PasswordVault™
User Manual

HTML Edition: 7.1.4.0
Release date: 25 March 2010


Quick Start

License Agreement

Operation
Appendices

Operation

Introduction
PasswordVault securely stores your collection of important service access information such as website usernames and passwords, Internet banking account numbers and PINs, and software registration details for quick and convenient access. PasswordVault is the desktop version of the software, and is installed in the same way as any other application on your desktop or laptop computer. You launch it in the same way as any other desktop program.

PasswordVault2Go is the portable version of the software, and is installed by copying the 'PasswordVault2Go' folder onto your USB drive or other portable media (eg. iPod, Zip disk, etc). USB drives are also called USB memory sticks, JetFlash, USB flash drives, flash memory sticks, etc. You launch it by double-clicking the program icon on your USB drive. See the installation notes for further details.

When you purchase, you get download access to both the desktop and portable versions of the software for all computer platforms.


 Site Licensees:

"The University of Illinois has purchased site licenses of PasswordVault for their campuses at Urbana-Champaign (UIUC), Chicago (UIC) and Springfield (UIS). They chose a customized build of the software which was preregistered, had a backdrop utilizing their University's official colors and logo design, and which included extended desktop licensing (so staff and students could also use PasswordVault on their own home and laptop computers). The license was renewed in 2005 and again in 2006." Link...

"The Regional Educational Media Center #1, located in Michigan state, is an organization whose role is to provide technology and instructional materials support to local school districts. They purchased an unlimited site license in July 2005, and PasswordVault currently assists them in managing around 500 services throughout their organization."


Individual Users:

"I did a lot research in selecting a password program and thought yours was REALLY good.  I especially like the memory stick feature."
-- A. Turley, ME, USA
 "Your programme is one of the best pieces of software I bought last year, so keep up the good work!"
-- L. Poll, Surrey, UK
"I just put PasswordVault upgrade Ver 5 on my computer and thank you. In fact, I almost did not change because Ver 4.3 already was working so great. I deleted V 4.3 ... and the subsequent installation of Ver 5 was foolproof. It picked up all the passwords without flaw, even though I had backed up the pv files for insurance. Most importantly, after several years use, I continue to think Lava Software has an outstanding product in PasswordVault.  I would not go without it, especially with computer security ringing so critically important nowadays."
-- J. Davidson, WA, USA
"You folks are great and thank you for a great product. I love the ease of use and ability the product gives me in creating very strong password protection."
-- K. Ruth, UT, USA
"I have been a user of PasswordVault for years and I love the product. I use it daily and would be lost without it."
-- M. Holloway, UT, USA
"Thank you very much for first class customer service and product. Be sure that I will recommend your product!"
-- J. Sorensen, Denmark.
"Thanks for your great program.  I'm telling all my friends with thumb drives."
-- T. Lopez, VA, USA
 "Thanks for an excellent product."
-- K. Focht, NV, USA
"This is a great little tool."
-- B. Wesson, CA, USA
"This is what I have been waiting for!! I hate Gator!"
-- C. A. Saunders, NH, USA
"I love the Mac and I love your utility."
-- D. Barsocchini, CA, USA
"It is a very good program and one that is essential in these days of requiring harder, more robust passwords for adequate computer security."
-- J. Davidson, WA, USA
"Your product PasswordVault Lite 4.2 has been awarded by us with 5 stars and the SoftPedia Pick Award !"
-- Softpedia


Security considerations
PasswordVault was designed from the ground up with security in mind. All your information is protected by highly secure 896-bit double-Blowfish encryption, and the only time this information is in a form which can be easily accessed is when you are running PasswordVault. Even if a hacker manages to access the data file which stores your information, it cannot be read without knowing the master password or by using the master password recovery system.

PasswordVault includes an automatic news system to inform users of software updates and special offers, etc., and it can be enabled and disabled in the preferences. We do offer a periodic email newletter, but user email addresses do not generally offer a reliable, long term method of reaching users with software update information. The HTTP GET request made by PasswordVault during the news download process is only performed when it is launched and, of course, does not include any user service information stored inside PasswordVault. This HTTP GET request also validates the runtime key.

Setting up multiple users on the same computer
There are two primary ways for multiple users of PasswordVault to securely access their own password information on the same computer.

The best way is to create a user account for each user on the computer. This is done via the operating system's control panels (eg. the User Accounts control panel on Windows XP, and the Accounts control panel on MacOS X). This method allows each user to have a unique setup when they access the computer, such as their own desktop layout, desktop background picture, browser bookmarks, email, etc. Subsequently, when they run PasswordVault when logged into their own user account, all the information in PasswordVault will be unique to them. This is the recommended method, as it allows each user to also run PasswordVault2Go off their USB drive and automatically synchronize their data with that on the desktop computer.

If you have a single user account on your computer which all users access, then when one user changes any setting on the computer (such as the desktop background picture), it affects all other users. This is not the best way to set up your computer, but many families and small businesses use this method.

In this case, the primary user of the computer (for example, the person who uses it all the time and/or who owns the computer) should run PasswordVault in the normal way on the desktop, and run PasswordVault2Go in the normal way off their USB drive. All other users should run PasswordVault2Go off their USB drive (or other portable media). This allows these other users to access their own password information when their USB drive is plugged into the computer, as well as access it when they are on the road. Of course, in this case, they will need to export their password information regularly to back it up, since their data will not automatically synchronize to the desktop installation (automatic synchronization only works when the desktop and portable master passwords are the same).


Choosing a master password
When you launch PasswordVault for the first time, an empty Master Password Preferences dialog will be displayed. This dialog is shown below in Figure 1, containing a sample master password and some sample master password recovery clues.


Figure 1. The Master Password Preferences dialog

The first step is to choose and enter a master password. Your choice of a good master password is important in ensuring the security of your data. With PasswordVault, the master password is the only password you need to remember, so it is a good idea to make it reasonably long and include some numbers. For example, 'yukonmoose597' is a good master password since it combines two unusual words and includes numbers as well.

The Unmask Password button next to the master password unmasks the password for 15 seconds. Thus, the master password is usually hidden, protecting it from the view of anyone looking over your shoulder.

The Help button is a custom build option, and thus not visible in the mainstream version of PasswordVault. Pressing this button displays a specified web page which contains organization-specific information about PasswordVault, such as advice about selecting a good master password.

Setting up Master Password Recovery
The 'Master Password Recovery' system is a powerful and unique feature of PasswordVault, which allows you to recover elegantly if you ever forget your master password. Forgetting a master password is relatively easy to do. This can occur, for example, if you go for a holiday and don't use your master password for a few weeks. Maybe you chose a particularly complex master password and one day you accidently transpose two numbers in the password. Without the master password recovery system built into PasswordVault, you would have lost you data forever!!!

The master password recovery system works by allowing you to enter a series of personal questions (ie. clues), to which only you know the answers. Any number of clues can be used, so you can make the recovery system at least as secure as the master password itself - the more clues used, the better the security. You should use clues which have very exact, explicit answers, which will never change. For example, 'What was my puppy's name when I was 6?' is a good clue, because it is something you will probably never forget and which very few people would know. An example of a poor clue is, 'Who is my best friend?'. The answer may change over time, thus affecting successful recovery (ie. you may enter what you think is the correct answer, but it may not be what you originally entered).

Setting up master password recovery is easy and is highly recommended for all users - if you forget your master password and do not have the master password recovery system set up, you have permanently lost the data stored inside PasswordVault! On the other hand, if you have set up master password recovery, you just need to answer some simple questions to get back to the main screen. From there, you can re-familiarize yourself with your master password or change it to something else.

To add a new clue, enter the question in the Question textbox and the answer in the Answer textbox. Then press the Add Clue button to add it to the list.

To update a clue, select it in the list and it will be placed in the top textboxes. Make any changes you wish and then press the Update Clue button to update the clue in the list. Then press the Save button to save the list of clues.

To remove a clue, select it in the list and press the Remove Clue button.

After you have added all the clues you want to add, press the Save button to save the list of clues. To display the Master Password Preferences dialog again, press the Master Key button on the main window (see Figure 2 below).


Controls on the main window
The expanded form of the main window (shown below in Figure 2) gives you access to all controls. It is like a window from any other typical application, so will move into the background if another application's window is brought forward.

Help information about a particular control (buttons, popup menus, etc.) will be displayed when you move the mouse cursor over it, so it's a good idea to see what various controls do by reading their help information. This is a quick way to become familar with the basic functions of PasswordVault. For example, at the bottom are the add, edit and remove service buttons, which allow you to manage your service information.

