support

Hello, We do have a feature for this already. If you have specified generic fields on your Password Lists to store additional data, you can map these fields in the browser extension. Please see following document which describes the field mappings - https://www.clickstudios.com.au/downloads/version9/Browser_Extension_Manual.pdf Regards Click Studios

Hello Eileen, When creating Password Lists and Folders, they cannot be nested beneath other Password Lists. Only Password Lists can be nested beneath Folders - this is by design. With Private Lists, you cannot change permissions on them, as they are purely private to the person who created them. If you want other users to also access the List, they should be created as Shared Lists, and then you can change permissions. Regards Click Studios

Hi Phil, If you are not aware, the OTP values are available within the browser extension, and they can also be configured to auto-fill as well? A lot better solution than copying and pasting from the core UI. Could you let us know specifically what is terrible about our browser extension, so we can look at improving it? Thanks Click Studios

Hi Everyone, This unfortunately is a bug in 9811. In this build, we upgraded the .dll library we use to zip up the backups, and for some reason this new library won't zip the file because it found a new file that is in use within the Passwordstate install folder. Only some of our customers are seeing this. We'll have this patched in the next build of Passwordstate we release, but for now please contact support and we can give you the custom instructions that KC_BREC mentioned above: https://www.clickstudios.com.au/support.aspx Regards, Support

Issue: A frequent question we get is Passwordstate will not accept the QR code that Microsoft supply for their online portal access. The error being reported is the QR code being uploaded is an "invalid QR code". There is a trick to this that is documented below, which will allow you to save an alternative QR code from Microsoft, and this can be uploaded into Passwordstate, which you can then use to authenticate to Microsoft portals. Step 1: After applying 2FA to your account in the MS Portal, log into your MS Portal and you will be asked to set up 2FA for your login. Instead of hitting Next, click the link to use a different authenticator app: Step 2: Click Next Step 3: On this next page save this QR Code disk: Step 4: Now in Passwordstate, upload the QR code and it will start giving you the relevant 6 digit code to authenticate with: Step 5: Don't forget to delete the QR code off your disk! Regards, Support.

Hello mfc, We've just responded to your request, asking for the desired Registration Name for your license keys - below is an example of what we request from all customers, and we need you to fill out these details. "I would like to continue using the Free 5 User version of Passwordstate, and are requsting a license key made out to the following Registration Name: Registration Name: <Enter Your Desired Registration Name Here> " Regards Click Studios

Today we released a new version of Passwordstate (Build 9811) which includes your feature improvement suggestion. Thanks again for your suggestion – we really appreciate it. Regards Click Studios

Today we released a new version of Passwordstate (Build 9811) which includes your feature improvement suggestion below. Thanks again for your suggestion – we really appreciate it. To upgrade, please follow the upgrade process which can be found in this document: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf The full Change Log for this build can be viewed here: https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards, Support

Hello Everyone, Today we have released build 9811, which includes security updates. As always, we recommend customers upgrade to the latest build. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Hi Tore, Unfortunately we do not have a time frame for the release of version 10 yet. We'll let all customers know, once we do. Regards Click Studios

Hello Valentijn, This feature will be coming in version 10. Regards Click Studios

Some additional information from one of our customers about this, may help some users (Thanks Patrick R) Hey, I would like to update you on this, I still had issues using multi subnet AG listener. I found the following so the cluster only publishes the active (single) IP for the Listener (see below), downside is that there is some downtime when the db switches because of the DNS TTL (Default 20 minutes), but that can be lowered as well. #Fill the variables below: $ClusterName = "ClusterName" # Get-Cluster $ClusterResourceName = "ClusterResourceName" # Get-clusterResource | ? { $_.resourcetype -eq 'SQL Server Availability Group' } $AGListener = "AGListener" # Get-clusterResource | ? { $_.resourcetype -eq 'Network Name' } Get-ClusterResource $ClusterResourceName -Cluster $ClusterName | set-clusterparameter RegisterAllProvidersIP 0 -Cluster $ClusterName Get-ClusterResource $ClusterResourceName -Cluster $ClusterName | set-clusterparameter HostRecordTTL 10 -Cluster $ClusterName # You'll get a warning, all changes will take effect until ClusterResourceName is taken offline and then online again. Stop-clusterresource $ClusterResourceName -Cluster $ClusterName # Take Offline Start-clusterresource $ClusterResourceName -Cluster $ClusterName # Right Back Online Start-clusterresource $AGListener -Cluster $ClusterName # This step is important. The Listener is offline, must bring the Listener Back online This sets the HostRecordTTL to 10 seconds, so downtime is max 10 seconds, this might put extra strain on the DNS so depending on the environment this setting could be set higher. Hope this helps if anyone else attempts this with multisubnet availability group listeners

