. 1 point
    Hi Kelv1n, The grids you see in Passwordstate are using ASP.NET controls from www.telerik.com. Obviously the sorting is not working now, as it's being treated as a text field. I did find this following article http://www.telerik.com/forums/sorting-the-grid-by-ipaddress, but I'm not sure how we could apply our own 'Custom Sorting' to a generic field, as how would we know it's intended to be used for storing IP Addresses. In terms of performance, I did a test with a Password List which has 50 records stored in it, with all records displayed on the screen, and it took just under 2 seconds to sort - using Chrome as well, so I'm not exactly sure what the issue could be here. If you use Chrome's Developer tools, and click on the Network tab, is there anything obvious which is causing the delay? I'm not sure if it helps, but when you search in a Password List, it also searches the text in generic fields - so maybe this would be a better option for you - depending on how you need to use the product I suppose. Regards Click Studios
  • Create New...