Note: On the Linux version, the menu item to display the user manual is not available. To read the user manual, please open the 'User_Manual' folder and double-click the 'contents.html' file.

          

Figure 2. The expanded form of the main window (Win32, MacOS X)

Use the Expand And Contract button (the green arrow at the top right of the window) to minimize and maximize the main window in place (ie. without moving it).

The compact form of the Main Window (shown below in Figure 3, containing a sample 'Hotmail' service) is a great way to make your information easily accessible for any application whilst using the absolute minimum amount of screen area. It floats above all windows of all applications on the screen (on all platform versions, except on Linux).

          

Figure 3. The compact form of the Main Window (Win32, MacOS X)

Adding a new service
A service is simply a username, password, web address and other information linked to a service name. For example, you might add a service to PasswordVault called 'Hotmail', with a username of 'mpotter', a password of 'grootburger' and a web address of 'www.hotmail.com'.

You can create a new service by pressing the Add Service button on the main window - the Add Service dialog (shown below in Figure 4) will be displayed. Enter the service name, select the service category and subcategory from the groupbox menu (or type new category/subcategory names into the comboboxes), enter the username, password and web address (if applicable). You can also add additional notes, if required. You can change the type of service using the 'Username' and 'Password' title popup menus. For example, if you are entering Internet banking information, you might select 'Account No' and 'PIN' from these title popup menus.

Advanced Shortcut: Hold down the 'Ctrl' key when pressing the Plus button to open the Add Service dialog with the password already unmasked for 15 seconds. You can then type in the password on the Add Service dialog and see it as you type it. This shortcut is for advanced users who wish to add a number of services quickly.


Figure 4. The Add Service dialog

You can also drag and drop the URL text from a web browser (eg. 'http://google.com') directly onto the URL Dropbox on the global floating window (the target on Figure 3 above). Alternatively, you can copy URL text into the clipboard and right click the URL Dropbox to paste it in. Doing this will open the Add Service dialog (shown below in Figure 5), fill the Web Address textbox with the URL text, and set the category to 'Bookmark'. PasswordVault will also load the page associated with the web bookmark, and try to extract it's title, to use as the service name.

If you leave the username and password textboxes empty, they will be filled with 'NoUsername' and 'NoPassword' respectively.


Figure 5. The Add Service dialog, showing a 'Web Bookmark' being added

PasswordVault provides an excellent way to manage your web browser bookmarks across all your computers, with full synchronization across LANs (Pro Edition only) and over the Internet. Of course, PasswordVault also works on all computer platforms (Windows, MacOS X and Linux), and is compatible to all web browsers, making it the most flexible, accessible and secure store for your web browser bookmarks available.

Textclips are another special type of service in PasswordVault. Textclips are snippets of text which can be used to quickly and easily construct standardized emails and text documents. Textclips can be categorized and synchronized across a group of users, in the same way as all other PasswordVault services - this makes Textclips incredibly useful for users involved in customer support, as they can significantly improve productivity compared to typing similar sentences or paragraphs repeatedly. A library of Textclips can be created and shared by users, making it much easier to ensure the organization's professional writing style is maintained.

You can also drag and drop existing text from an email or text document directly onto the URL Dropbox on the global floating window (the target on Figure 3 above). Alternatively, you can copy the text into the clipboard and right click the URL Dropbox to paste it in. Doing this will open the Add Service dialog (shown below in Figure 6) in Textclip mode.


Figure 6. The Add Service dialog, showing a 'Textclip' being added

If you wish to create separate category groups for different locations (eg. work and home), you can do this by placing a prefix on the basic category name. For example, 'Home-Banking' and 'Work-Banking', 'Home-Network' and 'Work-Network', etc. This makes it clear which location the category refers to. You might also use a prefix if you need the same basic category name for different company environments eg. 'UDV-Vendor sites', 'Megatronic-Vendor sites', etc. A company may use two (or more) levels of subcategory, such as 'UDV-Network', 'UDV-Vendor sites', 'UDV-Email Accounts', etc. to segregate category groups.

In addition to category groups, you may wish to use the above techique to logically group service names. Example service names for a company may be: 'UDV-Email-jbloggs', 'UDV-NetAdmin-Login Server 1', etc. This has the added advantage that service names are unique across a large set of users, so password auto-distribution will work cohesively.

You can change the name of a category on the Preferences dialog at any time, and all services in that category will also be moved to the new category.

Note: The maximum length of category names is 30 characters, and the maximum length of service names is 60 characters.

The Unmask Password button (next to the Password textbox) unmasks the password for 15 seconds. Thus, the password is usually hidden, protecting it from the view of anyone looking over your shoulder.

To generate a random password, press the Generate Password button (this button is shown as two linked cogs). A high-quality password conforming to the type (alphanumeric, numeric or hexadecimal) and size set on the Preferences dialog will be generated and placed in the Password textbox.

When the information is complete, press the Save button to save the information - the service will now be added to the Service Selection popup menu on the main window, and the Add Service dialog will be cleared (ready for you to enter information for a new service). This automatic clearing after saving makes it easier and faster to enter a list of services.

To return to the main window, press the Cancel button.

Note: All unused categories in the category popup menu are automatically removed when PasswordVault is next launched.


Auto-Filling Web forms
You can set up a 'service' in PasswordVault to auto-fill a web form or do a two-click login (a 'service' is simply a username, password, web address and other information linked to a service name. For example, you might add a service to PasswordVault called 'Hotmail', with a username of 'mpotter', a password of 'grootburger' and a web address of 'www.hotmail.com').

This advanced feature greatly simplifies entry into websites protected by a login screen, or filling out Web forms (eg. order forms) you regularly need to complete. Setting up a service to use this feature is quite simple, and the way data is entered can be fully tailored to the login screen. The Return/Enter key can even be automatically pressed after the timed paste (ie. to submit the pasted information), if you check the Auto-Enter Key Press checkbox on the Preferences dialog (see Preferences below).

To use the auto-fill function with automatic submission, you must select Timed Paste as the Username/Password Transfer method on the Preferences dialog. This is because timed paste works by simulating key presses. For example, pressing the Password button on the global floating window actually copies the password data from PasswordVault into the clipboard, and then simulates a keyboard paste operation (ie. 'Ctrl-v' on Windows, 'Command-v' on MacOS X). By including the special characters, ' # ' (ie. space hash space), in the Username textbox on the Add Service dialog, pressing of the 'Tab' key can be simulated - this key is used by Web browsers to move the cursor to the next textbox or control.

For example, signing into a GMail account means you need to enter the username, press the 'Tab' key, enter the password and press the 'Enter/Return' key. Thus, to set up auto-fill for GMail (assuming your username is 'mpotter' and password is 'phoenix12'), bring up the Add Service dialog and enter the username, 'mpotter # ', and the password 'phoenix12' (we assume you have already checked the Auto-Enter Key Press checkbox in the preferences). That's it!!!


Figure 7. Auto-fill used on a GMail login screen

Now when you want to sign into GMail, press the Go To Web Address button on the global floating window to open the GMail Web page in your browser, and once it's loaded, click the Username button on PasswordVault and then immediately position the cursor into the 'Username' textbox on the Web page (ie. before the timed paste operation starts). PasswordVault will then auto-fill and submit the Web page in one streamlined operation.

Advanced Shortcut: On MacOS X, you can set the paste timer to 0 seconds in the PasswordVault preferences, and then simply position the cursor in the Web form and press the Username or Password button on PasswordVault and wait. The information will still be pasted in correctly.

Important Note: It's a good idea to test out the auto-fill of a new service you are adding by first unchecking the Auto-Enter Key Press checkbox (or use the advanced shortcut below) and then testing the auto-fill information you have created. Some Websites limit the number of login retries before they lock out the user, and you probably want to avoid that.

Advanced Shortcut: If you hold down the 'Ctrl' key when pressing the Username button, Auto-Enter Key Press will be disabled for this particular auto-paste. This allows you to test auto-fill without submitting the Web form.

On services like GMail, eBay, etc., it's a good idea not to check the Remember me on this computer or Keep me signed in checkboxes on the Web page (see Figure 8 below). If you share your computer with another user and they go to these websites, they will be logged into your account automatically, and thus have access to your online account. You should always log out of these accounts when you're finished with them, to ensure the next user has to log in properly.


