New Chrome Browser Extension for Passwordstate

One of the most popular features in Passwordstate are our Browser Extensions.  These plugins for your browser securely retrieve credentials from the Passwordstate vault, and autofill websites credential fields allowing you to login automatically.

They can securely save website credentials entered by you directly into your Passwordstate vault.  This is an automated process and encourages your end-users to have strong, individual passwords for all websites they visit.  This is crucial in minimising potential attack vectors and is considered one of the best practices you can employ in protecting your personal and corporate data and systems.

Here at Click Studios we’ve been busy redeveloping our Browser Extensions over the last 3 months to include more features, improved website compatibility and offer a new UI (User Interface).  The first to be released will be for Chrome and Firefox, followed by the new Edge extension once Microsoft release the production version of Chromium Edge (predicted late 2019).

Below is information about the new functionality we’ve included in the browser extensions. As always, we welcome your feedback via support@clickstudios.com.au.

New UI (User Interface):

The first thing you’ll notice is the new UI for the browser extension.  Apart from a redesigned browser icon there is a new Search option, a Preferences Menu, and a new link to report any websites directly to Click Studios that don’t either save credentials or autofill them correctly.  When the Report Site Issue is selected, we’ll be notified, attempt to fix the issue and contact you directly when we release a patched version of the extension into the relevant store.

New Search Feature:

Searching on this screen will query your Passwordstate vault and display only the records you have permissions for.  It displays more information about each record than the previous browser extensions, including the website logo, the Password List where it is stored and a description of the password record.

Clicking on a search result will open a new tab and take you directly to that site, auto-filling the credentials for you.  Clicking the link icon associated with a search result will open the password record in Passwordstate allowing you to make any changes required.

New Preferences Screen:

On the new Preferences screen, you can choose to:

  • Select a Default Password List to store your new credentials in
  • Select a Default Password Generator to use on your websites
  • Temporarily disable auto-filling
  • Toggled on or off the Icon Overlay option.  More about the icon overlay later in the blog

New Save Screen:

When saving new credentials for a website, you are presented with a new screen.  Information on this screen can be modified prior to saving.  Alternatively, you can simply “Close” this screen if you don’t want to add the site into Passwordstate, or you can select the “Ignore” option and the browser extension will never ask you to save credentials for this website again.

More ways to Autofill Websites:

Auto-filling of websites with the new browser extensions can be performed multiple ways:

  1. If you have a single credential saved for the website it will automatically fill it for you when you visit the site.
  2. If you have 2 or more credentials saved for a website, the browser extension will alert you by displaying a numerical badge on the extension itself. Clicking on the extension will open the main page, displaying an extra menu advising you have multiple matching logins.  Clicking onto his you will allow you to select which credential you want to auto fill on the website.
  3. Alternatively, you can use the new “Icon Overlay” which is a new icon you’ll find in the username and password fields on the website.  Likewise, clicking on this icon will give you a choice of which credentials to autofill the website with.

New Overlay Icon:

The icon overlay on the login fields is a new feature that allows you to search for and choose saved credentials to log into the web page with.  Clicking on this new icon will allow you to either scroll up and down to find your credential:

Alternatively you can use the Search feature to quickly find your credential:

Better website Compatibility:

The last new feature we’ve included in these extensions is the automatic updating of the username and password Field IDs.  When you save a record, the browser extension will automatically populate these fields for you:

These IDs tell the browser extension where exactly on the web page to autofill the username and password.  Websites are constantly updated, and these fields occasionally change, which previously stopped the autofill process from occurring. 

With the new browser extensions, if these field IDs change on website the extension will automatically update them in Passwordstate.  If you have multiple logins for the same webpage, it will update all of them.

This feature will significantly improve the auto-filling compatibility of the browser extensions.

Enjoy the new browser extensions and as always if you have any questions please email via support@clickstudios.com.au

Import Passwords from Thycotic Secret into Passwordstate

With the use of the Passwordstate API, it’s possible to import Secret Server data using the XML export option Thycotic provide.

The following documentation has been tested using Secret Server version 10.5.000003, and it would be unlikely Thycotic’s Password Templates and XML export feature would be different in other builds. We also recommend following this forum article to quickly backup and restore your database, in case you experience any errors during the import process – https://www.clickstudios.com.au/community/index.php?/topic/2480-sql-script-to-quickly-backup-and-restore-passwordstate-database/

Field Mappings

Secret Server handles fields differently to Passwordstate, in that they provide a per password record Template of different types (25 in total). Passwordstate uses Password List Templates instead, and the following instructions will use 5 different Templates for the import. Please be aware, you must be using Passwordstate Build 8652 or above for this process, as it has changes to Password List Templates required for this process.

Below in the instructions where you download the file ‘Import-Secret-Server-XML.zip’, this includes an Excel spreadsheet called ‘SecretServer_Passwordstate_FieldMappings.xlsx’. This spreadsheet documents the field mapping from the various Secret Server Password Templates, to the Passwordstate Password List Templates. The only Secret Server template which will not be imported is ‘Contact’, due to Secret Server exceeding the maximum number of Generic Fields Passwordstate supports.


