Important Changes to Browser Extensions

Click Studios is making changes to Passwordstate and our Browser Extensions.  We’ve been maintaining a legacy code base in Passwordstate and the Browser Extensions since Build 8782, released way back in September 2019.  This code base can no longer be supported.  In removing it we remove unnecessary complexity from the ongoing development of Passwordstate and our Browser Extensions, and open up the ability for richer functionality in both.

The first of these changes relates to the authentication method used in our Browser Extensions for Chrome, Edge, Firefox and Brave web browsers.  This will come into effect when first upgrading Passwordstate from Build 9753 (or lower) to Build 9785 (or higher)Once Passwordstate has been upgraded all users Browser Extensions will be in a state of being unauthenticated and the extension icon will be Red.

To authenticate you’ll need to create a new Browser Extension Master Password and follow the process as outlined in this blog.

Create A Master Password!

From Passwordstate Build 9785, Browser Extensions will first require a Master Password to be entered in order to effectively authenticate against your Passwordstate instance and be unlocked to retrieve credentials.  Each end user needs to do this themselves as this Master Password authenticates their use.

To create the Browser Extension Master Password, navigate to Preferences->Browser Extension->Browser Extension Master Password and create the Master Password by entering it in the field indicated.  Note, your Security Administrator will have specified a Password Strength Policy that this Password must adhere to.  Feedback is provided underneath the input field providing guidance on what is required as the user types in this field,

Once you’ve finished click on the Save & Close button.Now you’ll need to click on the Red Browser Extension icon.  This will open a dialog asking you to confirm the URL for the source of your credentials,

this will be either your Passwordstate instance URL (the base URL you’ve just logged into) or the URL of the APP Server that processes these requests.  If you have any doubt, check with your Passwordstate Security Administrator.  Only if the URL matches should you enter the Browser Extension Master Password previously created, then click on the Login button, 

You can then also click on the OK – I understand button if it is still displayed.  While on the Master Password / Login dialog box it’s important that you do not move the focus from this box.  It is deliberately designed so that if you click on anything outside of the dialog box the process will be terminated.  If this happens, logout of Passwordstate and start the process from the beginning (you won’t need to recreate the Browser Extension Master Password).

What Will I See?

You are now authenticated and unlocked as indicated by the Browser Extension, having turned Black. You can now add and retrieve credentials as normal,

Browser Extensions can be in various states.  Each of these is color coded as per the image below,

Red: The Browser Extension is not active. It has either been logged out of your Passwordstate Instance, or is waiting for the initial configuration against your Passwordstate instance’s base URL. To activate the Browser Extension simply browse to your Passwordstate website login URL, login as normal, confirm the URL presented is the same as your Passwordstate instance’s base URL, enter the Master Password and click Login.  Please note your Security Administrator controls the Browser Extension Session Timeout setting.

Blue: Indicates the Browser Extension is active, authenticated, unlocked and the URL on the active tab of your browser is set to be ignored.  Ignored URLs do not automatically form-fill existing, or prompt to save new, credentials for that website.

Black: Your Browser Extension is active, authenticated, unlocked and able to automatically form-fill saved credentials for a website or add new credentials.

Yellow: Your browser extension is in a “locked” state, and you will need to unlock it using your Master Password.  This typically occurs when you have closed your web browser but have not exceeded the Browser Extension Session Timeout setting.  While in a “locked” state you are unable to retrieve or add credentials to Passwordstate.

How To Unlock The Browser Extension?

As outlined in the section above, when the Browser Extension is showing as Yellow it is locked and will not allow you to retrieve or add credentials to Passwordstate.  To unlock the Browser Extension simply click on the icon, enter your Master Password and click on the Unlock button,

Again, do not move the focus from this dialog box.  If you click on anything outside of the dialog box the process will be terminated and you will have to start the process again.  If you click on Logout your Browser Extension icon will turn Red and you’ll be required to login to Passwordstate to reauthenticate and then re-enter the Master Password.

If you’d like to share your feedback please send it through to