PasswordVault™
User Manual

HTML Edition: 8.4.0
Release date: 7 January 2020

Quick Start

License Agreement

Operation
Appendices

Enterprise Edition
This edition of PasswordVault combines a secure centralized database server (for easy data management, backup and disaster recovery) with a PasswordVault client which securely stores data locally, and which synchronizes regularly with the server. Some functions in the PasswordVault client included with this edition operate slightly differently to the other editions available.

Operation

Introduction
PasswordVault securely stores your collection of important service access information such as website usernames and passwords, Internet banking account numbers and PINs, textclips, web bookmarks and software serial keys for quick and convenient access. PasswordVault is the desktop version of the software, and is installed in the same way as any other application on your desktop or laptop computer. You launch it in the same way as any other desktop program.

PasswordVault2Go is the portable version of the software, and is installed by copying the 'PasswordVault2Go' folder onto your USB drive or other portable media (eg. iPod, Zip disk, etc). USB drives are also called USB memory sticks, JetFlash, USB flash drives, flash memory sticks, etc. You launch it by double-clicking the program icon on your USB drive. See the installation notes for further details.

When you purchase, you get download access to both the desktop and portable versions of the software for all computer platforms.


 Site Licensees:

"The University of Illinois has purchased site licenses of PasswordVault for their campuses at Urbana-Champaign (UIUC), Chicago (UIC) and Springfield (UIS). They chose a customized build of the software which was preregistered, had a backdrop utilizing their University's official colors and logo design, and which included extended desktop licensing (so staff and students could also use PasswordVault on their own home and laptop computers)." Link...

"The Regional Educational Media Center #1, located in Michigan state, is an organization whose role is to provide technology and instructional materials support to local school districts. They purchased an unlimited site license, and PasswordVault currently assists them in managing around 500 services throughout their organization."


Individual Users:

"I did a lot research in selecting a password program and thought yours was REALLY good.  I especially like the memory stick feature."
-- A. Turley, ME, USA
 "Your programme is one of the best pieces of software I bought last year, so keep up the good work!"
-- L. Poll, Surrey, UK
"I just put PasswordVault upgrade Ver 5 on my computer and thank you. In fact, I almost did not change because Ver 4.3 already was working so great. I deleted V 4.3 ... and the subsequent installation of Ver 5 was foolproof. It picked up all the passwords without flaw, even though I had backed up the pv files for insurance. Most importantly, after several years use, I continue to think Lava Software has an outstanding product in PasswordVault.  I would not go without it, especially with computer security ringing so critically important nowadays."
-- J. Davidson, WA, USA
"You folks are great and thank you for a great product. I love the ease of use and ability the product gives me in creating very strong password protection."
-- K. Ruth, UT, USA
"I have been a user of PasswordVault for years and I love the product. I use it daily and would be lost without it."
-- M. Holloway, UT, USA
"Thank you very much for first class customer service and product. Be sure that I will recommend your product!"
-- J. Sorensen, Denmark.
"Thanks for your great program.  I'm telling all my friends with thumb drives."
-- T. Lopez, VA, USA
 "Thanks for an excellent product."
-- K. Focht, NV, USA
"This is a great little tool."
-- B. Wesson, CA, USA
"This is what I have been waiting for!! I hate Gator!"
-- C. A. Saunders, NH, USA
"I love the Mac and I love your utility."
-- D. Barsocchini, CA, USA
"It is a very good program and one that is essential in these days of requiring harder, more robust passwords for adequate computer security."
-- J. Davidson, WA, USA
"Your product PasswordVault Lite 4.2 has been awarded by us with 5 stars and the SoftPedia Pick Award !"
-- Softpedia


Security considerations
PasswordVault was designed from the ground up with security in mind. All your information is protected by highly secure 256-bit double-AES encryption, and the only time this information is in a form which can be easily accessed is when you are running PasswordVault. Even if a hacker manages to access the data file which stores your information, it cannot be read without knowing the master password or by using the master password recovery system.

PasswordVault includes an automatic news system to inform users of software updates and special offers, etc., and it can be enabled and disabled in the preferences. We do offer a periodic email newletter, but user email addresses do not generally offer a reliable, long term method of reaching users with software update information. The HTTP GET request made by PasswordVault during the news download process is only performed when it is launched and, of course, does not include any user service information stored inside PasswordVault. This HTTP GET request also validates the runtime key.