Before you upgrade Passwordstate, it's always best practice to have a backup of your system before you start, so you can roll back in the event of a disaster. What Needs to be Backed Up? At very minimum, a copy of your entire database and a copy of your c:\inetpub\passwordstate\web.config file. The web.config file has two critical secrets in it which join to 2 more secrets in your database when you launch your Passwordstate website. If these secrets do not join, then your Passwordstate website will not load. Where are these secrets in the web.config file? You should see Secret1 and Secret2 in the web.config file as per this screenshot below. If you do not see them, this means your web.config file is encrypted and this forum post explains how to decrypt the web.config file if needed: https://forums.clickstudios.com.au/topic/2699-encrypting-and-decrypting-the-webconfig-file/ How do I backup my data? There are a few options you can consider to backup your data: 1. You can manually take a backup of your install files and SQL database by following this guide: https://forums.clickstudios.com.au/topic/13911-manual-backup-using-sql-management-studio-tools/ 2. If you are hosting the Passwordstate website and SQL database on the same Virtual Machine, you can take snapshots of your server. 3. Passwordstate has built in Backup feature that you can configure. Once set up this will take a backup of everything you need to restore your environment. We have two separate guides for to configure the backups which can be found below: Domain Account With Network Share: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups_Domain_Account.pdf Video of this: https://www.youtube.com/watch?v=U7f850rqD7s Local Account with Local Folder: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups_Local_Account.pdf Video of this: https://www.youtube.com/watch?v=hWDbSenX-8E How do I restore my system in the event of a failed upgrade? If you are using snapshot technology, simply revert your snapshot. Assuming your database is on the same server then in the event of a failed upgrade you can quickly revert the snapshot and your system will be working as it was prior to the upgrade attempt. If your database is located on a different server to where Passwordstate is installed, you'll need to restore the database if you revert your snapshot. If you do not restore the database in this scenario, this will cause issues with your website going forward. If you have want to restore from a manual backup or the built in Passwordstate backups, please see section "Passwordstate Disaster Recovery" starting on page 206 of the Security Administrators guide: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Security_Administrators_Manual.pdf Regards, Click Studios Support.

If you are trying to add a new Password list but find that the option is greyed out, there are a few settings that may cause this. Option #1: Permissions have been removed for the user from this page below: Option #2 Permissions have been removed from this area which means they cannot create Password Lists in the root of Passwords Home: Option #3: The user does not have a high enough level of permissions to the Folder where they are creating the Password List. By default only someone with Administrator permissions can create Password Lists, but this can be adjusted with these System Settings Options below Regards, Support

Hello Everyone, Today we have released build 9795, which includes security updates. As always, we recommend customers upgrade to the latest build. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Hello, We have not heard back from you via emails, or this forum, so we assume you have resolved this now? Please let us know. Regards Click Studios

Hello, Have you been receiving our emails - we've provided a fix for you? The upgrade has failed, as someone in your team has removed NTFS permissions from the Passwordstate folder. Regards Click Studios

A customer had noticed some unusual timeout issues after he introduced an Azure App Proxy in front of this Passwordstate website. The actual support call read as follows: "We have migrated PasswordState to Azure to a Windows 2022 VM and put it behind an Azure application proxy. It seems to be working fine, but there are some weird timeout issues. If you leave the site for a while and come back, then copying passwords of searching stops working and you first must reload the page before it starts working again. Do you know about this issue, and do you know a solution or point me in the right direction?" Click Studios hadn't seen this before so was unable to help, but our customer found the fix himself, which was to extend the access lifetime token on the proxy. This is the guide he followed to fix this issue: https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes Regards, Support.