Figure 8. Auto-fill used on an eBay login screen

If there is more than two textboxes on a Web page to fill in, you can place additional information in the Username textbox in PasswordVault, separated by the special ' # ' combination. In the example below in Figure 9, there are 3 sets of information which need to be entered. In this case (assuming your 'Card/Access Number' is '73856583855', 'Security Number' is '7844' and 'Internet Password' is 'jdugh7d7'), bring up the Add Service dialog and enter the username, '73856583855 # 7844 # ', and the password 'jdugh7d7'.


Figure 9. Auto-fill used with an online banking account

Now when you want to sign into your Internet bank, press the Go To Web Address button on the global floating window to open the bank's Web page in your browser, and once it's loaded, click the Username button on PasswordVault and then immediately position the cursor into the 'Card/Access Number' textbox on the Web page. PasswordVault will then auto-fill and submit the Web page in one streamlined operation ie. it will paste in '73856583855', simulate pressing the 'Tab' key, paste in the 'Security Number', simulate pressing the 'Tab' key, paste in the 'Internet Password', and simulate pressing the 'Enter/Return' key.

Note: On some banking Web pages, textboxes may only accept a specific number of characters, so you should remove any spaces in the text to ensure the form gets filled in properly.

Sometimes other controls, such as popup menus, may be selected when you are trying to auto-fill textboxes on a Web page. The example in Figure 10 shows this type of problem. In this case, placing one special ' # ' combination at the end of the username will 'Tab' the browser to the '@bigpond.com' popup menu, rather than the 'Password' textbox. In this case (assuming your username is 'mpotter' and password is 'phoenix12'), bring up the Add Service dialog and enter the username, 'mpotter # # ', and the password 'phoenix12'. Note that there are two 'Tab' keys simulated between the username and password, and thus when you trigger an auto-fill, the cursor will jump over the popup menu and correctly fill the 'Password' textbox.


Figure 10. Auto-fill used when other controls are present

Important Note: If you don't want a simulated press of the 'Enter/Return' key done after a timed paste auto-fill occurs, though you have the Auto-Enter Key Press checkbox checked in the preferences (eg. there may still be textboxes in which you need to enter information on an order form, or popup menus you need to select from), leave out the ' # ' at the end of the username. In this case, the auto-fill will stop after all the data in the username has been entered into the form ie. the password won't be auto-pasted and the simulated pressing of the 'Enter/Return' key press won't occur. For example, in the banking auto-fill shown in Figure 9, if the username was set to '73856583855 # 7844' (instead of '73856583855 # 7844 # '), auto-fill will stop after filling in the 'Security Number'. In this case, you will need to position the cursor in the last textbox and click the Password button to paste in the last piece of information, and press the 'Enter/Return' key to submit the form.

Of course, you can set a service to auto-fill as many textboxes as you like - even entire order forms you regularly complete, including credit card details, etc. If there are textboxes which should be bypassed because you need to enter specific information into them (eg. product selections), just put in a double 'Tab' ie. ' # # '. This will skip a textbox without pasting anything into it and move to the next one.

With a bit of experimentation, you should be able to auto-fill almost any Web form. The good thing is, once you've got auto-fill set up for a particular service, logging into that service becomes very streamlined.

Note: On MacOS X, if you place the cursor on the Web form first and then click the Username button on PasswordVault, the auto-fill will work even if you have set a 0 second timeout time. This is an excellent way to use timed paste on this platform. For example, logging into GMail is as simple as pressing the Go To Web button to open the GMail web page and then pressing the Username button to auto-fill and submit. That's it!!! Google set up their login web pages for maximum ease of use, always placing the cursor in the 'Username' field as soon as the page loads.

Note: You can't set up PasswordVault to automatically select from popup menus, set or clear checkboxes, etc., on web forms during an auto-paste sequence - only textboxes can be auto-filled. If you wish to auto-fill and auto-submit this type of web form, you first need to set these other controls and then trigger the auto-fill on PasswordVault.

Note: If you set up multiple text items in the Username textbox for auto-fill but then select a Username/Password Transfer method other than 'Timed Paste' on the Preferences dialog, such as 'Copy To Clipboard', only the first text item will be copied to the clipboard.

Editing a service
To edit an existing service, first select it from the service selection popup menu on the main window. Then press the Edit Service button to display the Edit Service dialog (shown below in Figure 11). Make any necessary changes and then press the Update button. You will be returned to the main window immediately.

Advanced Shortcut: Hold down the 'Ctrl' key when pressing the Star button to open the Edit Service dialog with the password already unmasked for 15 seconds. You can then check the password as soon as the Edit Service dialog is displayed. This shortcut is for advanced users who wish to edit a number of services quickly.

The Unmask Password button (next to the Password textbox) unmasks the password for 15 seconds. Thus, the password is usually hidden, protecting it from the view of anyone looking over your shoulder.


Figure 11. The Edit Service dialog

Every time you update service information (ie. using the Edit Service dialog), such as changing the password or adding a web address, a time/date stamp is made on the service data. If you subsequently import this newer service data on another computer, it will replace any existing older service data stored under the same service name. In this way, you can easily synchronize the service data on a number of computers. This is especially useful on a home or office network.

Note: All unused categories are automatically removed when PasswordVault is next launched.

Removing a service
To remove an existing service, first select it from the service selection popup menu on the main window. Then press the Remove Service button to remove it. The Remove Service Confirmation alert shown in Figure 12 below will be displayed. Confirm the removal and the service will be deleted from the service selection popup menu.


Figure 12. The Remove Service Confirmation alert

Note: When you remove a service, it actually blanks out the service information, timestamps the service and hides it. If you subsequently synchronize your passwords with PasswordVault2Go, or create an auto-export which is auto-imported by other users (ie. distribute an update via the auto-distribution system), the removed service will also be removed from these downstream password collections as well. This method ensures that a removed service does not simply get restored again after the next synchronization. If a new service is subsequently added with the name of the removed service, it overwrites the previously removed service and correctly propagates to downstream password collections again.

Advanced Tip: To permanently delete all services previously marked as removed (and thus hidden), hold down the Control (Ctrl) and Shift keys and press the Cross button. You'll hear a beep confirming the permanent deletion.

Accessing service information
Selecting a category from the Service Category popup menu will show a list of services in the category, sorted alphabetically. Select the service from the Service Selection popup menu at the top right of the window, and the username, password and notes for this service will be displayed on the main window. This is basically how services are accessed, though additional filters (subcategories, service types, and searching by service name) can help find services faster.

If a service category has subcategories, clicking the SubCategory popup menu will display them. In Figure 13 below, the 'Bookmark' category has been selected, and the 'Home Selection' subcategory shows a number of lower level subcategories. Selecting a subcategory will store it in 'Recent Subcategories' for easy reselection, as shown at the top of the subcategory list in Figure 13 below. As you can see, two levels of subcategory can be set in each category, giving you deep control over the grouping of services.

If you want all services to be listed in the Service Selection popup menu, select 'All' from the Service Category popup menu. This 'All' setting is very useful when used in conjunction with the Search textbox, since only services beginning with the entered search text will be displayed.


Figure 13. Selecting a subcategory of the 'Bookmark' category

You can type text into the Search textbox (in the top center of the window in Figure 14 below) to only show services whose names start with those letters. Placing the wildcard character, '%', at the start of the search text will return all results which the substring matches eg. entering '%foru' will return all services containing the text 'foru' somewhere in their name, such as 'Kenbushi user forum', 'Yahoo forum', etc.

You can also select only certain types of services, such as 'Web Logins', 'Bookmarks', 'Textclips' or 'Others', using the Service Type popup menu (on the left side of the SubCategory popup menu). Selecting 'Show All' shows all services, irrespective of type.

To sort the displayed services in various ways, use the Sort By popup menu, located on the right side of the Service Selection popop menu. You can sort services alphabetically, by most used, or by recently used.

          

Figure 14. The main window with a service selected and displayed (Win32, MacOS X)

If there is a web address set for this service, you can press the Go To Web Address button (on the top left side) and your web browser will immediately load in the correct web page from the Internet. If no web address is set, this button will not be visible.

Advanced Tip: You can copy the web address into the clipboard (rather than telling your default web browser to go to it) by holding down the Control (Ctrl) key whilst pressing the Go To Web Address button. You can then paste the URL into an alternate web browser or other application. Some websites (such as banking websites) only support particular web browsers, so you may need to use an alternate web browser to access it.