Choosing a master password
When you launch PasswordVault for the first time, an empty Master Password Preferences dialog will be displayed. A sample of this dialog is shown below in Figure 1, containing an example master password and master password recovery clues.


Figure 1. The Master Password Preferences dialog

The first step is to choose and enter a master password. Your choice of a good master password is important in ensuring the security of your data. With PasswordVault, the master password is the only password you need to remember, so it is a good idea to make it reasonably long and include some numbers. For example, 'yukonmoose597' is a good master password since it combines two unusual words and includes numbers as well.

The Unmask Password button next to the master password unmasks the password for 15 seconds. Thus, the master password is usually hidden, protecting it from the view of anyone looking over your shoulder.

The Help button is a custom build option, and thus not visible in the mainstream version of PasswordVault. Pressing this button displays a specified web page which contains organization-specific information about PasswordVault, such as advice about selecting a good master password.

Setting up Master Password Recovery
The 'Master Password Recovery System' (MPRS) is a powerful and unique feature of PasswordVault, which allows you to recover elegantly if you ever forget your master password. Forgetting a master password is relatively easy to do. This can occur, for example, if you go for a holiday and don't use your master password for a few weeks. Maybe you chose a particularly complex master password and one day you accidently transpose two numbers in the password. Without the master password recovery system built into PasswordVault, you would have lost you data forever!!!

The master password recovery system works by allowing you to enter a series of personal questions (ie. clues), to which only you know the answers. Any number of clues can be used, so you can make the recovery system at least as secure as the master password itself - the more clues used, the better the security. You should use clues which have very exact, explicit answers, which will never change. For example, 'What was my puppy's name when I was 6?' is a good clue, because it is something you will probably never forget and which very few people would know. An example of a poor clue is, 'Who is my best friend?'. The answer may change over time, thus affecting successful recovery (ie. you may enter what you think is the correct answer, but it may not be what you originally entered).

Setting up master password recovery is easy and is highly recommended for all users - if you forget your master password and do not have the master password recovery system set up, you have permanently lost the data stored inside PasswordVault! On the other hand, if you have set up master password recovery, you just need to answer some simple questions to get back to the main screen. From there, you can re-familiarize yourself with your master password or change it to something else.

To add a new clue, enter the question in the Question textbox and the answer in the Answer textbox. Then press the Add Clue button to add it to the list.

To update a clue, select it in the list and it will be placed in the top textboxes. Make any changes you wish and then press the Update Clue button to update the clue in the list. Then press the Save button to save the list of clues.

To remove a clue, select it in the list and press the Remove Clue button.

After you have added all the clues you want to add, press the Save button to save the list of clues. To display the Master Password Preferences dialog again, press the Master Key button on the main window (see Figure 2 below).


Controls on the main window
The expanded form of the main window (shown below in Figure 2) gives you access to all controls. It is like a window from any other typical application, so will move into the background if another application's window is brought forward.

Help information about a particular control (buttons, popup menus, etc.) will be displayed when you move the mouse cursor over it, so it's a good idea to see what various controls do by reading their help information. This is a quick way to become familar with the basic functions of PasswordVault. For example, at the bottom are the add, edit and remove service buttons, which allow you to manage your service information.

Note: On the Linux version, the menu item to display the user manual is not available. To read the user manual, please open the 'User_Manual' folder and double-click the 'contents.html' file.

          

Figure 2. The expanded form of the main window (Win32, MacOS X)

Use the Expand And Contract button (the green arrow at the top right of the window) to minimize and maximize the main window in place (ie. without moving it).

The Global Floating Window is the compact form of the Main Window (shown below in Figure 3, containing a sample 'Hotmail' service) and is a great way to make your information easily accessible for any application whilst using the absolute minimum amount of screen area. It floats above all windows of all applications on the screen (on all platform versions, except on Linux).

          

Figure 3. The Global Floating Window (Win32, MacOS X), the compact form of the main window

Adding a new service
A 'service' is simply a collection of information (username, password, web address, etc.) linked to a service name. For example, a service called 'Hotmail' might have a username of 'mpotter', a password of 'grootburger' and a web address of 'www.hotmail.com'.