Exporting from Secret Server:

To export your Secret Server data in XML format, please use the screenshots below for guidance. Please save the XML file locally somewhere on your PC, for access further down in the instructions.

Preparing Passwordstate for the import:

  • In Passwordstate, on the screen Administration -> Password List Templates, you need to edit each of the Templates listed in the dot points below to turn off the option “Prevent saving of Password Record if a ‘Bad’ password is detected” – if this step is missed, your import may fail due to Bad Password detection:
    • Credit Cards
    • Software Licenses
    • SSH Account (Password + Key Storage)
    • Standard Password List
    • Web Site Logins

Import Data

To import the exported XML file above, please follow these instructions:

  • Take note of your System Wide API key in Passwordstate, which can be found under Administration -> System Settings -> API Keys.  If you need to, you can generate a new one, and please click the ‘Save’ button on this screen if you do
  • Download the following file https://www.clickstudios.com.au/downloads/Import-Secret-Server-XML.zip
  • Extract the Zip file to the same path as where you exported your XML file
  • Open PowerShell ISE as ‘Administrator’, and open the file ‘Import-SecretServer-XML.ps1’
  • Update the field variables at the top of the script with appropriate values (see screenshot below) – please specify your UserID here that you use login to Passwordstate with. Once done, save the changes to the file
  • Now execute the script, and select the exported XML file when prompted
  • Once the script has finished executing, you should see a ‘parent’ folder called ‘Secret Server Import’, with relevant Folders, Password Lists, and Password records, as per the screenshot below.
  • Once complete, please go back to each of the Password List Templates within the Administration area, and turn back on the option ‘Prevent saving of Password Record is ‘Bad’ password is detected’ for each Password List Template

Import Passwords from KeePass into Passwordstate

Recently, we have been getting more and more requests from new Passwordstate customers asking how to import their data from KeePass.  Because of these requests, we’ve now created a Powershell script which can be used in conjunction with our API.  Our goal with this is to not only import the passwords from KeePass, but to also replicate the structure of the KeePass Groups in Passwordstate.

For customers not familiar with Passwordstate, the equivalent of a “Group” in KeePass is a “Password List” in Passwordstate.  We also have the concept of “Folders” which allow you to logically group Password Lists together.  If you follow the process below, it will create a Folder called KeePass Import in the root of Passwords Home, and will contain one Password List for every Group you have in Keepass.  It will then import the relevant passwords inside each Password List.

We highly recommend taking a backup of your Passwordstate database prior to performing this import.  You can either use the automatic backup feature within Passwordstate, or possibly use SQL Management Studio Tools instead.

Exporting from KeePass in the Correct Format:

If you would like to migrate your passwords from KeePass to Passwordstate, you will need to export them as a csv file, which Passwordstate reads correctly.  The best version of KeePass to do this in is the Classic version.  The Classic version has better options when exporting, allowing you to select which attributes of your passwords you would like to insert into the csv file.  If you are using KeePass Professional, you will need to transfer all of your passwords to the Classic version.  To do this:

1. Open KeePass Professional and click File -> Export

2. Select KeePass KDB (1.x)

3. Select a place on your local disk to save the export to, and click OK

4. If you get an error saying “This file format does not support root groups” click Close

5. Open KeePass Classic

6. Click File -> Import -> KeePass Database…

7. Open the .kdb file you generated in the export process above

8. Enter in the Master Password for your exported database and click OK

9. Click File -> Export -> CSV File…

10. Save the .csv to somewhere local like D:\KeePass-Import\Passwords.csv

11. Under the fields to export, ensure you also tick “Group” and click OK

**Important** Once you have exported this .csv file, DO NOT modify and save in Excel in any way.  This can make the .csv file unreadable for the purpose of this exercise.

Preparing Passwordstate for the import

1. In Passwordstate, under the Passwords menu, create a Password List Template.  This process will be copying the settings and permissions from this template when setting up your data.

2. On the Template, ensure you deselect the “Prevent saving of Password Record is ‘Bad’ password is detected“:

3. Also on the same Template, ensure you select the URLfield as follows, and save it:

4. Apply appropriate permissions to the template via the Actions Menu.  Any user you give access to on this screen will get access to all passwords you import from KeePass.  If need be, you can easily modify permissions after you’ve completed this import process:

5. Press the Toggle ID Column Visibility and take note of the TemplateID:

6. Download the Import-Keepass.zip file from the Click Studios web site, and extract the contents into the same folder as your exported KeePass .csv file.

7. Take note of your System Wide API key in Passwordstate, which can be found under Administration -> System Settings -> API Keys.  If you need to, you can generate a new one:

8. Open the extracted import-keepass.ps1 file in your favorite Powershell scripting tool, and modify the top 4 variables to reflect the correct information about your environment. You will need to enter your Passwordstate URL, the exact path your exported .csv file, your system wide API key, and your Template ID:

9. If you now run your Powershell script, you should notice a KeePass Import folder in Passwordstate, along with Multiple Password Lists which are named the same as all your groups and sub-groups from KeePass.  They will also contain all the relevant passwords:

10. If you like, you can create some Folders in Passwordstate and begin dragging and dropping your new Password Lists as appropriate.

If you need any help with this at all, you are welcome to contact us on support@clickstudios.com.au.