support

Hello AmirKat, Our software does not use jqGrid.min.js - did you post this in the wrong forums? Regards Click Studios

Okay - thanks. Not sure if the following forum post would help with your Macs and WinAPI - https://forums.clickstudios.com.au/topic/2387-can-winapi-be-used-via-a-linux-shell-script/ Regards Click Studios

Hello, Please see responses below: - how can I only allow the System API key to read passwords from one certain folder? or is it possible? Unfortunately not - do we support multiple system-wide Generic API keys? No we do not have a feature for that sorry - is it possible to only grant the `retrieve passwords` permission to the System API key? - you can change those settings on the properties of each Password List Have you had a look at the Windows Integrated API - can you instead use that in your environment? Regards Click Studios

Hello, APIKeys on folders are not used to retrieve passwords from Password Lists nested beneath the folder. They are only used for managing permissions on the Folders. To retrieve passwords, you can create a APIKey per Password List, or use the System Wide API Key. Or you can use the Windows Integrated API, which does not need API Keys. Regards Click Studios

Hello Everyone, Today we have released build 9873. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Thanks Robert

Hello Charlene, Please go to the screen Administration -> Feature Access -> Menu Access. Regards Click Studios

There are a few conditions Passwordstate may want to reach out to the internet, all of which can be disabled if desired: Scenario #1: It can contact our clickstudios.com.au website (13.75.255.213), to check an xml file for any new builds available. Configure Location: Administration -> System Settings -> Check for Updates Scenario #2: If you use DUO Authentication to authenticate into Passwordstate, this can reach out to the DUO API which is duosecurity.com Configure Location: Authentication for DUO is found under Administration -> System Settings -> Authentication Options Scenario #3: If you use SAML for authentication, this can reach out to the internet. Examples are using Azure or Google as your SAML provider, and the locations Passwordstate need to reach out to are dependent on which SAML provider you use. Configure Location: Authentication for SAML is found under Administration -> System Settings -> Authentication Options Scenario #4: If you use the HaveIBeenPwned feature in Passwordstate, to check for known bad passwords, Passwordstate can reach out to https://haveibeenpwned.com/ API via the following URL: https://api.pwnedpasswords.com/range/ Configure Location: Administration -> Bad Passwords Scenario #5: If you use Yubico One Time Passwords for authentication, which will need to reach out to yubico.com Configure Location: Authentication for Yubico OTP is found under Administration -> System Settings -> Authentication Options As long as you do not require connection to any of the options above, then you welcome to block access to the internet from your Passwordstate server. Regards, Support

Hello Everyone, Today we have released build 9866. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Issue: one or more users logs into Passwordstate, and they notice a long delay for the initial webpage to render. You many notice this delay of up to 30 seconds or more before all the folder and Password Lists are displayed. Cause: Each folder of Password List you see in the navigation tree requires a small bit of HTML to render. The more Folders and Password Lists requires more HTML, and with thousands of these objects, your browser could be rendering 10 to 20 megabytes of data each time you log in. Fix: For an affected user, get them to go to their Personal Preferences page, and enable Load On Demand. Log out and log back in again, and the performance of their initial load times should increase drastically: Apply Load on Demand to All Users: It's possible to use a User Account Policy to force some, or all users to use Load on Demand. If you have not used the User Account Policy feature before, this blog post explains what they are, and how to set them up: https://blog.clickstudios.com.au/develop-user-account-policies/ In your User Account Policy, setting #A11 is where you enable Load on Demand: Regards, Support

Hello Charlene, With the Red arrow Note on that screen you provided, can you ask your Passwordstate Security Administrators if they have hidden this menu? Regards Click Studios

Hello Robert, Yes, we have information in the following manual - just search for kerberos - https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Management_Manual.pdf Regards Click Studios