You can create a new service by pressing the Add Service button on the main window - the Add Service dialog (shown below in Figure 4) will be displayed. Enter the service name, select the service category and subcategory from the groupbox menu (or type new category/subcategory names into these comboboxes), enter the username, password and web address (if applicable). You can also add additional notes, if required. You can change the type of service using the 'Username' and 'Password' title popup menus. For example, if you are entering Internet banking information, you might select 'Account No' and 'PIN' from these title popup menus.

Advanced Shortcut: Hold down the 'Ctrl' key when pressing the Add Service button to open the Add Service dialog with the password already unmasked for 15 seconds. You can then type in the password on the Add Service dialog and see it as you type it. This shortcut is for advanced users who wish to add a number of services quickly.


Figure 4. The Add Service dialog

You can also drag and drop the URL from a web browser (eg. 'http://google.com') directly onto the URL Dropbox on the global floating window (the target on Figure 3 above). Alternatively, you can copy URL text into the clipboard and right click the URL Dropbox to paste it in. Doing this will open the Add Service dialog (shown below in Figure 5), fill the Web Address textbox with the URL text, and set the category to 'Bookmark'. PasswordVault will also load the page associated with the web bookmark, and try to extract it's title, to use as the service name.

If you leave the username and password textboxes empty, they will automatically be filled with 'NoUsername' and 'NoPassword' respectively.


Figure 5. The Add Service dialog, showing a 'Web Bookmark' being added

PasswordVault provides an excellent way to manage your web browser bookmarks across all your computers, with full synchronization across LANs (Pro Edition only) and over the Internet. Of course, PasswordVault also works on all computer platforms (Windows, MacOS X and Linux), and is compatible to all web browsers, making it the most flexible, accessible and secure store for your web browser bookmarks available.

Textclips are another special type of service in PasswordVault. Textclips are snippets of text which can be used to quickly and easily construct standardized emails and text documents. Technical IT specialists could use textclips to create a library of commonly entered console commands, and then copy-and-paste (or drag-and-drop) those textclips into a console window when needed. Textclips can be categorized and synchronized across a group of users, in the same way as all other PasswordVault services - this makes the Textclip feature in PasswordVault incredibly useful for people involved in customer service industries (real estate, ICT support, insurance, banking, accounting, etc), as they can significantly improve productivity compared to typing similar sentences or paragraphs repeatedly. A library of Textclips can be created and shared by users, making it much easier to ensure the organization's professional writing style is maintained.

You can also drag and drop existing text from an email or text document directly onto the URL Dropbox on the global floating window (the target on Figure 3 above). Alternatively, you can copy the text into the clipboard and right click the URL Dropbox to paste it in. Doing this will open the Add Service dialog (shown below in Figure 6) in Textclip mode.


Figure 6. The Add Service dialog, showing a 'Textclip' being added

Note: The maximum length of category names is 30 characters, and the maximum length of service names is 60 characters.

The Unmask Password button (next to the Password textbox) unmasks the password for 15 seconds. Thus, the password is usually hidden, protecting it from the view of anyone looking over your shoulder.

To generate a random password, press the Generate Password button (this button is shown as two linked cogs). A high-quality password conforming to the type (alphanumeric, numeric or hexadecimal) and size set on the Preferences dialog will be generated and placed in the Password textbox.

When the information is complete, press the Save button to save the information - the service will now be added to the Service Selection popup menu on the main window, and the Add Service dialog will be cleared (ready for you to enter information for a new service). This automatic clearing after saving makes it easier and faster to enter a list of services.

To return to the main window, press the Cancel button.

Note: All unused categories in the category popup menu are automatically removed when PasswordVault is next launched.


Auto-Filling Web forms
You can set up a 'service' in PasswordVault to auto-fill a web form or do a two-click login. A 'service' is simply a collection of information (username, password, web address, etc.) linked to a service name. For example, a service called 'Hotmail' might have a username of 'mpotter', a password of 'grootburger' and a web address of 'www.hotmail.com'.