You can either press the Username button (the little man) or Password button (the glass dot) to copy the respective information into the clipboard, ready to paste in where required on the web page, or manually type in the username and password where required for the service (ie. in textboxes on a web page requesting your username and password).

Username/password transfer methods other than Copy To Clipboard are also available, including Drag And Drop (click and hold the mouse button down on the Username or Password button and drag it to the Web form) and Timed Paste (the username and password information is auto-pasted after the selected delay time). Timed Paste mode is also used by the powerful Auto-fill Web form feature in PasswordVault. The Username/Password Transfer method to be used can be set in the preferences (see Figure 15 below).

You can also copy text into the clipboard from the additional notes area, if required.


Organizing services
Once you're added a number of services, you'll probably want to get them organized into categories to make it easier to find them or to group together services for a particular purpose. For example, there may be a group of services (login information, web bookmarks, textclips, etc.) which relate to your work, games, financial services, news, banking, etc. that you wish to keep together. PasswordVault makes it easier to move services between categories and get them organized. This is done using the Organize Services dialog (see the example in Figure 15 below), which can be displayed by pressing the Organize Services button on the main window (centre bottom in Figure 14).

Note: When organizing web bookmarks, an additional two levels of subcategories are available. This level of subcategorization is needed when you're trying to effectively manage the 1000s of bookmarks most active Internet users accumulate over time.

Figure 15. The Organize Services dialog

To display the services in a particular category, click the category (in the Category panel on the far left) and they will be displayed in the rightmost Services panel. If you highlight a service, some information about the service will be shown on the bottom of the window, including it's category and subcategories, web link (if there is one) and the last time the service was used. Clicking on the web link will immediately launch your web browser and load the page associated with the link, so you can view it.

You can also instantly filter the displayed services using the Service Name Search textbox at the top right side of the dialog. Enter a few letters of the start of a service name, and only services starting with those letters will be displayed. Enter a leading percentage symbol ('%'), and any service names containing the entered characters in any part of the name will be found. This search function allows you to find services easily, even from amongst 1000s of web bookmarks.

When displaying web bookmarks, you can select a service and delete it by pressing the Delete Service button on the bottom of the panel (the small '-' sign). Thus, old web bookmarks can be easily removed.

To change a category or subcategory name, highlight it and then click it again to enter edit mode. Make the changes and then click elsewhere on the dialog and the name will be set. When a category name is editable, the cursor will change to an 'I-Beam' text editing cursor when the cursor is positioned above it. Categories which cannot be edited will show a normal selection arrow even when the cursor is positioned above it.

To create a new category or subcategory, press the respective Add Category button underneath any of the category panels (the small '+' sign). A new entry will be added to the respectivepanel, which you can then rename to the new category name you want.

If you add a category or subcategory and subsequently don't move a service to it, the category or subcategory will be automatically deleted when you next relaunch PasswordVault. Thus, there is no need to delete category names.

Preferences
The Preferences dialog (see Figure 16 below) is displayed when you select Preferences... from the menu on the main window.


Figure 16. The Prefences dialog

Skins are used for the backdrop of the main window, allowing you to personalize PasswordVault to your tastes. To choose a skin, simply select it the Skin popup menu - the main window backdrop will update immediately with the new skin.

Several styles are available from the Button Style popup menu, allowing you to choose the one you prefer. The 'Win32' button style is consistent with Windows graphics, whilst 'Aqua' is a style which many MacOS X users may like. The 'Sketch' button style is an interesting casual art style for all platforms. As soon as you select a button style, buttons on the main window are changed, so you can easily see what they look like in use.

Note: Customized versions of PasswordVault (such as those created especially for site licensees) do not support additional skins, but have a fixed 'Custom' skin.

Check the Master Passwords checkbox to have passwords on the main window replaced by asterixes. This prevents others from seeing your passwords if you have the main window expanded.

The Auto-Lock Time is the time (in seconds) from the last activity before the automatic lock is activated, and this can be set by entering a number between 20 and 1800 (ie. 1800 seconds = 30 minutes) in the textbox. Enter '0' to disable the auto-lock function. You can also lock PasswordVault manually by pressing the Lock button on the main window.

To rename a service category, select it from the popup menu and it's name will be entered in the textbox. Change the category name in the textbox and then press the Rename button to rename the category to the new name entered.

The password generator can be customized by selecting the type of password to generate and it's size. Select 'Alphanumeric' if you want passwords to contain uppercase (A-Z) and lowercase (a-z) characters as well as numbers (0-9). Select 'Numeric' if you just want numbers included, and select 'Hexadecimal' to include only hexadecimal characters (0-9, A-F). Passwords from 1-1000 characters can be generated by typing a size into the Size textbox. Thus, you can generate and store large, unique hexadecimal encryption keys in PasswordVault, which can be used in other encryption products, such as file encrypters.

Transfers of username and password information from PasswordVault into your Web browser (or other application) can be made in several ways.

Copy To Clipboard simply copies the username or password into the clipboard when the Username or Password button, respectively, is pressed. You can then paste it into the correct position on the Web page.

Selecting Drag And Drop allows you to drag the username or password directly from the Username or Password button, respectively, to the correct position on the Web page. You may need to place the cursor in the appropriate textbox on the Web page before dragging.

Timed Paste will wait the specified number of seconds after the Username or Password button is pressed, before performing an automatic paste operation. To use this method, press the button and then place the cursor in the appropriate textbox, ready for the automatic paste.

You can set up services in PasswordVault to auto-fill Web forms using the Timed Paste method. This advanced feature greatly simplifies entry into Websites protected by a login screen. Setting up a service to use this feature is quite simple, and the way data is entered can be fully tailored to the login screen. The 'Return/Enter' key can even be automatically pressed after the timed paste (ie. to submit the pasted information), if you check the Auto-Enter Key Press checkbox on the Preferences dialog. See Adding a new service above for further information.

Note: The Linux version of PasswordVault only supports the Copy To Clipboard method.

You can control if PasswordVault automatically gets the latest news on launch with the Get Latest News On Launch checkbox. If you uncheck this checkbox, you can manually check for PasswordVault program updates and special offers by selecting Get Latest News... from the Help menu.

On Windows 2000/XP/Vista and MacOS X, the global floating window can be made up to 60% transparent, thus allowing the windows underneath it to be viewed. The floating window loses transparency when the mouse pointer passes across it, so that it can be used easily when needed. To set the amount of transparency, set the Transparency slider from 0% to 60% (0% transparency means the window will be fully opaque, which is the default setting).

Positioning the main window
It is recommended that the main PasswordVault be contracted and placed on the top right-hand-side of the screen. In this way, you can easily access the service selection popup menu as well as the copy-to-clipboard buttons, whilst requiring very little screen area.

Entering your master password
When you launch PasswordVault (and have set a master password), you will see the dialog in Figure 17 displayed. If master password recovery has been set up, the Recovery button (the Key) will also be visible. If the Recovery button is not visible, it means that master password recovery has not been set up and is not available.

        

Figure 17. The Enter Master Password dialog (Win32, MacOS X)

Enter your master password and press the Enter button to display the main PasswordVault window. If you get the master password wrong, you can try again. If you have forgotten your master password, press the Recovery button to begin master password recovery. The dialog shown in Figure 18 will then be displayed.


Figure 18. The Recover Master Password dialog

Simply enter the answer to each question in the Answer textbox and press the Next >> button. After you have worked through the series of questions and answers, the main window will be displayed. If you can't remember the answer to a particular question, think about it for a while before trying again. If you cannot remember either the master password or the answers to the questions for master password recovery, you cannot access the service information stored inside PasswordVault.

If you can't recover, you should quit PasswordVault and move the 'Prefs.txt' file (in the PasswordVault preferences folder - see the FAQ) to a safe place on your hard disk (such as a backup folder) and then run PasswordVault again. Your master password will now be cleared, in addition to your previous service information. The 'Prefs.txt' file contains your master password, master password recovery information and service data.

If you have previously backed up your service data using the export function in PasswordVault (possibly in PV tab-text file format, a clear text format without a master password), you can import this data file and your service data will be recovered.

Exporting service data
To export your service data, select Export... from the File menu and the Export dialog will be displayed (see Figure 19 below). Use the File Format popup menu to select the format of the file you want to export. You can export data in either encrypted PV data format, or in several clear (unencrypted) tab-text formats (ie. tab characters delimit the various fields in each service record).


