With the release of Passwordstate V9 we’re seeing a lot of interest from potential customers about the existing and new features that are included in our product. However, we all sometimes get side-tracked by the “bright shiny objects” and miss or skip over the foundational items that are important.
Whether you’re still considering purchasing Passwordstate, or if you’ve already purchased it, there are some Golden Rules that you should be aware of.
Input your License Details
Click Studios sends out your License Keys via email to your Nominated Contacts. Every time you renew your Annual Support and Upgrade Protection, or purchase additional Licenses or Subscriptions, the updated License Key details you are emailed need to be updated in your Passwordstate License Information.
The email, with a subject line of Passwordstate License Keys, contains details that are color coded, making it easier for you to know what needs to be updated. If the email contains any red bolded text, then these are the only details that need to be updated. Simply navigate to the Administration->License Information screen, select each License Type that corresponds to the block in the email containing the red bolded text, and Cut & Paste the red text into the corresponding field, example being;
The example above (with redacted details) shows updating the Expires and Registration Key details from an email into the License Type of Annual Support. If the Passwordstate License Keysemail contains no red bolded text then all details in the License Type block will need to be input. Please also note that when you Cut & Paste the details into the fields make sure there are no leading or training spaces.
Private Password Lists are Private
Passwordstate is Secure by Design! This means we use a consistent Security design including techniques to protect access to your credentials.
A Private Password List can only be accessed by the Password List Administrator, which is the person who created the Private Password List. Security Administrators can see what Private Password Lists have been created, who created them but they cannot view any Password Records in the Private Password Lists or manage any permissions or settings for them.
Passwords can only be stored in Password Lists
People like to talk about Password Vaults so let’s use a like analogy. Passwordstate uses the concept of Password Lists. Think of each Password List like a separate Bank Security Deposit Box. You have access to the Bank (Passwordstate login), know the Room (Folder) to go to and are on the permitted entry list, have the key (granted permissions) to open that Security Deposit Box (Password List) and view/use the contents (Password Records). Your visit to the Bank, Room, access to the Security Deposit Box, and viewing of the contents is audited (Passwordstate Event Auditing).
Now using this analogy, you can only store your contents (Password Records) in a Security Deposit Box (Password List). If you were trying to Store the contents directly in a Room (Folder) you’d have your contents strewn across the floor where anyone with access to that Room could see and use/steal your contents (Password Records).
You cannot nest a folder or password list beneath an existing Password List
And building on the Bank Security Deposit Box analogy, you can’t nest a Folder or Password List beneath an existing Password List. This would be like trying to store 2 Bank Security Deposit Boxes in the same space (if you wanted to nest Password Lists) or even worse, try to fit another Room inside the Bank Security Deposit Box (if you wanted to nest a Folder under a Password List). Trust me it’s not practical and most of us in IT won’t fit in there.
Password Lists can only exist under Passwords Home (small regional Bank with Bank Security Deposit Boxes in the one room) or under Folders as outlined above.
Logically build your Navigation Tree
Now you’ve got the idea about Folders and Password Lists let’s try something else. Organisations usually have functions separated out. It makes it easier to focus on specific tasks and ensures a segregation of duties (it’s not wise for the same person to handle the finances, raise purchase orders pay the accounts and do the financial reporting). This then leads to people involved in related tasks being grouped together in teams or departments.
Try to logically build your navigation tree to align with your company structure (departments and teams). It typically makes management of your Password Lists easier and you can use Security Groups that align with the structure to manage access to Shared Password Lists and Records.
Admin Rights under the Navigation Tree
As stated previously in this week’s blog, Passwordstate is Secure by Design! As a Security Administrator in Passwordstate you don’t have exclusive power over all configurations and functions within your Passwordstate Installation. Likewise, the number of Security Administrators should be restricted to as low as possible, but more than just one (for when one of them isn’t there).
As an example, you need to be explicitly granted permission to Password Lists and Folders under the Passwords Tab. Without being granted permissions you won’t be able to see all details in the navigation tree.
Backups…Don’t Skip Them!
If you don’t have a backup of both your Web.config file and your Passwordstate database then we won’t be able to assist in recovering your password credentials! Having current and tested backups of your Passwordstate Instance is critical.
Don’t be one of the statistics that has to report to Management that your Passwordstate Instance is effectively dead, you have no current backups and subsequently no access to your systems or accounts. We deal with support calls all too regularly where someone forgot setting up their organizations Passwordstate Backups. If you follow the documentation located on our website, and setup the backups correctly, then you’ve one less thing to keep you awake at night!
Use Security Groups to your Advantage
You know how you can setup Active Directory Security Groups, and assign permissions to resources based on the Security Group membership? Well guess what, you can do the same in Passwordstate.
You can synchronize AD Security Groups with Passwordstate and use them to provide access to Hosts, Folders, Password Lists, Password Records and even Administrative functionality in Passwordstate itself. If you don’t have an Active Directory Integrated version of Passwordstate you can still create Local Security Groups and achieve the same results. Make your life easier and use Security Groups to your advantage, instead of trying to manage permissions based on individual user names.
Assess your risk and use 2FA where needed
It makes business sense to assess the level of risk in providing access, to privileged accounts or highly confidential password credentials, to your employees. In situations such as these you could decide that Single-Sign-On or a simple username and password don’t offer the level of protection you need.
In these cases, look to use 2FA as an additional level of protection. This can be offered on Security Group Membership, implemented as part of a User Account Policy or even configured at the Password List Level. Take the time to consider the risk of unintended use and implement the access security accordingly.
Ask for a Quote
So, you’ve taken the step and trialed and subsequently purchased Passwordstate. Now you’re ready to expand the number of users in Passwordstate, or perhaps you’re looking to rollout additional functionality with our subscription based modules. In either case simply contact us via sales@clickstudios.com.au and not only will we provide you with the quote, we’ll also ensure the new licenses and/or subscriptions are correctly co-termed with your existing Support Expiry Date. Let us help you get the order right the first time.
As always, we welcome your feedback via support@clickstudios.com.au.