Auto-fill is an advanced feature in PasswordVault which greatly simplifies logging into websites, or filling out Web forms (eg. order forms) you regularly need to complete. Setting up a service to use this feature is simple, and the sequence in which data is entered can be fully tailored to each particular web login screen. The Return/Enter key can even be automatically pressed after the timed paste sequence has completed to submit the pasted information by checking the Auto-Enter Key Press checkbox on the Preferences dialog (see Preferences below).

To use the auto-fill function with automatic submission, select Timed Paste as the Username/Password Transfer method on the Preferences dialog. Timed paste works by placing text into the clipboard and simulating key presses. For example, pressing the Password button on the global floating window actually copies the password data from PasswordVault into the clipboard, and then simulates a keyboard paste operation (ie. 'Ctrl-v' on Windows, 'Command-v' on MacOS X). By including the special characters, ' # ' (ie. space hash space), in the Username textbox on the Add Service dialog (see Figure 5 above), pressing of the 'Tab' key can be simulated - this key is used by Web browsers to move the cursor to the next textbox or control.

For example, signing into a GMail account is normally done by entering the username, pressing the 'Tab' key, entering the password, and then pressing the 'Enter/Return' key. Thus, to set up auto-fill for GMail (assuming your username is 'mpotter' and password is 'phoenix12'), bring up the Add Service dialog and enter the username, 'mpotter # ', and the password 'phoenix12' (we assume you have already checked the Auto-Enter Key Press checkbox in the preferences). That's it!!!


Figure 7. Auto-fill used on a GMail login screen

Now when you want to sign into GMail, press the Go To Web Address button on the global floating window (see Figure 3 above) to open the GMail Web page in your browser, and once it's loaded, click the Username button on PasswordVault and then immediately position the cursor into the 'Username' textbox on the Web page (before the timed paste operation starts). PasswordVault will then auto-fill and submit the Web page in one streamlined operation.

Important Note: It's a good idea to test out the auto-fill of a new service you are adding by first unchecking the Auto-Enter Key Press checkbox (or use the advanced shortcut below) and then testing the auto-fill information you have created. Some Websites limit the number of login retries before they lock out the user, and you probably want to avoid that.

Advanced Shortcut: If you hold down the 'Ctrl' key when pressing the Username button, Auto-Enter Key Press will be disabled for this particular auto-paste. This allows you to test auto-fill without submitting the Web form.

On services like GMail, eBay, etc., it's a good idea not to check the Remember me on this computer or Keep me signed in checkboxes on the Web page (see Figure 8 below). If you share your computer with another user and they go to these websites, they will be logged into your account automatically, and thus have access to your online account. You should always log out of these accounts when you're finished with them, to ensure the next user has to log in properly.


Figure 8. Auto-fill used on an eBay login screen

If there is more than two textboxes on a Web page to fill in, you can place additional information in the Username textbox in PasswordVault, separated by the special ' # ' combination. In the example below in Figure 9, there are 3 sets of information which need to be entered. In this case (assuming your 'Card/Access Number' is '73856583855', 'Security Number' is '7844' and 'Internet Password' is 'jdugh7d7'), bring up the Add Service dialog and enter the username, '73856583855 # 7844 # ', and the password 'jdugh7d7'.


Figure 9. Auto-fill used with an online banking account

Now when you want to sign into your Internet bank, press the Go To Web Address button on the global floating window to open the bank's Web page in your browser, and once it's loaded, click the Username button on PasswordVault and then immediately position the cursor into the 'Card/Access Number' textbox on the Web page. PasswordVault will then auto-fill and submit the Web page in one streamlined operation ie. it will paste in '73856583855', simulate pressing the 'Tab' key, paste in the 'Security Number', simulate pressing the 'Tab' key, paste in the 'Internet Password', and simulate pressing the 'Enter/Return' key.

Note: On some banking Web pages, textboxes may only accept a specific number of characters, so you should remove any spaces in the text to ensure the form gets filled in properly.