Figure 19. The Export dialog (PV data file format)

When exporting in PasswordVault (PV data) format, the exported file is encrypted and is thus safe to store anywhere. You can choose which categories you want to include in the exported file, and you can also change the master password stored with the data. If the master password you include is different to your normal master password, your master password recovery clues will be excluded from the exported file. See Using PasswordVault in large organizations for further information about using this feature.

When exporting in PasswordVault (tab-text) format (see Figure 20 below), the service data is exported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to version 2.x of PasswordVault and is basically provided for legacy compatibility to the older version. It is recommended that you use the PV data file format described above, as it provides protection from hackers via its strong encryption.


Figure 20. The Export dialog (PV tab-text file format)

When exporting in PasswordWallet (tab-text) format (see Figure 21 below), the service data is exported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to 'PasswordWallet', a program available to users of MacOS.


Figure 21. The Export dialog (PW tab-text file format)

When exporting in Printable (text file) format (see Figure 22 below), the service data is exported in a clear text format with the field order displayed in the Fields Included listbox. This text file can then be printed off on your printer and filed as a hardcopy reference of your password information.


Figure 22. The Export dialog (Printable tab-text file format)

When exporting in Custom (tab-text) format (see Figure 23 below), you can select which fields to include in the exported file, as well as the order of the fields. This allows you to export your data in any format you like. You can also include a blank (or filler) field in the exported data as well. The custom export option is for advanced users only.


Figure 23. The Export dialog (Custom tab-text format)

Note: Please keep in mind that files exported in tab-text format are unencrypted, and they should be deleted immediately after you have backed up the text file, printed out your service data (by opening the text file in a word processor and then subsequently printing it), or transferred and imported the text file to another computer. This will ensure maximum protection of your service data from hackers.

Importing service data
To import a service data file, press the Import button on the main window or select Import... from the File menu. The dialog shown in Figure 24 below will be displayed. Use the File Format popup menu to select the format of the file you want to import. You can import data in either encrypted PV data format, or in several clear (unencrypted) tab-text formats (ie. tab characters delimit the various fields in each service record).


Figure 24. The Import dialog (PV data file format)

When importing in PasswordVault (PV data) format, enter the master password of the file you wish to import and then press the Import button to select the file to be imported. If the master password you entered matches the master password in the file, the data will be imported and a message will be displayed showing how many services were updated and added (see Figure 25 below). This information is also added to the distribution log, so you can refer to it at any later time.

If you press the disclosure triangle at the bottom of the Import Complete dialog, more detailed information will be displayed, including the service's category and name, as well as the date on which the service was originally added or updated. This allows you to track changes to service information. Pressing the Copy To Clipboard button will copy the text in the textbox to the clipboard, so you can paste it into any text document editor.


Figure 25. The Import Complete dialog

When importing in PasswordVault (tab-text) format (see Figure 26 below), the service data is imported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to version 2.x of PasswordVault and is basically provided for legacy compatibility to the older version. It is recommended that you use the PV data file format described above, as it provides protection from hackers via its strong encryption.


Figure 26. The Import dialog (PV tab-text file format)

When importing in PasswordWallet (tab-text) format (see Figure 27 below), the service data is imported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to 'PasswordWallet', a program available to users of MacOS. To export your data from PasswordWallet, simply select Export to Text File... from the File menu when running PasswordWallet.


Figure 27. The Import dialog (PasswordWallet tab-text file format)

When importing in Password Depot (csv-text) format (see Figure 28 below), the service data is imported in clear csv-text format with the field order displayed in the Fields Included listbox. This file format is compatible to 'Password Depot', a program available to users of Windows. To export your data from Password Depot, select Export list... from the Tools menu when running Password Depot. Then set the Save as Type to Comma separated file (*.csv).


Figure 28. The Import dialog (Password Depot csv-text file format)

When importing in Custom (tab, csv-text) format (see Figure 29 below), you can select which fields to include in the imported file, the order of the fields, and the character used to separate the fields (' ; ' - semicolon, ' , ' - comma, <tab> - horizontal tab [control-code 9], or ' | ' - bar). This allows you to import your data in any format you like.

Important Note: PasswordVault now performs an automatic backup of your service data before performing a manual import. This ensures that if anything goes wrong with the import, that you can easily restore the service data you had previously. This automatic backup is stored in the Backup folder inside the PasswordVault preferences folder. To open the PasswordVault preferences folder, hold down the Control (Ctrl) and Shift keys while selecting Preferences... from the menu when running PasswordVault. You will then find a folder named 'PC-Mac PasswordVault v2.x' opened on the desktop. To restore a backup file, quit PasswordVault and copy the backup file into the 'PC-Mac PasswordVault 2.x' preferences folder. Then move the existing 'Prefs.txt' file somewhere safe, and rename the backup file to 'Prefs.txt'. When you next launch PasswordVault, it will use this file.

You can clear out the automatic backup files (to make more space on your hard drive), by selecting Clear Auto-Backup Files from the File menu. Generally, backup files are only about 30k in size, so it shouldn't be necessary to clear them very often.


Figure 29. The Import dialog (Custom tab, csv-text format)

The service name, username and password items are required fields (these items cannot be deselected). To include any other fields, however, simply check the checkbox on it's left side. Note: If a field is not checked, it will not be included, even if it is located near the top of the listbox, and other included fields surround it.

The type of data that can be successfully imported is now quite extensive. You can include a Blank item to ignore a particular field in the data, and there are 6 Blank items available for this purpose. There are also 6 Add to Notes items available. This item is incredibly useful as it allows you to bundle any data you wish to keep, and which doesn't properly correlate with another field type, into the Notes for the service. For example, a field may contain entries such as Street Address, Email Address, Card Number, Description, Mobile Phone, ICQ, etc. Using an Add To Notes item for these fields will correctly bundle this information into the Notes section of the service.

To change the order of the fields, simply drag them up or down the listbox until they are in the order you want.

The Separator popup menu allows you to select a number of separator character types. Most files in .csv format which can be imported actually use the ' ; '  character to separate fields, even though CSV means 'Comma-Separated Value' (CSV files are a common format used for database data interchange).

Hint: You can easily examine the record format of the text file you are trying to import by opening the text file using a text editor. You should then be able to see how many fields are included in each record, their size, order and location, and what field separator (ie. the spacer character placed between fields) is being used. The field separator is most often the 'horizontal tab' character, which is control-code 9 in the ASCII table. You can also then 'massage' the data using the text editor eg. remove the first line if it contains the field names, convert an unusual separator to a ' ; ' (semicolon) or ' | ' (bar) separator using a global search-and-replace on the text file (so it will import correctly into PasswordVault), or break the text file into pieces and import each piece separately (this may be necessary if the field order is different in different parts of the original import file).

For example, suppose you are trying to import the following data:

Hotmail;ffreakle;aadsfh8d;http://www.hotmail.com;ffreakle@hotmail.com;18/11/2006;;This is a note.
eBay;ffreakle;6sd9gnKh;http://www.ebay.com;;08/08/2006;Internet;Use Buy It Now setting more often.

The field order in this case that you would probably set in the Fields Included listbox is:

Name, Username, Password, Web Address, Add To Notes, Blank, Category, Add to Notes

After you have completed the import, be sure to check that the data imported correctly. You can check what services were imported by opening the distribution log by selecting Open Distribution Log... from the File menu. This log shows the names of all the services which were imported, the categories they were placed in, and the update date associated with the service. Thus, you can always remove these services, if you need to.

In some password managers, you can set which fields are included in an export file, as well as the field separator character - this allows you to export in a format which can then be imported easily by PasswordVault. For example, with Password Manager XP, a program available to users of Windows, you can Export to file..., set the Columns data delimiter to ' ; ', and then Export chosen columns (eg. Title, User name, URL, Description, and Password would correlate to the Name, Username, Web Address, Add To Notes and Password items in a custom PasswordVault importer).

Note: If a mandatory field (such as Username) is blank, it will automatically be filled with a default value, to ensure the data is imported in a usable form.

Note: if the csv file to be imported encloses fields in double-quotes (eg. "eBay";"ffreakle";...), these will be stripped automatically by PasswordVault during the import process.

Note: Due to the fact that time and date formats used by other password managers vary so widely, it is not possible to effectively import them into PasswordVault as a valid Last Modified date field. However, this time and date information can be added to notes, if required.

