Passwordstate V9 Changes for Authorized Web Servers

With the soon to be released Passwordstate V9 Beta we’ve overhauled the Authorized Web Servers functionality.  The Authorized Web Servers is used to mitigate against the theft of your Passwordstate Database and the credentials it contains.  This is done by explicitly tethering the Database to specific NetBIOS Server Names, preventing your Database being hosted in an untrusted environment. 

Enabling this is straight forward, by navigating to Administration->Authorized Web Servers and adding the NetBIOS names of all servers you want to explicitly authorize being able to host the Passwordstate Website.  The current version 8 of Passwordstate screenshot is shown below,

New Authorized Web Servers

With Passwordstate V9 we’ve consolidated the location for all Passwordstate Servers and provided greater functionality.  The new Authorized Web Servers allows you to specify the NetBIOS names for your Passwordstate Servers, including High Availability members as well as for your App Server.  It provides,

  • A status indicator for each server showing the Polling Health and the last time polled
  • The build number of each server
  • The assigned Server role, either Primary or App
  • The High Availability mode status
  • The installation path for each server

The new screen can be seen below,

Note that the Polling is performed in line with all hosts and performed by the Windows Service.  The Last Poll Time is the last Poll that occurred.  Each Server’s Build No and Install Path is also automatically retrieved on a successful Poll.

When you Add New Authorized Web Server you now have to provide it with not only the Host Name, but also the Server Role (Primary Server, High Availability Server or App Server) but also the type of High Availability Node (Active or Passive) when you have selected the Server Role as High Availability Server,

Note the functionality above replaces the PassiveNode functionality previously located in the Web.config file.

What is the App Server Mentioned Above?

Passwordstate V9 introduces a new Server Role, that of the App Server.  But what does it do you ask….well that’s for next week’s blog 😊

Remember, all feedback is welcome via support@clickstuidios.com.au

First Sneak Peek at Passwordstate Version 9

At times it starts to feel overwhelming with the impact that COVID-19 is having on our extended global family and friends.  So, we’ve been trying to distract ourselves by focusing on “other things”.

And here at Click Studios “other things” tends to quickly turn into “How can we make Passwordstate even better?”. 

The Click Studios Development and Technical Support Teams have been hard at work on Passwordstate Version 9 for the better part of the last 4 months.  Whilst V9 is yet to be released in-full to internal UAT (User Acceptance Testing), a number of key modules have commenced advanced system testing.  The results of which have been very impressive.

True Multithreading for Discovery Jobs

V9 will now support multithreading for Account and Windows Dependency Discovery Jobs.  The settings for multithreading will be accessible from Administration->System Settings->Account Discoveries Tab as shown below:

This offers the potential for significant performance improvements.  In our System Testing environment, a job querying 1000 hosts using one (1) thread took around 60 minutes to complete.  By selecting thirty (30) threads from the drop down list the same job was completed in just under 11 minutes, or almost 5.5 x faster than just using one (1) thread.

Password Lists and Properties

Passwordstate V9 will also introduce a randomiser function for when the Password Reset Schedule will execute.  This is in addition to the existing configurable incrementor to the Password Reset Schedule.  This now allows you to pick a time range for when the Password Resets will occur and is in addition to being able to stagger the reset schedule by adding the selected number of days, or months, to the Expiry Date of each account per Password List.  For Security Administrators this can be set under Administration Tab->Password Lists->Edit Password List Properties, Default Password Reset Schedule section as shown below:

Alternatively, if you only have admin privileges to a Password List you can still set the randomiser and incrementor to the Password Reset Schedule for a Password List from Passwords Tab->Password List->Edit Properties->Password List Properties, Default Password Reset Schedule section as shown below:

You can also configure the incrementor to the Password Reset Schedule on individual Passwords by selecting an account to bring up the Edit Password dialog and clicking the reset options tab.  Under Password Reset Schedule you can select the number of days, or months to add to the new Expiry Date as shown below:

We hope you’re as excited about these new improvements as we are and As always, we welcome your feedback via support@clickstudios.com.au.