Sometimes other controls, such as popup menus, may be selected when you are trying to auto-fill textboxes on a Web page. The example in Figure 10 shows this type of problem. In this case, placing one special ' # ' combination at the end of the username will 'Tab' the browser to the '@bigpond.com' popup menu, rather than the 'Password' textbox. In this case (assuming your username is 'mpotter' and password is 'phoenix12'), bring up the Add Service dialog and enter the username, 'mpotter # # ', and the password 'phoenix12'. Note that there are two 'Tab' keys simulated between the username and password, and thus when you trigger an auto-fill, the cursor will jump over the popup menu and correctly fill the 'Password' textbox.


Figure 10. Auto-fill used when other controls are present

Of course, you can set a service to auto-fill as many textboxes as you like - even entire order forms you regularly complete, including credit card details, etc. If there are textboxes which should be bypassed because you need to enter specific information into them (eg. product selections), just put in a double 'Tab' ie. ' # # '. This will skip a textbox without pasting anything into it and move to the next one.

With a bit of experimentation, you should be able to auto-fill almost any Web form. The good thing is, once you've got auto-fill set up for a particular service, logging into that service becomes very streamlined.

Note: You can't set up PasswordVault to automatically select from popup menus, set or clear checkboxes, etc., on web forms during an auto-paste sequence - only textboxes can be auto-filled. If you wish to auto-fill and auto-submit this type of web form, you first need to set these other controls and then trigger the auto-fill on PasswordVault.

Note: If you set up multiple text items in the Username textbox for auto-fill but then select a Username/Password Transfer method other than 'Timed Paste' on the Preferences dialog, such as 'Copy To Clipboard', only the first text item will be copied to the clipboard.

Editing a service
To edit an existing service, first select it from the service selection popup menu on the main window. Then press the Edit Service button to display the Edit Service dialog (shown below in Figure 11). Make any necessary changes and then press the Update button. You will be returned to the main window immediately.

Advanced Shortcut: Hold down the 'Ctrl' key when pressing the Star button to open the Edit Service dialog with the password already unmasked for 15 seconds. You can then check the password as soon as the Edit Service dialog is displayed. This shortcut is for advanced users who wish to edit a number of services quickly.

The Unmask Password button (next to the Password textbox) unmasks the password for 15 seconds. Thus, the password is usually hidden, protecting it from the view of anyone looking over your shoulder.


Figure 11. The Edit Service dialog

Every time you update service information (ie. using the Edit Service dialog), such as changing the password or adding a web address, a time/date stamp is made on the service data. If you subsequently import this newer service data on another computer, it will replace any existing older service data stored under the same service name. In this way, you can easily synchronize the service data on a number of computers. This is especially useful on a home or office network.

Note: All unused categories are automatically removed when PasswordVault is next launched.

Removing a service
To remove an existing service, first select it from the service selection popup menu on the main window. Then press the Remove Service button to remove it. The Remove Service Confirmation alert shown in Figure 12 below will be displayed. Confirm the removal and the service will be deleted from the service selection popup menu.


Figure 12. The Remove Service Confirmation alert

Note: When you remove a service, it actually blanks out the service information, timestamps the service and hides it. If you subsequently synchronize your passwords with PasswordVault2Go, or create an auto-export which is auto-imported by other users (ie. distribute an update via the auto-distribution system), the removed service will also be removed from these downstream password collections as well. This method ensures that a removed service does not simply get restored again after the next synchronization. If a new service is subsequently added with the name of the removed service, it overwrites the previously removed service and correctly propagates to downstream password collections again.

Advanced Tip: To permanently delete all services previously marked as removed (and thus hidden), hold down the Control (Ctrl) and Shift keys and press the Cross button. You'll hear a beep confirming the permanent deletion.

Accessing service information
Selecting a category from the Service Category popup menu will show a list of services in the category, sorted alphabetically. Select the service from the Service Selection popup menu at the top right of the window, and the username, password and notes for this service will be displayed on the main window. This is basically how services are accessed, though additional filters (subcategories, service types, and searching by service name) can help find services faster.

If a service category has subcategories, clicking the SubCategory popup menu will display them. In Figure 13 below, the 'Bookmark' category has been selected, and the 'Home Selection' subcategory shows a number of lower level subcategories. Selecting a subcategory will store it in 'Recent Subcategories' for easy reselection, as shown at the top of the subcategory list in Figure 13 below. As you can see, two levels of subcategory can be set in each category, giving you deep control over the grouping of services.