If you wish to move your Internet passwords and other data out of Apple's Keychain application on MacOS X, it appears the only way to do this is to copy and paste the data manually (use the 'Keychain Access.app' application in the 'Utilities' folder of the 'Applications' folder on MacOS X to access the Keychain data). Keychain only allows each application to access it's own Keychain data ie. you can't use a single application or utility to export or extract the data stored in Keychain for all applications.


Figure 30. Importing web bookmarks

Web Bookmark Files can also be imported from Internet Explorer (IE), Firefox and most other web browsers. With Firefox for example, select Organize Bookmarks... from the Bookmarks menu and then click the activity button and select Export HTML.... A 'bookmarks.html' will then be created by Firefox, which can be saved out and subsequently imported into PasswordVault. With Internet Explorer, select Import and Export... from the File menu, select Export Favorites from the Import/Export Wizard dialog, save out the file and then subsequently import it into PasswordVault.

During a Web Bookmark File import, duplicate bookmarks are automatically ignored by PasswordVault, making it easy to collate all your bookmarks from all sources into one location. Of course, once you've imported your web bookmark data, it can be synchronized across all your installations of PasswordVault on all platforms, either using the auto-distribution system or via online synchronization.

Your can also organize your 1000s of bookmarks easily with PasswordVault via the Organize Services dialog (see Organizing Services above for more details).


Figure 31. The Import dialog (Web Confidential file format)

When importing in Web Confidential (tab-text) format (see Figure 31 above), the service data is imported in clear csv-text format. This file format is compatible to 'Web Confidential', a program available to users of MacOS.


Figure 32. The Import dialog (URL Manager Pro file format)

When importing in URL Manager Pro (tab-text) format (see Figure 32 above), the web bookmarks are imported in a cleartext format. This file format is compatible to 'URL Manager Pro', a program available to users of MacOS.


Figure 33. The Import dialog (Titled custom, csv-text format)

The Titled Custom (csv-text) format (see Figure 33 above) is a very powerful importing scheme, since you can tag columns directly in the import file with their respective column names, and use a variety of field delimiters (ie. ';', ',', <tab> and '|'). Simply make the first row the column titles, as follows:
Column Title
 Column Description
Name
 Name of the service
Username
 Username (for a login)
Password
 Password (for a login)
WebAddress
 URL linked to the service
Ignore
 Ignore this column
AddToNotes
 Appends column to notes
Category
 Category or group

For example, a 'Titled Custom' text file may look like:

Name   WebAddress        Username    Password      Ignore       AddToNotes
GMail   www.gmail.com   Gregtinnon   excalibur       038557     Make sure it's checked daily
IMS       www.ims.com      gTinnon        macbeth        9759375   Online Survey - need to do this next week


Backing up your service data
It is strongly recommended that you backup your service data regularly (at least once per week).

The simplest way to backup your data is to select Backup Service Data... from the File menu. This will bring up the file save dialog, allowing you to save your encrypted service data to the location you like (some users choose to save it to their 'Documents' folder so it gets included in their normal automated backup system). Files are marked with a time/date stamp to ensure easy identification eg. 'PV Backup 083035 25Aug2008'. To restore a backup file, quit PasswordVault and copy the backup file into the 'PC-Mac PasswordVault 2.x' preferences folder. Then move the existing 'Prefs.txt' file somewhere safe, and rename the backup file to 'Prefs.txt'. When you next launch PasswordVault, it will use this file.

You can also backup by selecting Export... from the File menu on the main window to display the Export dialog, selecting PasswordVault (PV data) from the popup menu and pressing the Export button. You can save this file onto backup media such as a USB drive, zip disk, burnable CD, a networked hard disk, or other storage. Avoid floppy disks, unless you are desperate - they have very limited capacity and are unreliable.

Alternatively, if you use backup software, you can include the 'PasswordVault' preferences folder in your periodic backups. To open the 'PasswordVault' preferences folder, simply hold down the Control (Ctrl) and Shift keys while selecting Preferences... from the menu. You will then find a folder named 'PC-Mac PasswordVault v2.x' opened on the desktop - this folder needs to be added to your backup folder list.


Using online synchronization
Online synchronization makes it easy to keep passwords on multiple computers up-to-date, and also provides effective password data backup (in case your primary computer's hard disk ever fails).

Data stored online is protected by a Username/Password login, and an additional layer of 128-bit AES encryption applied on the user's computer (whose key is based on a unique 'Encryption PIN' entered by the user). Data is always encrypted with 896-bit double-Blowfish encryption before the additional layer of 128-bit AES encryption is applied, thus providing exceptional security. If hackers were somehow able to obtain your online password file from our servers, they would then have to crack both the 896-bit double-Blowfish encryption and the 128-bit AES encryption to access your password data.

To setup PasswordVault for online synchronization, select 'Online Synchronization' from the 'File' menu, and the Online Synchronization dialog will be displayed (see Figure 34 below). Enter your preferred login username and login password, and press the Create Account button. If the username is available, a message will be displayed saying that the account was created. To verify that your login information works, press the Verify Login button. To display your login password in readable form for 15 seconds, press the Unmask Login Password button.

The encryption key used for the 128-bit AES encryption is based on the 'Encryption PIN' you enter. To have the computer generate a random encryption key for you (this is highly recommended), press the Generate PIN button. The Encryption PIN textbox will then be filled with the new encryption PIN. Alternatively, you can make up your own PIN using the Enter PIN keypad (make sure you enter 8 numbers from 0-65535 separated by commas). To clear any existing PIN, press the Clear PIN button. To display your PIN in readable form for 60 seconds, press the Unmask PIN button (this longer time interval gives you more time to edit and/or check it).

Note: The encryption PIN is quite long (this is especially noticeable when entering it manually on the keypad), but this is needed to ensure full 128-bit AES encryption strength. The strength of this key is an important factor in keeping your online password data safe.


Figure 34. The Online Synchronization dialog

To perform your first online synchronization, press the Sync Now button. It can take up to 45 seconds for PasswordVault to download an existing password file (if there is one), import it and then upload the synchronized password data.

You can set PasswordVault to automatically synchronize your passwords every day at a particular time. This ensures that if you have a number of computers running PasswordVault, that the passwords stored by each will be the same after the synchronization. It's good practice to set the synchronization time of your primary computer to be slightly later than your other computer(s), as your primary computer will then almost always have the most up-to-date passwords each day. The synchronization will generally start within a minute or two of the set time.

If you launch PasswordVault after the set synchronization time on a particular day, it will synchronize within a minute or so of launch. When you change the synchronization time, it will synchronize within a minute or so after the change. Scheduled online synchronizations will occur even if the Enter Master Password dialog is displayed ie. the main window needn't be displayed for synchronizations to occur.

Of course, at any time you can manually synchronize by pressing the Sync Now button on the Online Synchronization dialog.

You can print out your online synchronization details by pressing the Print Details button. This will print a page containing the name of the user (from the PasswordVault runtime key you received when you purchased PasswordVault), the printing time and date, the username, the password, the encryption PIN and advice to, 'Please file this document in a secure place'.

To set up another computer for online synchronization, enter the login username, login password and encryption PIN (using the Enter PIN keypad) you used to set up the primary computer. It's good practice to check the login information at this point by pressing the Verify Login button. Pressing the Sync Now button will start the synchronization process and synchronize this computer's passwords with your primary computer.

Note: The Standard Edition of PasswordVault supports a single online synchronization account for each unique runtime key. The Pro Edition supports multiple users, each with their own unique online synchronization accounts.


Auto-distribution of passwords
PasswordVault offers a very streamlined and secure way to automatically distribute passwords (and other service information) between large groups of users, making it very useful for password management and control within organizations. Some example auto-distribution schemes are shown below in Figure 35.

Typically, an organization would assign a user (or department) to be responsible for management of particular service categories, and this user would then set up the auto-distribution system in PasswordVault to periodically auto-export those service categories to a shared network drive. Other users connected to the shared network drive can then periodically auto-import those service categories, if authorized, ensuring all users have the latest sets of passwords (and other service information). In addition to network drives, users can auto-import from URLs, allowing PasswordVault Distributable (.pvd) files that are uploaded to a Web server to be easily distributed to remote users over the Internet.

Extending this concept further, a number of users (or departments) can each be assigned to manage different sets of service categories eg. the IT department manages server passwords, development manages vendor Website passwords, etc. Authorized users in the organization can then be set up to auto-import service information from different locations (ie. shared network drives, or URLs) for each set of categories, seamlessly bringing together on their computer only those sets of service categories they need for their work and should have access to.

