Sneak Peek of the Updated Mobile App

March 17, 2022 by

At the risk of repeating ourselves, the native Mobile Clients for Android and iOS, first introduced in Passwordstate V9 Build 9000, offer substantial flexibility for System Administrators and Users on the move.  These apps are used in a revised architecture, requiring the installation of a Passwordstate App Server, which brokers connectivity between the client device and the Passwordstate instance.

The Apps authenticate using an independent credential set and store password records on the smartphone within an encrypted cache.  All authentication and access of credentials is audited and synced back automatically with Passwordstate on next connection.  This solution only offered simple read only access to authorized password records…until now!   

For the Uninitiated…

For those that haven’t see the app I’ve included a screen capture from my iPhone below.  This shows the Light colour scheme on the left hand side and the Dark colour scheme on the right hand side.  You can select either or choose to match the System Default on your device.

Once you’ve setup the App you can select to either unlock the app using the Unlock With Credentials (using the independent credential set) or Unlock With Biometrics (which will appear if you’ve selected the option to use Biometric Unlock).  From here you are presented with the default home page.

Password Lists Home

The image below shows the Password Lists page, the current system default home page in the App.  We intend on also providing an option of setting the OTP page (what?) as the default in a later build, possibly before the updated app is available in the respective Apple and Google stores.

While this all looks normal in the app, lets select a password list and show some neat enhancements.  The first is editing an existing Password Record.  I’ve selected a Password List on the Password Lists screen, then selected the top Password Record ending in .com.au.  Now I’ve simply swiped in from the right hand side and the Edit control appears.  I can then go through and edit the required fields and save the record (we’ll explain how to do that further down),

Alternatively, if you discovered you no longer needed that Password Record, you can delete it by swiping-in from the left hand side and the Delete control appears,

And for those that guessed it… that’s right… you can Add a Password Record by clicking on the + sign up the top of the screen (with the green circle around it).

One-Time Passwords

Passwordstate has had the ability to service One-Time Passwords for a number of years.  All that’s required is a Password List to be based on the One-Time Password Authenticator Template.  This allows you to access the OTP codes via our Web Browser Extension.

But what about when you’re away from your computer?  Well, with the introduction of the native Mobile Clients you could have access to your Password Record that was stored in the encrypted cache, and that was it.  You’d still need a separate app, like Google Authenticator, to access the OTP.  But this is really inefficient!  Why have two apps when Passwordstate contains all the information?

With the release of the next version of the Mobile App we now provide mobile access to your OTP records, 

And, what’s more, you can also add new OTP records by pressing the camera icon at the top.  This will open the device’s camera and prompt to Scan the OTP QR Code.  Once scanned it will open up a new Password Record so the other details such as Title, Username, URL, Password etc. can be entered.  As with the Password Records shown above you can both Edit and Delete OTP records by swiping in from the right and left respectively.

Adding New Records

There’s a couple of ways to add a new Password Record via the App.  The first is by scanning a QR Code

Once scanned the App will open the New Password Record screen and require as a minimum the Title, Password and Confirm Password fields to be filled out.  Note, the app will check that the Password and Confirm Password fields match.  The Generate Password button will generate a password and populate both the Password and Confirm Password fields.  The generated password is based on the Password Generator Policy set for the Password List in your Passwordstate instance.  The One Time Password will already be filled out and cycling through every 30 seconds as you’ve scanned the QR code (not showing in the image below).

To save the record press the Tick Icon at the top or the Cross to exit without saving.  On successful saving you receive a Saved pop-up like below,

The second way of adding the record is via the + sign as show in the images under the Password Lists Home section above.  Note if you add a Password Record this way and the Password List isn’t based on the One-Time Password Authenticator template you won’t have the option to scan a One Time Password QR Code.

Constraints

The new functionality of Adding, Editing, Deleting Password Records, including adding OTP Records via the Mobile App requires a connection back to your Passwordstate Instance.  The functionality is not designed to work just with the offline encrypted cache.  New records are first added to your Passwordstate instance and are then immediately synchronized with your mobile device.

Access to your OTP records however does work offline.  Your encrypted cache will always be populated with your OTP records each time you synchronize with your Passwordstate instance.  This means if you replace your phone you won’t have to set them up from scratch unlike with some other Authenticators.

