Jump to content

Search the Community

Showing results for tags '2fa'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Essentials
    • Announcements
  • Passwordstate 8.x
    • General Support
    • Feature Requests
    • Feature Requests - Completed
    • Known Issues
    • Installing Passwordstate
  • Passwordstate 7.x
    • General Support
    • Known Issues
  • Knowledge Base
    • General FAQs
    • Password Resets
    • Remote Session Launcher
    • Mobile Client
    • Passwordstate API
    • Browser Extensions

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Google Plus Account


Location


Interests


Biography


Location


Interests


Occupation

Found 7 results

  1. Hello I've a small and easy to fix feature request :-). Right now the field where you type in your 2FA-Code, is a password fieldtype. - This causes browsers wanting to store those 2FA-Codes as passwords, which is annoying. - Since they are one-time codes they don't need to be masked anyway. (no Bank does that) Can you please change the field type to cleartext (or number)? Thanks & Cheers Tibor
  2. Version Passwordstate 8.4 (Build 8411) added support for generating TOTP tokens withing PasswordState, feature is called 'One-Time Password Authenticator'. The setup is shown in this video Passwordstate - Whats New in Build 8411? starting around 1:41. Discussed the missing manual setup issue with PasswordState support and they won't fix this if others won't need it too. So I ask you to vote for this feature. Since PasswordState is a web app and in most cases I don't this it has access to device camera to scan a qr-code (specially if your desktop doesn't have one). So users would/might end up saving the issuer generated qr-code in a image file locally and uploading that image to PasswordState. That file might not get securely deleted afterwards, which it should since it has the shared secret in it. In worst scenario user leaves the qr-code in his/her Downloads directory. There should be manual way of adding the TOTP token shared secret/key to PasswordState, one can get this from the most token issuers, quickly checked that Facebook shows key as default Google asks “can’t scan it?” and gives out the shared secret. Twtter also has “can’t scan code”. AWS shows “Show secret key for manual configuration”. Microsoft also provides “or enter code manually” as default option. Dropbox also has the option to show the code. Sure all of them default to qr-code, since it’s user friendly for personal use. But if using a password manager, best to use manual method and store the secret/key within password manager so you can migrate to another TOTP token generator easily. Most of those authenticator apps won’t let you restore/show the secret after adding a service, some do but most won't. It's fine if the authenticator and the shared secrets are in backup scope, like Github said in their blog post. The manual setup method would be much user friendly in PasswordState, specially for a shared password list. And lets not forget the backup/restore/migration need, I might wan't to change my authenticator app. If the shared secret/key would be stored in a password manager, migration is easy. When entering the secret manually, we would need to be able to enter also the time perioid (default 30s) and number of digits in token (default 6). Optionally token hash algorithm might be needed (default SHA-1). Since token issuers usually document which format are they using, PasswordState could have predefined list of Issuers where to derive the settings from (by quick googling found this project which has list of common Issuers) and have option to set them yourself.
  3. Jagrys

    FIDO 2.0

    Is there any chance to implement FIDO 2.0 in nearest future ? Microsoft is working on it on Azure AD right now but it should be available on Windows Server AD soon. https://security-architect.com/fido-passwordless-authentication/
  4. Hi, I'm a happy home user of Passwordstate (PWS), and so far the experience has been very nice. I've exposed my PWS to the internet through the use of an Apache reverse proxy, and that works great. Before I did that, I of course made sure I had 2FA enabled for my user, as only using username and password seemed far too dangerous. This has worked perfectly, but, I've been a bit annoyed by the fact that I needed to use 2FA even when I access my PWS from home. So, reading a bit about it lead me to the Administration -> System Settings -> allowed ip ranges -> Web Site Allowed IP Ranges setting, where I've added my internal network range, and set Authentication Option to Forms and Google Authenticator I've also made sure to specify my Apache reverse proxy IP in Administration -> System Settings -> proxy & syslog servers -> X-Forwarded-For Support. My user account is set to use Use the System Wide Authentication Settings under Web Authentication Option. The Apache reverse proxy is set up to use RemoteIPHeader X-Forwarded-For in the configuration for my PWS site. I can also see my real, remote client IP in the IIS logs after adding the X-Forwarded-For column to the logging options in IIS, so I know it gets through. Signing in to PWS from home works fine, with just username and password now. However, signing in from remote still only requires username and password. I'd like remote sign in to require 2FA. I'm sure I'm missing something, but I can't really see what. Any help would be greatly appreciated. Thank you!
  5. Does Passwordstate support the functionality for producing TOTP tokens on logon records? Eg. If I have 2FA active on AWS, then Password state will give me all 3 of the username, password and TOTP token for me to logon.
  6. Hey Guys, Ive have just enabled Duo 2FA in passwordstate but now when i try to login to passwords state i get the following.... Server Error in '/' Application. Object reference not set to an instance of an object. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.NullReferenceException: Object reference not set to an instance of an object. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: Can you help me with this ? Thanks Alan
  7. Hi all, Is there a good way to re-send a user's Google Auth code or barcode when they get a new phone and/or have to re-install their Google Authenticator app? The only way I've been able to figure out so far is to impersonate their account, go to their Preferences and get the code from their Authentication Options page. Ideally, I'd rather not have to impersonate them. Thanks! Greg
×