Jump to content

Configure Passwordstate to use One Time Passwords to secure authentication

Recommended Posts

Passwordstate has many different types of two factor authentication options, and a popular choice is One Time Passwords.  One Time Passwords in an industry standard that can be used with many apps such as Google or Microsoft Authenticator.  Passwordstate's own Mobile App even has a built on One Time Password feature.  This forum post explains how to set up One Time Passwords and authenticate with them into Passwordstate.


Step 1:

Ensure you take note of your emergency password before attempting to make any change to your system like this, in case you accidently lock yourself out of the system.  You can always log in as emergency and reverse out any changes if needed.  This blog post explains the emergency access feature: https://blog.clickstudios.com.au/emergency-access-password-what-is-it-and-how-do-i-find-it/


Step 2:

You can now apply One-Time Passwords in one of three ways:


  1. Apply it to all users in the system, by setting the option under Administration -> System Settings -> Authentication Options (screenshot #1 below)
  2. Apply it to a subset of users, by using a User Account Policy (UAP).  This forum post explains how to set up a UAP, and you'll need to select Manual Login and One-Time Passwords as the authentication option:  https://forums.clickstudios.com.au/topic/2994-user-account-policies-explained/
  3. You can apply it to your user account only, under your own personal preferences (screenshot #2 below)


Screenshot #1



Screenshot #2



How to use One-Time Passwords?

The first time you log in to Passwordstate after applying One-Time Passwords, you will need to generate a QR code on the login screen. (screenshot #3 below).  You need to scan this QR code into your Mobile App, which will then present you with a temporary code you can then continually use to log into Passwordstate with. 


Once you log in, this is saved to your own personal profile in Passwordstate.  This will work with any App that supports One Time Codes, such as Google, Microsoft etc.


Screenshot #3 - Generate, Scan and Enter OTP




What do you do if you lose your phone and no longer have access tot he One Time Code?

As a Passwordstate Security Administrator, open the appropriate user account and clear the One Time Code as per screenshot #4 below.  This will present the option on the initial login screen again for the user, so they can scan in a new QR code:


Screenshot #4



If needed, you can always refresh your own QR code under your personal preferences, screenshot #5 and #6 below:


Screenshot #5




Screenshot #6




Known Issues:

Click Studio support occasionally get request advising the the One Time Code is not working for a user.  This is always due to a time difference, between the time on the phone, and the time of the Passwordstate webserver.  As One Time Passwords are a time based algorithm, the phone will need to be in sync as close as possible with the time on the webserver.  


You may also have a time drift of several seconds.  Resetting this back to 0 should fix the issue:





If you have any questions about any of this, please log a support call with Click Studios via our support page:  https://www.clickstudios.com.au/support-agreement.aspx







Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...