This API script in Powershell is designed to update the Field IDs for any password records with a matching URL. It designed as a quick way to bulk update multiple records that are used with the Browser extension, instead of manually updating every record you have in the system. This will help with the autofill feature in the browser extensions. The script will return all shared passwords in the system, and filter only the records with the URL of your choice. It will then update those records with the Field ID value of your choice. You only need to modify the first four lines in the script. Line 1 is your Passwordstate URL Line 2 is your System Wide API key which can be found/generated under Administration -> System Settings -> API tab Line 3 is the value of the URL in any password records that you want to update Line 4 is the value of the FieldID that you will be updating any password record with -------------------------------------------------------------------------------------------------------------------------------------------------------- $PasswordstateURL = "https://passwordstate.clickdemo.com" $APIKey = "5347c386f9bad2edc2ef9563a874b33e" $MatchingURL = "amazon.com" $FieldValue = "ap_email" $QueryAllPasswordsURL = "$PasswordstateURL/api/passwords/?QueryAll&PreventAuditing=false" $passwords = Invoke-Restmethod -Method GET -Uri $QueryAllPasswordsURL -Header @{ "APIKey" = $APIKey } foreach ($password in $passwords) { $passwordID = $password.PasswordID $URL = $password.URL if ($URL -match $MatchingURL) { $Body = @{ PasswordID = $passwordID WebUser_ID = $FieldValue } # Convert Array to Json $jsonData = $Body | ConvertTo-Json $UpdateURL = "$PasswordstateURL/api/passwords" $result = Invoke-Restmethod -Method Put -Uri $UpdateURL -ContentType "application/json" -Body $jsonData -Header @{ "APIKey" = $APIKey } } } -------------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Support

Hi Ralph, The following in the API documentation will help with this. Regards Click Studios

Issue: There are a couple of pages in Passwordstate where you can turn on debugging, to help troubleshoot issues. Leaving this turned on will increase the size of your database, so best practice is to turn this off if not using the feature. You can also purge all debugging data to clean up your database. Below are the areas you can turn off debugging: Main Passwordstate Security Groups: On this page turn the debugging off, and purge the data is desired: Password Reset Portal Security Groups - This is an additional module that you may not have purchased: Regards, Support

Cheers Sarge

Hi NateG, Thanks, and we did overlook that customers can enable Maintenance Mode when logged in with Emergency login account, and we will need to update our documentation for this. Regards Click Studios

Hello Everyone, Today we have released build 9858, which includes a security update. We recommend customers upgrade as soon as possible. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Hi MikaV, We've just tested this with the latest iOS version, and we do not see any crashes when trying to sync data. We think this might be some sort of corrupt data in your system, or possibly a bug in the version of Passwordstate you are running. If you are not running the latest build of Passwordstate, can you upgrade by using this guide and test again? https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf. (Specifically in build 9753 the App would crash if you had individual permissions to passwords in Passwordstate, so if you are running an older build than that, an upgrade could certainly help) If the upgrade doesn't help, do you know if this is happening for all users? Or are you able to add in a test user into Passwordstate, and try pairing that user to your phone? Does that work? You are more than welcome to log a support call with our us via this page below, and we can work with you to get this resolved in a more private setting, if you like? https://www.clickstudios.com.au/support.aspx Regards, Support

Hello, Thanks for your request. Please be aware though that under no circumstances do we send credentials to any third party services, including Have I Been Pwned. Please see there documentation here, for how their API works - https://haveibeenpwned.com/API/v3 Regards Click Studios

Hi All, no progress has bene made on this yet, due to developing our next major build Passwordstate 10. We hope to address it as soon as we can.

Hi Ben, Thanks very much for your request. We assume our Windows Integrated version of the API is not appropriate for you, as this does not require API Keys, and gives the user the exact same permissions as per when they are logged into the UI? Regards Click Studios

Issue: You are trying to configure the Passwordstate browser extension but are getting a Connection error, server not available error message, or Error, connection timed out and the browser extension icon stays Red in colour Troubleshooting Steps: Please follow this process below to capture the network traffic when this issue occurs, and forward that onto Click Studios support for analysis. Step 1: Click on the Manage Extensions button Step 2: Enable the Developer Mode option, and then click Background.html link, and this will open a separate browser window with the developer tools Step3: Log into Passwordstate, then try Logging into the extension Step 4: This will generate some traffic under the Network tab in the Developer tools window. Save the output to a .har file and forward that onto Click Studios support to look at. Regards, Support

Hi Mordecai, The only other API functionality we think we'll be adding at this stage is related to documentation, specifically searching for documents. No changes will be made to existing API code so your existing scripts won't be affected, and we'll be releasing the first build of Passwordstate 10 as a beta to all users. Normally we'll run the beta for about 2 months and fix any issues that were reported before the first stable version is released. Regards, Click Studios.

Hi Guys, On the screen Administration -> Reporting, you can run this report across all shared Password Lists, but not private. Please be aware this report can take a very long time to run, dependent on how many password records you have. The reason we do not allow this for Private Password Lists, is because we do not wish to expose any information to Security Admins for private lists i.e. Title, Username, etc. This is also why you cannot see auditing data for Private Lists. Owners of Private Lists can run this report themselves, from the List Administrators Actions dropdown list on each Password List. Regards Click Studios