Mobile App Settings

We recently published a blog on Reporting on Mobile Client Usage.  Since then, a number of the Technical Support team members have asked what we’ve published on how to configure the Mobile App.  Looks like there isn’t much outside of the official documentation so we’ve produced this week’s blog.

Control Who Has Access

The native Mobile Apps for iOS and Android Smartphones incorporate Biometrics Support for application access.  They provide an offline mode allowing access to an encrypted cache of credentials the user would normally have access to, all with full auditing of access that is synced back to your Passwordstate instance. 

While the apps are free and available from the Apple App and Google Play Stores you may want to control who has access to that functionality.  This is really no different in principle to the Browser Extensions feature, where you set the permission for the user, or preferably the Security Group, that you want to enable access for.

To set the permission for those users that can access the Mobile App navigate to Administration->Feature Access->mobile and click on the Set Permissions button,

From here, you’ll select the User or Security Group that you want to apply permission for.  In the example below we’re setting the permission for one of our users, Abagail, to be able to access the Mobile Native App feature.  Once you’ve selected all your Security Groups and Users click on the >> button and click Save,

Specify Settings for the App

You can now set the global mobile access options for those users that have been granted access.  To do this navigate to Administration->System Settings->mobile access options.  The first section relates to the Mobile App Settings,

Here you can make settings for;

Brute Force Dictionary Attacks:  Just like protecting your Passwordstate instance, you can specify the maximum number of failed login attempts before the active session for that mobile client is locked out.  In the image above we’ve kept the default at 3.

Enable Mobile Access Permission on Password Lists: You can choose to enable Mobile Access by default when adding permissions to Passwords Lists.

Passwords Masked or Visible:  You can specify if the passwords are masked or visible in the Mobile App.

Password Strength Policy for the Master Password:  Set the Password Strength Policy you want to use when users set their Master Password for the Mobile App authentication.

Cache Life:  Set the number of days the offline cache can live for before the user must re-authenticate.  Re-authentication occurs when entering their email account and Master Password and also when they resync their cache on the device.

The second set of settings relates to the Mobile App URL and Security,

URL for the Passwordstate App Server:  Set the URL for your Passwordstate App Server.

Reset the Pairing Secret for the App Server.

SSL Public Key:  Query and save the Public Key for the SSL Certificate.  This mitigates against Man-in-the-Middle attacks.

Once done save the settings by clicking the Save button.  Please note, if you change the App Server URL or your SSL Certificate you will need to clear then re-query and save the SSL Public Key.

Users Preferences and their Master Password

Lastly each user sets their Master Password for the authentication from the Mobile App to the Passwordstate App Server.  To do this they must navigate to Preferences->mobile access options as per the image below;

Here they will set the Master Password which generates a QR Code.  This QR code needs to be scanned in on the Mobile App that has been installed on that user’s smartphone.  The user can also set their preference for the home page search to be based on a Password List Search or Password Search.

If you’d like to provide feedback, please send it to