Jump to content

Default Password Generator works differently the first time


Guest Martin

Recommended Posts

I add a new entry and use the calculator to generate a password (paten-9N%vWLk) but it does not fulfill the conditions (24-32 characters).

After that I change to the generator named Test, switch back and get the right password now

3.PNG

2.PNG

1.PNG

Link to comment
Share on other sites

The Password Strength Policy is set to Excellent and Mandatory (see image)

The problem is not the Password Policy, but the Generator Policy.

As I understand it, Password Strength Policy only specifies what may be stored.

However, I am still one step ahead and first generate the password.

 

It works if I select another password generator and change back

steps.png

Link to comment
Share on other sites

Hi Martin,

 

Thanks for the screenshots, and using all your settings I do not see this issue when first clicking on the Generator icon - it creates a very long password for me each time I do this.

 

Are you using the latest build of Passwordstate?

 

Is anyone else in the community able to reproduce this?

Thanks

Click Studios

Link to comment
Share on other sites

It could be similar to the issue that I reported on 26th November via Email.

 

After changing the default generator policy it doesn't get applied when using the calculator on the new password window, although the one in the top bar works fine.  The only way I could get it to apply was by editing the properties on the password list and then clicking save (i didn't make any changes).  That's fine for public lists, but I had to email all of my users to tell them to do their private lists so I've actually no idea if people are using strong enough passwords.

 

I'm not sure what it's doing in the background but it feels like the generator policy is stored per list and only refreshes when you 'save' a list.

Link to comment
Share on other sites

Hello Inkz,

 

Yes, each Password List can be configured to use different Password Generator and Password Strength Policies, but the settings for these are not stored in a different table - they are queried live each time they are used.

Regards

Click Studios

Link to comment
Share on other sites

Ok I think I've worked it out.

 

It looks like the lists on mine that are generating incorrect passwords have a PasswordGeneratorID of 0 in the PasswordList table.  There is only one entry in the PasswordGenerators table with an ID of 1.

 

I can also replicate the issue that Martin has.  If I create a test generator policy and then open a list with a PasswordGeneratorID of 0 and generate a password, it generates with the out of the box default policy.  If I switch to test, it generates with the test policy, and if I switch back to default it generates correctly with my modified default policy.  If I edit properties and save the list (don't make any changes), it updates the PasswordGeneratorID to 1.

 

If I create a brand new list, it gets created with a PasswordGeneratorID of 0.  PasswordState must be coded to use a default generator policy if it can't map correctly.

 

Every entry in the PasswordListTemplates table has a PasswordGeneratorID of 0.  If I edit properties and save (no changes) on a template, then it updates the template in the database with a PasswordGeneratorID of 1.

 

So a couple of questions.   How have the templates managed to get a PasswordGeneratorID of 0, and can I just run a database script to update all of the IDs for the templates and lists to 1 without breaking anything?

Link to comment
Share on other sites

Hello Inkz,

A PasswordGeneratorID of 0, means it is using the user's Personal Password Generator settings, as opposed to any Password Generator Policies. This is the default setting if you have disabled the Add Password List Wizard.

If you want to change all these in the DB, then you can use the following SQL Code for this:

USE Passwordstate
UPDATE [PasswordLists] SET PasswordGeneratorID = 1 WHERE Folder = 0

Regards

Click Studios

Link to comment
Share on other sites

Thanks for the SQL I will update my existing lists.

 

I have 'Prevent users from using their 'Personal' Password Generator Policy settings' set to 'yes', the same as Martin has posted above and I haven't disabled the Wizard.  When you create a new list from a template which has PasswordGeneratorID set to 0, then edit properties on the list it shows 'default password generator' but the dropdown is greyed out.  The dropdown is lying as it's actually set to 'My Personal Generator Options'.   If I go and change  'Prevent users from using their 'Personal' Password Generator Policy settings' to 'no' and edit properties on the list again it will show 'My Personal Generator Options'.

 

The actual root issue is that both the Wizard and the private lists that are automatically created when importing a new Active Directory user are not taking in to account the 'Prevent users from using their 'Personal' Password Generator Policy settings' setting.  It just uses the PasswordGeneratorID that is stored in the template.

 

The fix is to edit every template and save it again (don't make any changes) so that all PasswordGeneratorID fields get updated to 1, and then run your script above to fix any existing lists.

 

You can perform the following steps to replicate this issue (I am on build 8573, but had this issue in previous builds as well):

 

Ensure that 'Prevent users from using their 'Personal' Password Generator Policy settings' is set to 'yes' in system options.

Find a template in the PasswordListTemplates table that has PasswordGeneratorID set to 0, or update an existing entry to 0.

Create a new list using the wizard from the template that you identified above.

Find the new list in the PasswordLists table.  PasswordGeneratorID will be 0.

Edit list properties, it will show that it's using 'Default Generator Policy' (which it's not).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...