If you want all services to be listed in the Service Selection popup menu, select 'All' from the Service Category popup menu. This 'All' setting is very useful when used in conjunction with the Search textbox, since only services beginning with the entered search text will be displayed.


Figure 13. Selecting a subcategory of the 'Bookmark' category

You can type text into the Search textbox (in the top center of the window in Figure 14 below) to only show services whose names start with those letters. Placing the wildcard character, '%', at the start of the search text will return all results which the substring matches eg. entering '%foru' will return all services containing the text 'foru' somewhere in their name, such as 'Kenbushi user forum', 'Yahoo forum', etc.

You can also select only certain types of services, such as 'Web Logins', 'Bookmarks', 'Textclips' or 'Others', using the Service Type popup menu (on the left side of the SubCategory popup menu). Selecting 'Show All' shows all services, irrespective of type.

To sort the displayed services in various ways, use the Sort By popup menu, located on the right side of the Service Selection popop menu. You can sort services alphabetically, by most used, or by recently used.

          

Figure 14. The main window with a service selected and displayed (Win32, MacOS X)

If there is a web address set for this service, you can press the Go To Web Address button (on the top left side) and your web browser will immediately load in the correct web page from the Internet. If no web address is set, this button will not be visible.

Advanced Tip: You can copy the web address into the clipboard (rather than telling your default web browser to go to it) by holding down the Control (Ctrl) key whilst pressing the Go To Web Address button. You can then paste the URL into an alternate web browser or other application. Some websites (such as banking websites) only support particular web browsers, so you may need to use an alternate web browser to access it.

You can either press the Username button (the little man) or Password button (the glass dot) to copy the respective information into the clipboard, ready to paste in where required on the web page, or manually type in the username and password where required for the service (ie. in textboxes on a web page requesting your username and password).

Username/password transfer methods other than Copy To Clipboard are also available, including Drag And Drop (click and hold the mouse button down on the Username or Password button and drag it to the Web form) and Timed Paste (the username and password information is auto-pasted after the selected delay time). Timed Paste mode is also used by the powerful Auto-fill Web form feature in PasswordVault. The Username/Password Transfer method to be used can be set in the preferences (see Figure 15 below).

You can also copy text into the clipboard from the additional notes area, if required.


Organizing services
Once you're added a number of services, you'll probably want to get them organized into categories to make it easier to find them or to group together services for a particular purpose. For example, there may be a group of services (login information, web bookmarks, textclips, etc.) which relate to your work, games, financial services, news, banking, etc. that you wish to keep together. PasswordVault makes it easier to move services between categories and get them organized. This is done using the Organize Services dialog (see the example in Figure 15 below), which can be displayed by pressing the Organize Services button on the main window (centre bottom in Figure 14).

Note: When organizing web bookmarks, an additional two levels of subcategories are available. This level of subcategorization is needed when you're trying to effectively manage the 1000s of bookmarks most active Internet users accumulate over time.


Figure 15. The Organize Services dialog

To display the services in a particular category, click the category (in the Category panel on the far left) and they will be displayed in the rightmost Services panel. If you highlight a service, some information about the service will be shown on the bottom of the window, including it's category and subcategories, web link (if there is one) and the last time the service was used. Clicking on the web link will immediately launch your web browser and load the page associated with the link, so you can view it.

You can also instantly filter the displayed services using the Service Name Search textbox at the top right side of the dialog. Enter a few letters of the start of a service name, and only services starting with those letters will be displayed. Enter a leading percentage symbol ('%'), and any service names containing the entered characters in any part of the name will be found. This search function allows you to find services easily, even from amongst 1000s of web bookmarks.

When displaying web bookmarks, you can select a service and delete it by pressing the Delete Service button on the bottom of the panel (the small '-' sign). Thus, old web bookmarks can be easily removed.

To change a category or subcategory name, highlight it and then click it again to enter edit mode. Make the changes and then click elsewhere on the dialog and the name will be set. When a category name is editable, the cursor will change to an 'I-Beam' text editing cursor when the cursor is positioned above it. Categories which cannot be edited will show a normal selection arrow even when the cursor is positioned above it.

