Browser Extension Authentication Step By Step

As part of our continual focus on improving security, we’ve recently reviewed the process used by our Browser Extensions when accessing Passwordstate.  The result being we’ve changed how the extensions authenticate back against your Passwordstate instance.

The changes were introduced in Build 9611, and post upgrading, all browser extensions are required to reauthenticate with your Passwordstate instance.  This will be indicated by the Passwordstate Browser Extension icon having turned red as per the image below.

The reauthentication process will only need to be performed from your Browser Extension under the following situations,

  1. After your first upgrade to Build 9611 or a later version,
  2. Every time you add the Browser Extension to your web browser,
  3. If you logout of your Browser Extension and then browse to a different Passwordstate instance.

When your Browser Extensions are updated through the relevant store, e.g., Google Chrome Store, you won’t have to reauthenticate.  However, if you delete the Browser Extension and then re-add it you will need to reauthenticate. 

Authentication Steps

The process of reauthenticating the Browser Extension with your Passwordstate instance is straight forward.  The biggest gotcha you’re likely to encounter is if you do not confirm the Passwordstate URL within 25 seconds. If this happens, simply refresh Passwordstate whilst logged in to kick off the process again.

To start the process of authentication, click on the red Browser Extension icon located in the Browser Toolbar as shown by the red circle 1 in the image above.  This will display the dialog stating Please browse to your Passwordstate website so this extension can be configured.

You will then need to login to your Passwordstate instance as shown by the red circle 2 in the image below.  Make sure you have selected the correct login type for your account from the drop down list, then enter your Username, Password and click on the Logon button,

Once you have logged in to Passwordstate you will see the normal User Interface based on your assigned permissions.  In these images the UI is showing the Administration tab as my account is setup as a Security Administrator.

A new dialog will now appear beneath the Passwordstate Browser Extension.  The dialog will state Please click on the Passwordstate Browser Extension icon above to authenticate with the extension.  You will need to click on the red Browser Extension icon as shown by red circle 3 in the image below,

On clicking the red Browser Extension icon a new dialog will be presented.  This dialog will show the URL or your Passwordstate instance and it should match the URL of the Passwordstate instance you have just logged into, as shown by red circle 4 in the image below.

Take the time to check the 2 URLs are the same and match the URL provided by your Passwordstate Security Administrators.  Only click on the Confirm Passwordstate URL button if these URLs match.


Now that the Browser Extension has been authenticated it will change colour.  In the image below the icon is shown as black as I’ve removed the automatic ignored URL for Passwordstate (as part of testing that I have been performing).  In most cases, once authenticated your Browser Extension icon will turn blue while you are still on the tab for your logged in Passwordstate session.

If you click on the Browser Extension now it will show details such as the number of any Ignored URLs, when the next automatic sync with Passwordstate is to occur and the ability to Logout (which only logs out the extension – you don’t need to reauthenticate).

As show above the process for authenticating your Passwordstate Browser Extension with your Passwordstate instance is straight forward and provides even better security.

If you’d like to share your feedback please send it through to