In 2023 Click Studios updated our Browser Extensions to use a Master password. Below is some information about why we introduced this new security feature, and some hints on how you can adjust the settings to suit your environment: Reason for the Change We've been maintaining legacy code in the browser extension since 11th September 2019. This legacy code base can no longer be supported from both development and functionality perspectives Access and Refresh tokens are now used to more securely facilitate communication between the browser extensions and Passwordstate (the API in Passwordstate) Security Administrators can now also revoke Access Tokens for users if required The per user Master Password, forms the basis of encryption for the tokens **EDIT** Updated March 2024 - As of build 9823, the requirement for the Master Password can be disabled if required. Please read FAQ below which explains how it works, and then make an assessment if you want to disable the Master Password. Frequently Asked Questions Question: Why is a Master Password required? Answer: With the encryption of the tokens mentioned above, a static known value is required for perform this end-to-end encryption. The user authenticates with their Master Password, and this is validated against what's stored in the database Question: What options are available for Browser Extension timeout settings, and locking/unlocking of the extensions? Answer: In the following Security Administrator's manual https://www.clickstudios.com.au/downloads/version9/Passwordstate_Security_Administrators_Manual.pdf, please refer to Section "2.8 Browser Extension Settings" - Page 27 to Page 30. Question: Can we disable the use of the Master Password? Answer: No, you cannot, because of the encryption requirement mentioned above. You can however assess whether you want to use the "Auto Unlock" feature, which will significantly reduce the number of times users will need to enter their Master Password. Again, refer to Security Administrators manual above **EDIT** As of build 9823, due to feedback from our community, we have introduced an option to disable the Master Password. Please consider the risk in disabling the Master password before making the decision to turn it off, and this this Restricted Feature can be found on the screen Administration -> Feature Access -> Restricted Features tab. Please submit an unlock code to Click Studios Support as a once off process to remove the Master Password requirement. Question: Can we set a common Master Password for all users? Answer: No, you cannot. This goes against best practice of sharing passwords, and each user must set their own on the screen Preferences -> Browser Extension tab Question: What if our users forgets their Master Password? Answer: They can log back into Passwordstate and reset it under their own personal preferences. Question: I'm running build 9786 of Passwordstate and the maximum timeout session settings for the browser extension is 3 days. Can we set this to a larger value? Answer: Build 9795 includes more options to set for this value, 7, 14 and 30 days. Question: I'm required to enter my Master Password for the browser extension every time I open a new browser. Can I prevent this? Answer: You can set the Auto-Unlock feature under Administration -> Browser Extension Settings page. The user will not be required to enter their Master Password again unless their session expires. Question: What is the Sliding Token for this Master Password and how does it affect how I authenticate to the extension? I have the Auto Unlock feature enabled with the Session Timeout set to 30 days and want to make this as simple as possible for me end users to use the extension. Answer: 1. The user enters their Master Password into the extension and this creates a session token on for 30 days. 2. This session token is known as a “sliding token” which means every time the browser extension connects back to your Passwordstate website for any reason, the token time gets reset back to 30 days. This means the Auto Unlock feature is valid for another 30 days and the Master password will not be required for that time frame. Question: What conditions does the Browser Extension connect back to your Passwordstate website? Answer: 1. If the user opens their browser. It will immediately connect back and sync any data. Sliding Token is refreshed and reset back to default session timeout. 2. Whilst the browser is open, it will automatically sync on a 60 minute schedule to check if there is any new data. Sliding Token is refreshed and reset back to default session timeout. 3. If your user visits a third party website such as Facebook for example, and they either save, autofill or update credentials for that page, it sends data back to your Passwordstate website, refreshing the Sliding Token to the default timeout. 4. You can manually trigger an immediate data sync within the Browser Extension which refreshed the Sliding Token. Question: Have you got any guides I can forward onto my end users on how to use this new extension? Answer: We have produced a blog article which outlines the changes in functionality, how to create the Master Password and unlock the Browser Extension https://blog.clickstudios.com.au/important-changes-to-browser-extensions. Question: When is the cut off date to upgrade Passwordstate Answer: Effective week commencing Monday 31st October, Click Studios will be releasing updated versions of our Browser Extensions for Chrome, Edge, Firefox and Brave web browsers. Click Studios has no control over the timing of deployment to customers systems once the updated Browser Extensions have been released to the relevant application stores. Question: Can any of the two factor logins into Passwordstate work in place of the Master Password? Answer: No, logging into Passwordstate with a 2FA such as SAML or DUO does not replace the need for the Master password. A Master password must be set as the unique value of that password forms the encryption on the user device. Question: Do users still need to set an initial master password if we use the Auto Unlock feature? Answer: Yes, the Master Password must still be set and used to log in the first time. Question: Can I test this out ahead of time, so I can see how this works and document any changes I need for my environment? Answer: Your license agreement with Click Studios states that you can use your production license keys on a dev\test instance, so we encourage you to set on up, possibly with production data so you can test upgrades and new feature in Passwordstate. Please see this blog post for more information o how to do this: https://blog.clickstudios.com.au/can-you-setup-a-test-instance-with-production-data/ Regards, Support

