Final Sneak Peek of Passwordstate 9

This is the final Sneak Peek at Passwordstate Version 9.  Our Managing Director and Chief Executive Officer has kindly requested all Click Studios employees to stop finding new functionality to incorporate into the release (but we can’t help it 😊).   The last of the code is currently being run through Systems Testing and will soon progress to our internal UAT (User Acceptance Testing) Team.

So, on to this week’s blog and your final tease of the new features that form part of Passwordstate V9.

Automatically update passwords in Passwordstate when updated on a Website

Up until Version 9 of Passwordstate, when you needed to change a password for an existing password record linked to a Website login, you were required to change it on the Website, then login to Passwordstate and update the password for that record manually.

With Passwordstate 9 and using our Browser Extensions you can automatically update the password for that password record when you change it on the Website.  Once you’ve changed the password on the Website the Browser Extension will automatically identify the record to be changed and prompt you with the following screen,

As indicated above, you have the option of selecting Later and manually updating as per version 8, or selecting Update to write the new password back to the password record in Passwordstate.  The Password List is automatically selected as per the existing password record details.  We’ve also enabled a visual indication of Ignored URLs by turning the Browser Extension icon blue when you browse to a website that has been previously recorded as ignored.

New Mobile App autofill of credentials for Smartphone Browsers

Our new Passwordstate Smartphone app is being released to coincide with Version 9.  This is a true native app for Android and iOS devices and is offered alongside our existing Mobile Client.  In addition to the offline mode allowing access to an encrypted cache of credentials the Passwordstate app is capable of autofilling your Website credentials – just like our Browser Extensions!

Folder Permission Model

The old Folder Permission Model has been enhanced and now incorporates additional permission settings as per the image below;

The Standard Permissions Model is the old Passwordstate permissions model.  This in effect roles-up the permissions applied to Password Lists at the Folder Level.  In the image above the Permissions applied to all the Password Lists within Business Systems are applied to the Business Systems Folder.  This is a bottom-up approach to applying Permissions,

With the Advanced Permissions Model the Permissions are specified at a Parent Folder and are propagated down to all child folders and Password Lists.  This is similar to the approach for applying NTFS Permissions on a Windows Folder Structure.  The example below is for the Contoso Folder,

You’ll also note that the Folder’s with the Advanced Permission Model have the blue downward arrow shown next to the folder icon indicating they have the Advance Permission Model applied to them.  If you see a red X next to a Password List, such as the Web Sites Password List (Passwords example above), it means that inheritance from above is being blocked.

Improved built-in Backup Feature

We’ve listened to feedback on how to improve our built-in Backup solution and have incorporated a number of new features under Administration->Backups and Upgrades.  The image below outlines the new features,

The section Backups Settings has been renamed to Backup Schedule and Settings and now incorporates the following;

  • You can specify different backup paths for Web Files and Database backups,
  • There is now an option to backup your Split Secrets in a separate zip file.  This is backed up to the same path as your Web Files backups.
  • An option to password protect your backup files can now be enabled.  Once enabled you’ll need to specify the password and record it somewhere safe for when you need to recover Passwordstate from a backup.

There is also a section called Backup File Naming Convention where you can specify the naming convention for each of the types of backups (Web Files, Database and Split Secrets).  When backups are performed the naming conventions you have provided are appended with the Date and Time that the backup was performed.  The format used for appending the Date and Time is the same as for Version 8, using the format of YYYYMMDDHHMMSS where YYYY is Year, MM is Month, DD is Day, HH is Hour, MM is Minute and SS is Seconds.

Tweaked UI

Lastly, with Passwordstate V9 we’ve tweaked the UI (User Interface) in a number of areas.  The image below is a composite image showing a number of changes,

The first of these is represented by the numbered green dots 1, 2 & 3.  In previous versions of Passwordstate, hovering over the Menu item caused that menu to pop out to the right.  In V9 you can toggle the Menu item by clicking on the ^ to collapse the menu or V to expand it.  When expanding the Menu item, it now appears below the Menu Heading.  In the left-hand side of the image you can see Passwords (1) is expanded while Tools (2) and Preferences (3) are collapsed.  In the right-hand side of the image Passwords (1) has been collapsed while Tools (2) and Preferences (3) are expanded.