We’re really excited about the newest version of the Mobile App.  If you would like to share your feedback, we’d love to hear it.  Just email it through to support@clickstudios.com.au.

Filed Under: Development, General Post

Passwordstate V9 Changes for Authorized Web Servers

November 26, 2020 by

With the soon to be released Passwordstate V9 Beta we’ve overhauled the Authorized Web Servers functionality.  The Authorized Web Servers is used to mitigate against the theft of your Passwordstate Database and the credentials it contains.  This is done by explicitly tethering the Database to specific NetBIOS Server Names, preventing your Database being hosted in an untrusted environment. 

Enabling this is straight forward, by navigating to Administration->Authorized Web Servers and adding the NetBIOS names of all servers you want to explicitly authorize being able to host the Passwordstate Website.  The current version 8 of Passwordstate screenshot is shown below,

New Authorized Web Servers

With Passwordstate V9 we’ve consolidated the location for all Passwordstate Servers and provided greater functionality.  The new Authorized Web Servers allows you to specify the NetBIOS names for your Passwordstate Servers, including High Availability members as well as for your App Server.  It provides,

  • A status indicator for each server showing the Polling Health and the last time polled
  • The build number of each server
  • The assigned Server role, either Primary or App
  • The High Availability mode status
  • The installation path for each server

The new screen can be seen below,

Note that the Polling is performed in line with all hosts and performed by the Windows Service.  The Last Poll Time is the last Poll that occurred.  Each Server’s Build No and Install Path is also automatically retrieved on a successful Poll.

When you Add New Authorized Web Server you now have to provide it with not only the Host Name, but also the Server Role (Primary Server, High Availability Server or App Server) but also the type of High Availability Node (Active or Passive) when you have selected the Server Role as High Availability Server,

Note the functionality above replaces the PassiveNode functionality previously located in the Web.config file.

What is the App Server Mentioned Above?

Passwordstate V9 introduces a new Server Role, that of the App Server.  But what does it do you ask….well that’s for next week’s blog 😊

Remember, all feedback is welcome via support@clickstuidios.com.au

Filed Under: Development

First Sneak Peek at Passwordstate Version 9

April 20, 2020 by

At times it starts to feel overwhelming with the impact that COVID-19 is having on our extended global family and friends.  So, we’ve been trying to distract ourselves by focusing on “other things”.

And here at Click Studios “other things” tends to quickly turn into “How can we make Passwordstate even better?”. 

The Click Studios Development and Technical Support Teams have been hard at work on Passwordstate Version 9 for the better part of the last 4 months.  Whilst V9 is yet to be released in-full to internal UAT (User Acceptance Testing), a number of key modules have commenced advanced system testing.  The results of which have been very impressive.

True Multithreading for Discovery Jobs

V9 will now support multithreading for Account and Windows Dependency Discovery Jobs.  The settings for multithreading will be accessible from Administration->System Settings->Account Discoveries Tab as shown below:

This offers the potential for significant performance improvements.  In our System Testing environment, a job querying 1000 hosts using one (1) thread took around 60 minutes to complete.  By selecting thirty (30) threads from the drop down list the same job was completed in just under 11 minutes, or almost 5.5 x faster than just using one (1) thread.

Password Lists and Properties

Passwordstate V9 will also introduce a randomiser function for when the Password Reset Schedule will execute.  This is in addition to the existing configurable incrementor to the Password Reset Schedule.  This now allows you to pick a time range for when the Password Resets will occur and is in addition to being able to stagger the reset schedule by adding the selected number of days, or months, to the Expiry Date of each account per Password List.  For Security Administrators this can be set under Administration Tab->Password Lists->Edit Password List Properties, Default Password Reset Schedule section as shown below:

Alternatively, if you only have admin privileges to a Password List you can still set the randomiser and incrementor to the Password Reset Schedule for a Password List from Passwords Tab->Password List->Edit Properties->Password List Properties, Default Password Reset Schedule section as shown below:

You can also configure the incrementor to the Password Reset Schedule on individual Passwords by selecting an account to bring up the Edit Password dialog and clicking the reset options tab.  Under Password Reset Schedule you can select the number of days, or months to add to the new Expiry Date as shown below:

We hope you’re as excited about these new improvements as we are and As always, we welcome your feedback via support@clickstudios.com.au.