Issue: You have set up backups in Passwordstate and can confirm that the Scheduled backups are running ok, but when you try to trigger a manual backup through the Passwordstate user Interface, it appears to get stuck and never fished. Cause: If you are using a Nginx reverse proxy, the following settings in the Nginx config can help prevent this: proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; Regards, Support.

No problems, and thanks for the feedback.

Issue: After upgrading to Passwordstate 9786, you may have reports of users saying that the browser extension is auto filling the username into their third party website, but not the password. Cause: Click Studios release new builds of the extensions on the 3rd of August 2023 to fix a performance issue. Chrome and Firefox were immediately approved and available in their store, but Microsoft can unfortunately take up to 7 days to approve publish an extension release. Fix: We anticipate that this new Edge extension will be approved on the 10th or 11th August. This should automatically update in your browser, and should automatically fix the issue. The version that the extension should be running is version 9786. If the extension is 9785, it still hasn't been updated. Work Around: You can load up the Chrome extension in the Edge browser if you like: https://chrome.google.com/webstore/detail/passwordstate/appojfilknpkghkebigcdkmopdfcjhim If that doesn’t help, please log a support call with Click Studios. Regards, Click Studios

This script in Powershell will retrieve all shared password record, then loop through them and get any changes made to each record. It will then export the data to a csv file for easy sorting/reading. You only need to modify the first three lines in the script. Line 2 is your Passwordstate URL Line 3 is your System Wide API key which can be found/generated under Administration -> System Settings -> API tab Line 4 is the full path to a csv file on your system. The script will create the csv file for you, you don't need to create it before hand. You just need to set a valid path. # Start Script $PasswordstateUrl = "https://passwordstate.clickdemo.com" $APIKey = "6ab8dc9437f532eeb36d2f54c38a7948" $CSVFile = "C:\Data\Local Temp\History.csv" #Don't modify anything beneath this line $RecordUrl = "$PasswordstateURL/api/passwords/?QueryAll&PreventAuditing=true" $Records = Invoke-Restmethod -Method GET -Uri $RecordUrl -Header @{ "APIKey" = $APIKey } foreach ($Record in $Records) { $ID = $Record.PasswordID $HistoryUrl = "$PasswordstateURL/api/passwordhistory/$ID" $results = Invoke-Restmethod -Method GET -Uri $HistoryUrl -Header @{ "APIKey" = $APIKey } $results | export-csv -Path $CSVFile -append } # End Script

Hello Everyone, Today we have released build 9786. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Issue: If you are need to replace the certificate on your AppServer URL, you will need to re-query the SSL public Key. This shows how to do this: Now you'll need to log out of your App on your mobile device if you aren't already, and repair the App by scanning in the QR code under your own personal preferences. This process is required as the new SSL Public Key for your new certificate is embedded within that QR code, so this loads up the new certificate on your phone. Regards, Support