In a home or small office environment, one key user may manage all passwords used by the group and auto-distribute the latest updates to those users. If one computer is shared by multiple users with different login accounts, PasswordVault Distributable (.pvd) files can be auto-exported to a public folder accessible to all users and then the other users can set up PasswordVault to auto-import the files when they subsequently log in.

You can also use the auto-distribution system to perform multi-user synchronization of passwords ie. multiple users make changes to service information, and these changes are automatically synchronized to other users. See multi-user synchronization of passwords for further information about setting this up.


Figure 35. Example auto-distribution schemes

PasswordVault makes it very easy to set up a new employee with the standard set of company passwords they need, since only the auto-distribution system need be set up. The first time an auto-import occurs, the new employee will have all the latest passwords. They can then begin to add any personalized passwords they need (email account, etc.) to PasswordVault, ensuring that this information is protected and secure.

To display the Auto-Distribution dialog (shown in Figure 36 below), select Auto-Distribution... from the File menu. This dialog allows you to set any number of exporters, each with a unique name, encryption password, file save path, category list, and export schedule. You can also set up any number of importers, each with a unique name, decryption password, file load path or URL, and import schedule.

Exporters will save out a PasswordVault Distributable (.pvd) file to the specified location according to the set method: Every x minutes, Manually or On Every Change. Selecting the periodic method (Every x minutes) will make the exporter auto-export after the set interval, with a minimum of 10 minutes. The manual method (Manually) will only export when you explicitly press the Export Now button at the bottom of the Auto-Distribution dialog (this is effectively like switching off auto-export, since no exports will occur unless you manually trigger them). The On Every Change method will auto-export whenever you add a new service, or edit or remove an existing service, in a category listed on the exporter. Of course, you can have multiple exporters set up to include any combination of categories, and saving out to different locations.

The popup menu next to the Password To Use textbox (the downward pointing arrow) will display all services in the special 'PVDistribution' category. This category is intended purely to provide a location to store auto-distribution passwords (ie. passwords to use in auto-importers and auto-exporters) - the 'PVDistribution' category should never be included in any auto-exporters, to prevent these special passwords being automatically distributed to users (you should selectively distribute these passwords via other means, such as physically handing the user the auto-import password, since this is the key way that user access to auto-imports of password collections is controlled). Services in this special category can be added, edited and removed in the same way as any other service.



Figure 36. The Auto-Distribution dialog showing an auto-exporter

When PasswordVault is first launched, all importers and exporters which are not set to Manually will be processed. From that time on, periodic importers and exporters will trigger according to their interval. For example, if an exporter is set to export every 60 minutes, it will export as soon as PasswordVault is launched, and then export at 60 minutes, 120 minutes, 180 minutes, etc. If an importer is set to 20 minutes, it will import at 20 minutes, 40 minutes, 60 minutes, etc.

Whenever a periodic auto-import trigger occurs, the PasswordVault Distributable (.pvd) file is downloaded and the timestamp inside it is checked against the last import performed. If they are the same, the import is ignored (ie. the .pvd file has not changed since the last import). This prevents repeated auto-imports occurring when the import file has not actually been updated, as well as eliminating redundant distribution log entries.

Whenever a periodic auto-export trigger occurs, the PasswordVault Distributable (.pvd) file is generated and saved out, but only if changes have been made to services in categories included in the exporter. If no changes have been made, the file is not saved out. This prevents repeated auto-exports occurring when the data has not actually been updated, as well as eliminating redundant distribution log entries.

If you select the On Every Change method, the file is saved out every time a change is made to a service in a category listed on the exporter. This is a very efficient way to set up auto-distribution if you seldom add, update or remove a service.

The popup menu next to the Password To Use textbox (the downward pointing arrow) will display all services in the special 'PVDistribution' category. This category is intended purely to provide a location to store auto-distribution passwords (ie. passwords to use in auto-importers and auto-exporters). Services in this special category can be added, edited and removed in the same way as any other service. You should receive your auto-import password directly from the password collection administrator (ie. the person who makes PasswordVault Distributable (.pvd) files available to users by auto-exporting them to a shared network drive or uploading the auto-exported file to a Website).

The Password To Use you enter adds an additional layer of 128-bit AES encryption to exported password files (on top of the normal 896-bit double-Blowfish encryption), making it even more secure. It is recommended that you use a password that is randomly generated and around 12 characters or longer (a random password generator is available on the Add Service and Edit Service dialogs, which is where you will be adding services to the special 'PVDistribution' category anyway).

Important Note: Please keep in mind that you should be giving users an 'Auto-Distribution Password' by a direct method such as telephone, memo, personally handing it to them on paper, secure email, etc. Once a user has the 'Auto-Distribution Password' and the URL of the PasswordVault Distributable (.pvd) file, they can set up PasswordVault to automatically receive all PasswordVault Distributable (.pvd) updates. Your organization's IT security policy should be the guiding force when considering these issues.

When you press the Export Now button, the status of the export will be shown in the status area just above the button on the Auto-Distribution dialog. The following result message types may be displayed:

Success: x services exported
The PVD file was saved successfully.

Error: Could not overwrite PVD export file
The PVD file could not be saved because an existing file at that location could not be overwritten (it may be busy, open, locked, etc).

Note: Files exported by the auto-distribution system do not include data for master password recovery (ie. lose the password, and you lose the data). It is better to backup data by manually exporting it, rather than using the auto-distribution system. Password distribution simply has a different set of requirements to backing up, the primary requirement being security - 128-bit AES encryption is very strong encryption and is thus very secure.

Figure 37 shows the Auto-Distribution dialog with an importer's information displayed.


Figure 37. The Auto-Distribution dialog showing an auto-importer

The example importer above shows an importer with an auto-import period of 60 minutes, loading the PasswordVault Distributable (.pvd) file from a URL on a LAN. Many personal Web servers are now available which operate on LANs, including the 'Personal Web Sharing' function built into MacOS X, and the Web server built into our free Kenbushi(TM) Lite product (Kenbushi, previously called 'PC-Mac-Net FileShare', is a powerful media center with integrated file sharing, web server and data backup over LAN/Internet. Versions are available for Windows, MacOS X and Linux.).

If you create auto-importers to import services in a particular category from one or more sources and then use an auto-exporter to export them with that same category, you can merge services with that category into a single importable file.

A green up arrow appears on the left side of the Lock button when a file is exported by the auto-distribution system, and a green down arrow when a file is downloaded and imported. This clear indication shows that password data is being actively processed, and imported data merged into PasswordVault is immediately available for use.

If you press the Import Now button, the status of the import will be shown in the status area just above the button on the Auto-Distribution dialog. The following result message types may be displayed:

Success: x services added, x services updated
The file was loaded successfully and it contained new data (ie. the datestamp hadn't been processed before), so the data was imported and the number of services added and updated was shown.

Success: PVD file loaded, but no new data
The file was loaded successfully but it contained no new data (ie. the datestamp had been processed before), so no import was required.

Error: PVD file format error
There was something wrong with the format of the PVD file, so it could not be processed.

Error: PVD file master password mismatch
The password in the file did not match the password set for the auto-importer. The passwords must match for the PVD file to be decrypted and processed.

When the auto-importer Source is set as a URL and PasswordVault downloads the PVD file from a Web server, progress messages are displayed (shown below), which are then followed by one of the result message types listed above.

Status: Attempting to connect to Web server...
Status: Connected to Web server...

If an error occurs during the download process, one of the following error messages will be displayed:

Error: PVD file not found on Web server
The file does not exist at the URL specified - the Web server returned a code 404, a 'File Not Found' error

Error: Could not download PVD file (timeout)
A timeout occurred on the download (10 seconds is allocated), so the file could not be downloaded. This may be because you are not currently connected to the Internet, the Web server specified in the URL does not exist, or some other general access problem.

To see what has been imported or exported during an auto-distribution event, you can open the 'DistributionLog.txt' file (located in the PasswordVault preferences folder) by selecting Open Distribution Log... from the File menu (see Figure 38 below). This will open the distribution log in the default application set on your computer to display '.txt' files (usually Wordpad, Notepad or TextEdit).

Note: if you open the distribution log again before closing it in the default '.txt' application, you may find the text has not been refreshed with the newest auto-distribution events. Always close the text file before opening the distribution log again to see the latest changes.


