Our Browser Extensions for Passwordstate enable the secure storing of website credentials in your Passwordstate instance. The credentials can then be used to automatically form-fill credential input fields, such as the Username and Password fields, when you next visit a website that you have credentials for.
With the release of Passwordstate Build 9583 we’ve updated and improved our Browser Extensions for all Chromium based browsers, including Google Chrome, Microsoft Edge, the Brave Browser and Mozilla’s Firefox.
Confirming Your Passwordstate URL – Is It New?
Well no, but it is a really important concept! You are asked to confirm your Passwordstate website URL is correct as mitigation against a phishing style attack, where you could be asked to click on a link to login to an imitation of your Passwordstate environment. If this should ever happen the results could be catastrophic and range from harvesting your credentials to outright compromise of your systems. Take the time to confirm the URL matches the URL for your Passwordstate instance and only then click on Confirm,
Map Website Fields
The new Browser Extension have greatly improved input field detection. However, with some difficult sites they may still be unable to determine which are the Username and Password fields. This can be the case with websites that have multiple input fields, or even duplicates of input fields, on the same page.
In these cases, you can map the Website Fields to the Passwordstate Fields. To do this, simply navigate to the website and click on your Browser Extension icon, click on Show Matching Logins, then click on the arrow to the right of the credentials you are selecting. At the bottom of the retrieved credentials you’ll see the Map Website Fields button.
When you click on the Map Website Fields button the Passwordstate Website Field Mapper dialog will appear,
From here it’s a straight forward process of,
- Selecting the type of Passwordstate Field to map,
- Click on the Pick Field button,
- Move the mouse cursor to the input field, in this case the Password input field on the website and click in it to select it.
You’d then need to repeat this process for all required input fields, and once complete, click on Save. This will write the unique website field IDs into your Password Record in Passwordstate and correctly populate those fields each time you navigate to that website. This then leads us to the next new feature…
Form-Filling More Than 2 Input Fields
You now have the ability to automatically form-fill more than just 2 input fields. This can be especially useful in situations where sites require a Username, Password and OTP code. Note, your Security Administrators can turn off the setting allowing the automatic form-filling of OTP Codes.
Additionally, you can configure up to a total of 13 input fields by using the Username, Password, OTP (enabled at the Password List Level) and the Generic Fields one through ten.
The image below is a composite image, showing the two input screens for a WordPress website that has 2FA (Two Factor Authentication) enabled. The first screen is automatically form-filled for the Username and Password fields. On clicking the Log In button the screen prompting for the Authentication Code is displayed and this is also automatically form-filled. The user then simply clicks the Log In button a second time to complete the login process,
The corresponding Browser Extension record for this example looks like this,
In order to utilise form-filling of more than 2 input fields you’ll need to map the website’s input fields to fields in your Password Record as outlined in the Map Website Fields section above.
Specifying Your URL Matching Option
Another improvement, for improving the accuracy of form-filling input fields on difficult websites, is by specifying the type of URL matching to use. URL Matching options are specific to each Password Record and are typically required when input fields are located on different webpages with different URLs. For example, one URL that prompts for Username and a different URL for Password.
There are 3 URL Matching options that can be selected from, Starts With, Host Name and Base Domain with the default being Starts With,
Clear Existing Website Field IDs
Lastly, if you find you are having problems with multiple Password Records automatically form-filling correctly because of incorrect or previously set Field IDs, you can clear the website Field IDs for all Password Records in a Password List. This will not affect the credentials for those websites, only the associated Field IDs that have been recorded and stored on the website fields tab for each Password Record.
To clear all the website Field IDs, for all Password Records in a Password List, simply login to Passwordstate, navigate to the Password List you want to perform the action against and click on List Administrator Actions…, then click on Clear Web Site Field ID Values,
Note, your Security Administrator has the ability to clear all Username and Password Field IDs for all Shared Password Lists within Passwordstate. However, they can’t clear the Password Field IDs for any Private Password Lists.
These improvements to the Browser Extensions should make significant improvements in automatically form-filling your credentials for websites.
If you’d like to share your feedback please send it through to support@clickstudios.com.au.