To create a new category or subcategory, press the respective Add Category button underneath any of the category panels (the small '+' sign). A new entry will be added to the respectivepanel, which you can then rename to the new category name you want.

If you add a category or subcategory and subsequently don't move a service to it, the category or subcategory will be automatically deleted when you next relaunch PasswordVault. Thus, there is no need to delete category names.

Preferences
The Preferences dialog (see Figure 16 below) is displayed when you select Preferences... from the menu on the main window.


Figure 16. The Prefences dialog

Skins are used for the backdrop of the main window, allowing you to personalize PasswordVault to your tastes. To choose a skin, simply select it the Skin popup menu - the main window backdrop will update immediately with the new skin.

Several styles are available from the Button Style popup menu, allowing you to choose the one you prefer. The 'Win32' button style is consistent with Windows graphics, whilst 'Aqua' is a style which many MacOS X users may like. The 'Sketch' button style is an interesting casual art style for all platforms. As soon as you select a button style, buttons on the main window are changed, so you can easily see what they look like in use.

Note: Customized versions of PasswordVault (such as those created especially for site licensees) do not support additional skins, but have a fixed 'Custom' skin.

Check the Master Passwords checkbox to have passwords on the main window replaced by asterixes. This prevents others from seeing your passwords if you have the main window expanded.

The Auto-Lock Time is the time (in seconds) from the last activity before the automatic lock is activated, and this can be set by entering a number between 20 and 1800 (ie. 1800 seconds = 30 minutes) in the textbox. Enter '0' to disable the auto-lock function. You can also lock PasswordVault manually by pressing the Lock button on the main window.

To rename a service category, select it from the popup menu and it's name will be entered in the textbox. Change the category name in the textbox and then press the Rename button to rename the category to the new name entered.

The password generator can be customized by selecting the type of password to generate and it's size. Select 'Alphanumeric' if you want passwords to contain uppercase (A-Z) and lowercase (a-z) characters as well as numbers (0-9). Select 'Numeric' if you just want numbers included, and select 'Hexadecimal' to include only hexadecimal characters (0-9, A-F). Passwords from 1-1000 characters can be generated by typing a size into the Size textbox. Thus, you can generate and store large, unique hexadecimal encryption keys in PasswordVault, which can be used in other encryption products, such as file encrypters.

Transfers of username and password information from PasswordVault into your Web browser (or other application) can be made in several ways.

Copy To Clipboard simply copies the username or password into the clipboard when the Username or Password button, respectively, is pressed. You can then paste it into the correct position on the Web page.

Selecting Drag And Drop allows you to drag the username or password directly from the Username or Password button, respectively, to the correct position on the Web page. You may need to place the cursor in the appropriate textbox on the Web page before dragging.

Timed Paste will wait the specified number of seconds after the Username or Password button is pressed, before performing an automatic paste operation. To use this method, press the button and then place the cursor in the appropriate textbox, ready for the automatic paste.

You can set up services in PasswordVault to auto-fill Web forms using the Timed Paste method. This advanced feature greatly simplifies entry into Websites protected by a login screen. Setting up a service to use this feature is quite simple, and the way data is entered can be fully tailored to the login screen. The 'Return/Enter' key can even be automatically pressed after the timed paste (ie. to submit the pasted information), if you check the Auto-Enter Key Press checkbox on the Preferences dialog. See Adding a new service above for further information.

Note: The Linux version of PasswordVault only supports the Copy To Clipboard method.

You can control if PasswordVault automatically gets the latest news on launch with the Get Latest News On Launch checkbox. If you uncheck this checkbox, you can manually check for PasswordVault program updates and special offers by selecting Get Latest News... from the Help menu.

On Windows 2000/XP/Vista and MacOS X, the global floating window can be made up to 60% transparent, thus allowing the windows underneath it to be viewed. The floating window loses transparency when the mouse pointer passes across it, so that it can be used easily when needed. To set the amount of transparency, set the Transparency slider from 0% to 60% (0% transparency means the window will be fully opaque, which is the default setting).

The controls in the User Login Account groupbox allow you to add and remove user accounts.

Setting up multiple user accounts
Starting with PasswordVault v7.4, multiple users can now have their own separate, secure user login accounts and service data in Passwordvault, even though they share a computer with only a single login account. This arrangement is common in many households and small businesses, as it eliminates problems for users, such as restrictions on the ability to install software or use certain programs.