New Chrome Browser Extension for Passwordstate

One of the most popular features in Passwordstate are our Browser Extensions.  These plugins for your browser securely retrieve credentials from the Passwordstate vault, and autofill websites credential fields allowing you to login automatically.

They can securely save website credentials entered by you directly into your Passwordstate vault.  This is an automated process and encourages your end-users to have strong, individual passwords for all websites they visit.  This is crucial in minimising potential attack vectors and is considered one of the best practices you can employ in protecting your personal and corporate data and systems.

Here at Click Studios we’ve been busy redeveloping our Browser Extensions over the last 3 months to include more features, improved website compatibility and offer a new UI (User Interface).  The first to be released will be for Chrome and Firefox, followed by the new Edge extension once Microsoft release the production version of Chromium Edge (predicted late 2019).

Below is information about the new functionality we’ve included in the browser extensions. As always, we welcome your feedback via support@clickstudios.com.au.

New UI (User Interface):

The first thing you’ll notice is the new UI for the browser extension.  Apart from a redesigned browser icon there is a new Search option, a Preferences Menu, and a new link to report any websites directly to Click Studios that don’t either save credentials or autofill them correctly.  When the Report Site Issue is selected, we’ll be notified, attempt to fix the issue and contact you directly when we release a patched version of the extension into the relevant store.

New Search Feature:

Searching on this screen will query your Passwordstate vault and display only the records you have permissions for.  It displays more information about each record than the previous browser extensions, including the website logo, the Password List where it is stored and a description of the password record.

Clicking on a search result will open a new tab and take you directly to that site, auto-filling the credentials for you.  Clicking the link icon associated with a search result will open the password record in Passwordstate allowing you to make any changes required.

New Preferences Screen:

On the new Preferences screen, you can choose to:

  • Select a Default Password List to store your new credentials in
  • Select a Default Password Generator to use on your websites
  • Temporarily disable auto-filling
  • Toggled on or off the Icon Overlay option.  More about the icon overlay later in the blog

New Save Screen:

When saving new credentials for a website, you are presented with a new screen.  Information on this screen can be modified prior to saving.  Alternatively, you can simply “Close” this screen if you don’t want to add the site into Passwordstate, or you can select the “Ignore” option and the browser extension will never ask you to save credentials for this website again.

More ways to Autofill Websites:

Auto-filling of websites with the new browser extensions can be performed multiple ways:

  1. If you have a single credential saved for the website it will automatically fill it for you when you visit the site.
  2. If you have 2 or more credentials saved for a website, the browser extension will alert you by displaying a numerical badge on the extension itself. Clicking on the extension will open the main page, displaying an extra menu advising you have multiple matching logins.  Clicking onto his you will allow you to select which credential you want to auto fill on the website.
  3. Alternatively, you can use the new “Icon Overlay” which is a new icon you’ll find in the username and password fields on the website.  Likewise, clicking on this icon will give you a choice of which credentials to autofill the website with.

New Overlay Icon:

The icon overlay on the login fields is a new feature that allows you to search for and choose saved credentials to log into the web page with.  Clicking on this new icon will allow you to either scroll up and down to find your credential:

Alternatively you can use the Search feature to quickly find your credential:

Better website Compatibility:

The last new feature we’ve included in these extensions is the automatic updating of the username and password Field IDs.  When you save a record, the browser extension will automatically populate these fields for you:

These IDs tell the browser extension where exactly on the web page to autofill the username and password.  Websites are constantly updated, and these fields occasionally change, which previously stopped the autofill process from occurring. 

With the new browser extensions, if these field IDs change on website the extension will automatically update them in Passwordstate.  If you have multiple logins for the same webpage, it will update all of them.

This feature will significantly improve the auto-filling compatibility of the browser extensions.

Enjoy the new browser extensions and as always if you have any questions please email via support@clickstudios.com.au