Filed Under: Development

New Chrome Browser Extension for Passwordstate

May 12, 2019 by

One of the most popular features in Passwordstate are our Browser Extensions.  These plugins for your browser securely retrieve credentials from the Passwordstate vault, and autofill websites credential fields allowing you to login automatically.

They can securely save website credentials entered by you directly into your Passwordstate vault.  This is an automated process and encourages your end-users to have strong, individual passwords for all websites they visit.  This is crucial in minimising potential attack vectors and is considered one of the best practices you can employ in protecting your personal and corporate data and systems.

Here at Click Studios we’ve been busy redeveloping our Browser Extensions over the last 3 months to include more features, improved website compatibility and offer a new UI (User Interface).  The first to be released will be for Chrome and Firefox, followed by the new Edge extension once Microsoft release the production version of Chromium Edge (predicted late 2019).

Below is information about the new functionality we’ve included in the browser extensions. As always, we welcome your feedback via support@clickstudios.com.au.

New UI (User Interface):

The first thing you’ll notice is the new UI for the browser extension.  Apart from a redesigned browser icon there is a new Search option, a Preferences Menu, and a new link to report any websites directly to Click Studios that don’t either save credentials or autofill them correctly.  When the Report Site Issue is selected, we’ll be notified, attempt to fix the issue and contact you directly when we release a patched version of the extension into the relevant store.

New Search Feature:

Searching on this screen will query your Passwordstate vault and display only the records you have permissions for.  It displays more information about each record than the previous browser extensions, including the website logo, the Password List where it is stored and a description of the password record.

Clicking on a search result will open a new tab and take you directly to that site, auto-filling the credentials for you.  Clicking the link icon associated with a search result will open the password record in Passwordstate allowing you to make any changes required.

New Preferences Screen:

On the new Preferences screen, you can choose to:

  • Select a Default Password List to store your new credentials in
  • Select a Default Password Generator to use on your websites
  • Temporarily disable auto-filling
  • Toggled on or off the Icon Overlay option.  More about the icon overlay later in the blog

New Save Screen:

When saving new credentials for a website, you are presented with a new screen.  Information on this screen can be modified prior to saving.  Alternatively, you can simply “Close” this screen if you don’t want to add the site into Passwordstate, or you can select the “Ignore” option and the browser extension will never ask you to save credentials for this website again.

More ways to Autofill Websites:

Auto-filling of websites with the new browser extensions can be performed multiple ways:

  1. If you have a single credential saved for the website it will automatically fill it for you when you visit the site.
  2. If you have 2 or more credentials saved for a website, the browser extension will alert you by displaying a numerical badge on the extension itself. Clicking on the extension will open the main page, displaying an extra menu advising you have multiple matching logins.  Clicking onto his you will allow you to select which credential you want to auto fill on the website.
  3. Alternatively, you can use the new “Icon Overlay” which is a new icon you’ll find in the username and password fields on the website.  Likewise, clicking on this icon will give you a choice of which credentials to autofill the website with.

New Overlay Icon:

The icon overlay on the login fields is a new feature that allows you to search for and choose saved credentials to log into the web page with.  Clicking on this new icon will allow you to either scroll up and down to find your credential:

Alternatively you can use the Search feature to quickly find your credential:

Better website Compatibility:

The last new feature we’ve included in these extensions is the automatic updating of the username and password Field IDs.  When you save a record, the browser extension will automatically populate these fields for you:

These IDs tell the browser extension where exactly on the web page to autofill the username and password.  Websites are constantly updated, and these fields occasionally change, which previously stopped the autofill process from occurring. 

With the new browser extensions, if these field IDs change on website the extension will automatically update them in Passwordstate.  If you have multiple logins for the same webpage, it will update all of them.

This feature will significantly improve the auto-filling compatibility of the browser extensions.

Enjoy the new browser extensions and as always if you have any questions please email via support@clickstudios.com.au

Filed Under: Development