Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Mike last won the day on August 30 2019

Mike had the most liked content!

About Mike

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I just updated to version 9 and like the improved mobility options. Offline cache, a smartphone app, and browser connection are updated features that are highly welcome. Nice work! More of my staff is working remotely and having this ability is welcome! I have a dual server setup, where the primary Passwordstate website is on our internal domain, and the App server is sitting in the DMZ. I noticed that there's a new mobility setting to assign a URL that the Browser Extension. Up until now, it's been a requirement that my users have needed to join the VPN to access their passwo
  2. Just wondering if this is possible for 1 off usages. My function of "View Individual Permissions" is currently disabled, but I'm not sure if this was because I changed an administrative setting, or how the system is built. If we wanted to "share" a password, I was thinking that our best practice would be to copy a password into a shared list with view permissions only, thus the "owner" could control and update. Would this work?
  3. What should my expectations be for passwordstate website browsing? Are there any tweaks or settings I can change on my infrastructure to speed up the website loading of password queries? I'm in a small environment with the recommended server build (2016) in a VM environment. I've found that when I use the "password" search query, I find that the searches are very fast - almost instant. When I use the "Password or Host" field, the whole query takes about 3.5 seconds. First it reloads the password frame of the page, with no passwords showing. Then after a moment and it
  4. Just an update - I've been testing more sites and can see this occur with regular frequency. In the URL field for a site, we've pull the full login urls into the URL field. This enables someone to click the globe icon to login immediately. Most of these sites have some sort of domain.com/login.aspx or domain.com/login path. Passwordstate seems to prompt "Would you like to save" if the next page redirects to a subdomain (success.domain.com), or adds a path to the URL (domain.com/ I've found that I can add "domain.com" to the ignore list, and that seems to not prom
  5. The site in question is powerdms.com and we currently have a subscription. I'd be happy to reproduce. I modified my url setting to be the root of the domain, and a single ignore entry prevents the message from reappearing, but it also will no longer autofill now. EDIT: Weird - I was trying to reproduce, and now through a series of adding the site, relogging in, logging out, and deleting the site - I can't get the prompt to pop up again. I'll let you know if this comes back.
  6. Hi, We have a few vendor websites that work and auto-fill correctly with the browser extension. However, after logging in, the extension will re-prompt to save it as a new website right after. This wouldn't be a big deal if we could use the workaround to ignore it, but I found that: *If I did ignore it, it wouldn't login at the startup page anymore. *After logging in manually, it would continue to prompt to save the website. I found out eventually that I had some 50 odd entries in my "browser extension ignore" setting, because I kept clicking ignore and they
  7. Oh, I didn't mean encrypt all notes fields, but I was just thinking of our use cases. We're still working out best if we should allow visible passwords, or use the "hidden" ones for shared web logins. The issue is that we also want/need to store answers to "recovery questions" that often come with these accounts. As suggested, we could add generic fields to the template, but I'm trying to keep things simple for my users and only show as minimal information as necessary. Not all passwords would need three additional question fields, as an example. Thanks!
  8. Is there a way to make the "Notes" field of a password secured? We're in the position where some web-logins need to be shared. We can use the standard URL logins just fine, but are wondering where to record/save the "Security questions" that often come with web forms. Even if we did a "hide password" password list, we realize that someone would still be able to see the notes/security question in order to reset the password - should they want to. Any ideas on how to work with/around this?
  9. Update: I see that the "passcode" field is actually intended for DUO's number PIN and not an AD "Password" or other associated field. It somewhat makes sense to me now. I got the AD+DUO method to work after putting in a DNS entry so our DMZ server pointed to the internal server via the "internal" URL designated address.
  10. I'm using "DUO Authentication" as my authentication method for the mobile site. I've tried multiple browsers and the passwords are plain visible for me. I did some more testing, and it seems like the page is dependent on the option selected. I just saw that "AD + DUO" is also an option. After changing to this method, the Password field is obscured, but my AD password isn't working together. Error message: "Incorrect Login Details. Please try again". The audit log shows an error: "Failed 'AD Authentication' login attempt as an exception has occurred. Error = The re
  11. Looking for a secure method of "remote" access that's convenient to users without exposing the PS server to the Internet. Method 1 is to use VPN for laptops. The Second method is to use DUO for the mobile site. The PIN method isn't secure enough for our needs. In testing, I think this will work, but two requests. When enabling this configuration, I noticed the following. Can we obscure the password as its being typed into the password field? Or maybe have a "show/hide" button (default hide). There's a passcode login button present, even though it won't work (we req
  12. Not all passwords stored are for web or online services. As an IT Administrator, the "keys to the kingdom" need to be stored in a secure location. Any type of contingency or failover plan can often require the original, root, or administrative accounts. I've tried to design around this, but sometimes it's needed. My thoughts definitely make use of an audit log. I personally like a "check out" feature, or "hold offline" password marker so that I can designate which ones I need (or not). Another solution I used encrypted the cache, but also requi
  13. So far I've only tested the browser extension using an internal domain address. With more of our applications moving to Cloud Providers, my desire is to have the extension work while remote/laptops users are able to use the internet, but not necessarily on VPN. An offline method is not necessary, because you can't use cloud providers without internet. I can see that I can put in an alternate/external URL for the browser extension. Will the mobile site URL work? Or would this be for redirecting traffic directly back into the passwordstate server? For security reasons, I've put
  14. Got it. Thanks for the hints. The local error gave met the same errors as in the event logs. It pointed me to a connection error. As a result, there were a few things that I needed to go down as we're using SQL Express with our install. I tested using SQL Management Studio from other machines to try and connect remotely. 1. By default, SQLExpress doesn't allow remote connections. The remote connection needed to be enabled and a static port set, like 1433. (See any internet guide) 2. Since it's a named instance (SQLEXPRESS) and not the default, SQL Browser also need
  15. Per Best Practices, I'm putting up the mobile site in a DMZ and followed the installation instructions for installing the Mobile Client. I copied the 4 keys over and added the hostname to my install. Unfortunately, I'm getting a "Server Error in '/' Application" for IIS. The details aren't helpful as it just shows that I haven't turned on custom errors. Where should I start for troubleshooting? I've somewhat inherited this project from someone who left, and he setup the primary server. There's not too much in terms of specifics in the documentation though. I
  • Create New...