marpheus Posted March 6, 2023 Share Posted March 6, 2023 I have seen the following blog post: https://forums.clickstudios.com.au/topic/2398-how-do-i-take-ownership-of-a-private-list/ Does this ability to change a private password list to a shared one imply that click studius has the ability to look into the on-premise installation to see which administrator accounts are stored here? Otherwise, I don't quite understand how you can be sure that both the requester and the E-Mail Address set in CC both belong to an admin account. Could anyone answer this question for me? Many thanks in advance! Link to comment Share on other sites More sharing options...
support Posted March 7, 2023 Share Posted March 7, 2023 Hello marpheus, We can confirm that Click Studios has no access to your Passwordstate environment in any way. We also no longer support that method of converting Private Password Lists to shared ones. Instead, please see feedback below: As of the release of Passwordstate V9 Build 9455 Click Studios no longer supports the Restricted Feature enabling Security Administrators to convert Private Password Lists to Shared Password Lists. This applies in the following cases; In V9 Build 9455 the Generate Request code functionality for converting Private Password Lists has deprecated For all Versions and Builds prior to 9455 we will no longer supply the corresponding unlock code for this conversion We have made this change for security and compliance reasons, and, the change has been requested by many Enterprise customers globally. There are still two valid approaches to convert Private Password Lists to Shared Password Lists, those being: You request your user perform this action themselves as per the menu in the screenshot below, or, You liaise with your Human Resources or equivalent department to have the user account password reset. Then log in as them and perform the conversion mentioned above. How to Convert a Private Password List: Regards Click Studios marpheus 1 Link to comment Share on other sites More sharing options...
marpheus Posted March 8, 2023 Author Share Posted March 8, 2023 Okay, but what if you have the 4 secrets into which the encryption key was divided? As described here: https://blog.clickstudios.com.au/encryption-keys-explained/ Then it should also be possible to manually compile the key and use it to encrypt the passwords, or am I wrong? Link to comment Share on other sites More sharing options...
support Posted March 8, 2023 Share Posted March 8, 2023 Hello Marpheus, Your recent question does not seem to relate to your original question, but to answer it, no - you cannot do this. We have other protections in place. We also encourage customers to ensure unauthorized users do not have administrator access to the web server and database server. This recommendation is no different to any other software. Regards Click Studios marpheus 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now