The second of the tweaks relates to the new icons for folders and password lists as shown in the right-hand side of the image in the golden rectangle.  These are brand new icons, have been optimized for performance when loading screens and are consistent with the icons used in the new Mobile App for iOS and Android.

We hope you like this final sneak peek and can’t wait to get your hands on V9 (just like us 😊).

All suggestions and feedback are welcome via support@clickstudios.com.au.

Creating New Private Password Lists for New Users

Passwordstate allows teams of people to access and share sensitive password credentials through the concept of Shared Password Lists. This enables your organization to implement granular control over who has access to your privileged account credentials through Role Based Access Control.  This in turn enables built-in auditing and compliance capabilities to track who has accessed credentials and when.

Equally important is the concept of Private Password Lists, where individuals can securely record and manage credentials that are used for private use.  The ability to create and use Private Password Lists is free and provided as part of the named User Licensing Model that Passwordstate uses.  But what does this mean?  It means that if a user has access to login to Passwordstate, they are enabled and have a Named User License automatically applied to their account, license count permitting.

Organizations that don’t allow the use of Private Password Lists for their users typically struggle with enforcing the use of Shared Password Lists.  This is understandable as you are in effect stating that credential management is only important for business use and not personal use.  On the other hand, organizations that adopt and promote the use of Private Password Lists typically build a healthy cybersecurity awareness in their workforce with employees embracing credential management for both personal and organizational use.

So how do you minimize the impact on Security Administrators having to setup Private Password Lists for all your employees.

Automatically create Private Password Lists for New Users

To reduce the workload on your Passwordstate Security Administrators, and make life easier for your users, you can automatically create Private Password Lists for all new user accounts as they are added to Passwordstate.  This is done by enabling the option to automatically create a Private Password List for new users.  To do this navigate to Administration->System Settings->password list options and click the Yes radio button underneath When a new User Account is added to Passwordstate, automatically create a Private Password List for the user option.  You can also specify the name of the Private Password List using the variables FirstName and Surname shown below,

In doing this all new users that are added will have a Private Password List created in the root of the Passwords Tab.  If you decide to not use the variables in the name then all Private Password Lists will look to have the same name, however they will all have a unique PasswordListID that is used to identify them at a system level.  And of course, each Private Password List will only have Administrator permissions assigned to the appropriate user.

Customize Private Password List Fields with User Account Policies

It is possible to create all Private Password Lists with additional fields that the user may want to use.  For example, these could be fields for a support email, PIN for 2FA, a phone number, or an address.  By default, automatically created Private Password Lists include the URL field, however they aren’t based on any of the templates located under Administration->Password List Templates.

In order to add specific additional fields, you’ll need to create a User Account Policy for all users, that references a custom Password List Template.  First, you’ll need to create a template that contains the fields that you want to provision for new users.  To do this navigate to Administration->Password List Templates and click on Add New Template,

Give the template a Name, Description, choose an image and define the required Password Strength Policy, Password Generator Policy and any Additional Authentication you require.  Then select the customize fields tab and specify the additional fields you want to provision.  In the example below I’ve created the following text fields email, PIN, Phone Number and Address,

Now create a User Account Policy that will use the new Password List Template.  In my example I’ve named it “Private Password Lists”.  Navigate to Administration->User Account Policies and click on Add to create a new User Account Policy,

Supply a Policy Name, Description and on the password list options tab, for Setting ID E4, select the name of the Password Lists Template you wish to reference,

Then click Save.  Now click on the Actions icon and select Apply Policy to Users, selecting All Users and Security Groups,

Now every time a New User is added to Passwordstate they will have an automatically created Private Password List with all the Fields that you’ve selected.  Each individual user will be the Administrator of their Private Password List and will be able to edit it as desired.

Don’t forget, we welcome your feedback via support@clickstudios.com.au.