Figure 38. An example distribution log

If you wish to create separate category groups for different locations (eg. work and home), you can do this by adding a prefix to the basic category name. For example, 'Home-Banking' and 'Work-Banking', 'Home-Network' and 'Work-Network', etc. This makes it clear which location the category refers to. You might also use a prefix if you need the same basic category name for different company environments eg. 'UDV-Vendor sites', 'Megatronic-Vendor sites', etc. A company may use two (or more) levels of subcategory, such as 'UDV-Network','UDV-Vendor sites', 'UDV-Email Accounts', etc. to segregate category groups.

In addition to category groups, you may wish to use the above techique to logically group service names. Example service names for a company may be: 'UDV-Email-jbloggs', 'UDV-NetAdmin-Login Server 1', etc. This has the added advantage that service names are unique across a large set of users, so password auto-distribution will work cohesively.

Note: If you are using the auto-distribution functions when running PasswordVault2Go, any auto-imports which may occur will not flow through to the desktop installation (if it is installed) until the next time PasswordVault2Go is launched. This is because PasswordVault2Go synchronizes to the desktop only when it is launched.

Note: Periodic auto-import and auto-export events are queued and processed every 15 seconds. If two events occur at the same time, the first event will take 15 seconds, and then the second event will be processed in the next 15 seconds. Thus, there will be a short delay between processing of events. After an event has been processed, the green indicator arrow (down-pointing for imports, up-pointing for exports) will be displayed on both the main window and the global floating window for 5 seconds. Of course, if more than 2 events occur simultaneously, they will be queued and processed in turn.

Note: If you have set up an auto-exporter to export all categories, and you add a new category, make sure you check the appropriate checkbox for the new category on the Auto-Distribution dialog if you want it included in the auto-exporter.


Multi-user synchronization of passwords
Multi-user synchronization is really just a special case of auto-distribution. In this case, multiple users can make changes to service information, and these changes are automatically transferred to other users by the way the auto-importers and auto-exporters are set up on each computer. See the example in Figure 39 below, which shows one of three users being synchronized.


Figure 39. Synchronizing one of three users

In this example, there is a shared network drive which is used to store the PVD files auto-exported by each of the three users. The user in the illustration is user 1, and he is set up to auto-export to a file on the shared network drive named 'user1.pvd' (we made up this file name for this example - you can use whatever file name you like for each user). He is also set up to auto-import files named 'user2.pvd' and 'user3.pvd' (the files set up to be auto-exported by user 2 and user 3 respectively). User 2 is set to auto-export 'user2.pvd' and auto-import 'user1.pvd' and 'user3.pvd'. User 3 is set to auto-export 'user3.pvd' and auto-import 'user1.pvd' and 'user2.pvd'.

The most effective way to ensure all users are synchronized regularly is to set the auto-importers and auto-exporter on each user's computer to trigger every hour or so. If service data doesn't change during this time, this will be detected during each auto-import and no data will be imported. If a service has been added or updated by any user, this update will propagate to each user.

Full multi-user synchronization (ie. any user can make service changes) is most effective for small groups of users because as the group size increases, the number of auto-importers that need to be set up on each computer also increases. Though technically there is no hard limit on the size of a group that can do full multi-user synchronization, the practical limit is probably about 10 users.

Usually, however, not all users in a group will actually make changes to service information ie. only a subset of privileged users will be assigned responsibility to update passwords. Normal users who never make changes will only need to be set up to auto-import changes made by each privileged user, so a very large number of normal users can be set up in this way. In other words, privileged users will be set for full multi-user synchronization between themselves, and normal users will only be set to auto-import each privileged user's PVD file.


PasswordVault2Go special features
This special portable version of PasswordVault is designed to run on USB drives, Zip drives, iPods, etc. For example, university students can use PasswordVault2Go to store their password collections securely on a USB drive and plug it into whichever computer they are given access to at their university. Data is always secure, since it is protected by very strong 896-bit double-Blowfish encryption.

World travellers can use PasswordVault2Go to securely carry their Internet password collections with them on their journey, accessing the Internet at any Internet cafe, and even backup their service data files by emailing it to themselves using any web-based email system (eg. Yahoo, Hotmail, etc). Data is always secure, since it is protected by very strong 896-bit double-Blowfish encryption.

The preferences of PasswordVault2Go are stored in the 'Prefs.txt' file in the 'Data' folder inside the PasswordVault2Go folder, so they move along with the application itself. It's a very good idea to backup your data regularly, to prevent the loss of this critical file - see Backing up your service data for more information.

Alternatively, you can auto-sync your service data by installing and using the desktop version of PasswordVault. See Auto-synchronizing service data for further details.

Note: If you are using the auto-distribution functions when running PasswordVault2Go, any auto-imports which may occur will not flow through to the desktop installation (if it is installed) until the next time PasswordVault2Go is launched. This is because PasswordVault2Go synchronizes to the desktop only when it is launched.

Installation
The 'passwordvault2go.zip' archive contains the 'PasswordVault2Go' folder. During the installation procedure outlined below, this folder will be copied onto your USB drive or other portable media (eg. iPod, Zip disk, etc). USB drives are also called USB memory sticks, JetFlash, USB flash drives, flash memory sticks, etc.

Note: It is recommended that you format your USB drive in FAT32 format on Windows so that it is compatible to the Windows, MacOS and Linux platforms.

To install PasswordVault2Go under Windows, open the 'passwordvault2go.zip' archive using Winzip (available from www.winzip.com), press the Extract button and select your USB drive as the destination. The MacOS X version of the PasswordVault2Go program will remain in MacBinary format (denoted with the '.bin' extension), and can be converted from MacBinary on a Macintosh computer using StuffIt Expander (available from www.aladdinsys.com).

To install PasswordVault2Go under MacOS X, drag and drop the 'passwordvault2go.zip' archive onto StuffIt Expander (available from www.aladdinsys.com). Then copy the resulting 'PasswordVault2Go' folder onto your USB drive.

To install PasswordVault2Go Lite under Linux, open the 'passwordvault2golite.zip' archive (with 'File Roller' or equivalent) and extract the folder to your USB drive (on Red Hat Linux, you can simply double-click a zip archive and 'File Roller' will open the archive). The 'PasswordVault2Go_Lin' application must then be set as 'Executable'.

All platform versions are included in the 'passwordvault2go.zip' archive, so when you look at the files under Windows, you may see a number of special Macintosh files (the MacOS applications, some files with dot prefixes, etc). On MacOS, you will see the Macintosh applications, as well as the Windows '.exe' file. On Linux, you will see all the Windows and Macintosh applications.

To reduce the space used by PasswordVault2Go on your USB drive, you can delete one or all of the following items:

1) Delete the 'User_Manual' folder (however, you then won't be able to display and read the user manual)
2) Delete the executable program files for platforms you don't need (you then won't be able to use PasswordVault2Go on all platforms) eg. if you only need to run on Windows, remove all files and folders except 'PasswordVault2Go.exe' and the 'Data' folder.

Running PasswordVault2Go
 Launch PasswordVault2Go by double-clicking the correct program icon for your operating system on the USB drive. On Windows, the program is called 'PasswordVault2Go.exe'. On MacOS X, the program is called 'PasswordVault2Go X'. On Linux, the program is called 'PasswordVault2Go_Lin'.

Special notes for Linux users:
A) The 'PasswordVault2Go_Lin' application must be set as 'Executable'. You can do this in Red Hat Linux by right-clicking the application, selecting 'Properties' and checking the 'Execute' checkbox in the 'Permissions' panel.
B) If you are simply double-clicking the application to run it, make sure the path and application name do not have any spaces in it. Spaces in the file path may prevent it from running correctly.
C) If you haven't mounted your USB drive before, the following information should assist you (though some specific instructions may be different for your particular distribution of Linux and how your hard disks are configured). In newer versions of some Linux distributions, some of these steps may be automated.
  1. Log in as 'root'.
  2. Create a directory called 'usbhd' in the 'mnt' directory by entering 'mkdir /mnt/usbhd' in the terminal.
  3. Insert your USB flash drive and enter 'mount -t auto /dev/sda /mnt/usbhd' in the terminal. This should mount your USB flash drive and make it available for use - the files on the USB drive can be found at '/mnt/usbhd'.
  4. Run the 'PasswordVault2Go_Lin' application.
  5. To unmount your USB drive after quitting 'PasswordVault2Go_Lin', enter 'umount /mnt/usbhd' in the terminal. Then you should be able to safely remove your USB drive.
  6. For information about mounted disks, enter 'fdisk -l' in the terminal.