Digital Dynamics

Hello,
 
I would like to have the possibility of giving access to code TOTP to users but not to give access to the configuration of code TOTP to everyone.
Configuration and access to the TOTP code configuration should be reserved for specific users or groups.
 
Thanks

Hi there!
 
Is there any roadmap for upcomming Passwordstate releases/features for 2024?
 
I've read a few times there is upcomming a Passwordstate V10 Major Version. Are there any plans for that?
 
Greetings!

Hi Everyone, 
 
Build 9849 of Passwordstate has been released, along with a new version of our Browser extensions for Chrome, Edge and Firefox that now supports Passkeys.  The browser extension versions are also 9849 and should have automatically updated in your browser.  Currently this is a beta build of the Passkeys functionality, and we'd appreciate if you notice any bug to please log a support call with Click Studios via this page: https://www.clickstudios.com.au/support.aspx
 
You'll need to upgrade your core Passwordstate application tot he latest build by following this guide: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf
 
Once upgraded, you'll find a new section in the Help -> Browser Extensions Manual called "Web Authentication Passkeys" that will help understand how to use this new feature.
 
Supported website can be found at this link:  https://passkeys.directory/
 
Thanks to all for your feature request, and if you run into any issues with it, or have any questions, please let us know!
 
Regards,
Support

Feature request: 
Master list, not necessarily per-user based, whereby aliases / "Similar" URL's can have access to the same password.  
 
For example, Office 365 can use those credentials across MANY different URLs, including: 
office.com
office365.com
live.com
outlook.com
sharepointonline.com
microsoft.com
 - These all point to various Microsoft pages / portals, and are frequently be based on the same Microsoft ID (same password entry).
 - In some cases, you might use one URL to get into a site, and depending how you log out, you might end up at a different URL for re-entry in.
 
Request is to be able to map these aliases across the entire password system as a default.
There is always a concern that this list be compromised - if the overall system considered a fraudulent site as an acceptable alias, there would be deep concerns of compromised credentials.
 

Hello,
 
The follow feature on password records should help with this - this is a feature we use internally quite a bit as well.

 
Regards
Click Studios

Unfortunately, that's what I thought - hence, feature request!
 
In a MSP environment, or when handling multiple clients, this feature would be crucial for usefulness.
Eg: We've got approx 60 Office 365 accounts in our Passwordstate intsance.  Having to create and maintain the appropriate aliases for each of these accounts would be a challenge.  Same with some multi-domain vendor sites, partner sites, toolsets, etc.... 

The Connectwise platform uses ScreenConnect / Connectwise Control for remote management of computers and servers, primarily used by MSP's.
Standard remote control solution - you control a remote system, send your credentials on that remote system to log in, and you're interacting with it like you in front of the console.
 
There is an API available to help with the management of this - currently, there is only one password manager which is sold and promoted via the Connectwise Market as being an integration partner for the solution.  Would be very excited for Passwordstate to be an option within this environment, as Connectwise Control is a critical tool within the Connectwise RMM platform, and is widely used by Connectwise partners.  

Please add TOTP secret key change history to Passwords. Please add audit logging for when the TOTP secret key is revealed/viewed/copied (just like passwords are)  
This is important because in a system with 700+ users, if someone accidentally edits the TOTP secret key or removes it, there is no way to recover it and you might be permanently locked out of an account, if that account does not have any other 2FA methods configured.  Some enterprise systems like Microsoft Entra do not issue TOTP one-time account recovery codes.
 
When users share passwords that have TOTP enabled on them, the TOTP secret key could be copied to a different authenticator app.  Since the TOTP secret key is sensitive it should be treated like a password from an auditing and who knows it perspective.

Just a heads up everyone, we are currently working on this feature, and will report back here once complete.
 
Thanks,
Click Studios Support.

Passkey adoption, Passkey Manager and integration into the App would be fantastic! 

Hi Guys,
 
We've finished this feature, and it will be available in the next build - about 1 to 2 weeks time.

Regards
Click Studios

We think the current method of alerting when a specific password is used/accessed has some limitations: 
The description field is easily edited and engineers may not realise that changing the description will break alerting. It seems you need to select each password list – which is difficult to remember when adding new password lists. As an MSP where we add new password lists for customers all the time, this is again prone to human error and being missed.  
A better approach would be to:
 
Enable the report for all password lists, even newly added ones.
Filter the alert based on either specifically selected password list entries, or based on the username of the entry, allowing for the fact that across different customers, the UPN suffix would be different.