The user who installs PasswordVault and sets themselves up as the 'Default' user is the administrator of all user accounts in PasswordVault. 'Default' users can create and delete user accounts, but they can never see the data stored in a user account without knowing its master password. Thus, users can be assured that if they keep their master password safe, no other users can see their service data.

To set up a new user, the 'Default' user simply enters the name of the user in the Username textbox on the Preferences dialog (see Figure 16 above), and presses the '+' button. A login account will be created for the new user, and the initial password will be the same as the username entered eg. creating an account with a username of  'Susan' will have an initial password of 'Susan'. To remove an existing user account, select it in the Remove User popup menu and press the '-' button.

The first time the new user logs into PasswordVault (by selecting their username from the popup menu and entering their initial password), they will be prompted to change their password and to enter clues for the Master Password Recovery System (MPRS). They should do this without the 'Default' user (or anyone else) seeing the master password and MPRS clues they enter. Any service data they subsequently enter will then be secure from other users.

Each user can set up and use online synchronization in the normal way.

To switch users, simply press the Lock button (see Figure 14 above) to display the Enter Master Password dialog (see Figure 17 below), select a new username from the Username popup menu, enter the master password for that username, and press the Enter button.

Only the 'Default' user can set up and use the auto-distribution features in PasswordVault - these features will not be accessible to normal users.

Positioning the main window
It is recommended that the main PasswordVault be contracted and placed on the top right-hand-side of the screen. In this way, you can easily access the service selection popup menu as well as the copy-to-clipboard buttons, whilst requiring very little screen area.

Entering your master password
When you launch PasswordVault (and have set a master password), you will see the dialog in Figure 17 displayed. If master password recovery has been set up, the Recovery button (the Key) will also be visible. If the Recovery button is not visible, it means that master password recovery has not been set up and is not available.

        

Figure 17. The Enter Master Password dialog (Win32, MacOS X)

Select your username (see Setting up multiple user login accounts above for more details about creating additional accounts), type in your master password, and press the Enter button to display the main PasswordVault window. If you get the master password wrong, you can try again. If you have forgotten your master password, press the Recovery button to begin master password recovery. The dialog shown in Figure 18 will then be displayed.


Figure 18. The Recover Master Password dialog

Simply enter the answer to each question in the Answer textbox and press the Next >> button. After you have worked through the series of questions and answers, the main window will be displayed. If you can't remember the answer to a particular question, think about it for a while before trying again. If you cannot remember either the master password or the answers to the questions for master password recovery, you cannot access the service information stored inside PasswordVault.

If you can't recover, you should quit PasswordVault and move the 'Prefs.txt' file (in the PasswordVault preferences folder - see the FAQ) to a safe place on your hard disk (such as a backup folder) and then run PasswordVault again. Your master password will now be cleared, in addition to your previous service information. The 'Prefs.txt' file contains your master password, master password recovery information and service data.

If you have previously backed up your service data using the export function in PasswordVault (possibly in PV tab-text file format, a clear text format without a master password), you can import this data file and your service data will be recovered.

Exporting service data
To export your service data, select Export... from the File menu and the Export dialog will be displayed (see Figure 19 below). Use the File Format popup menu to select the format of the file you want to export. You can export data in either encrypted PV data format, or in several clear (unencrypted) tab-text formats (ie. tab characters delimit the various fields in each service record).


Figure 19. The Export dialog (PV data file format)

When exporting in PasswordVault (PV data) format, the exported file is encrypted and is thus safe to store anywhere. You can choose which categories you want to include in the exported file, and you can also change the master password stored with the data. If the master password you include is different to your normal master password, your master password recovery clues will be excluded from the exported file. See Using PasswordVault in large organizations for further information about using this feature.

When exporting in PasswordVault (tab-text) format (see Figure 20 below), the service data is exported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to version 2.x of PasswordVault and is basically provided for legacy compatibility to the older version. It is recommended that you use the PV data file format described above, as it provides protection from hackers via its strong encryption.


Figure 20. The Export dialog (PV tab-text file format)

When exporting in PasswordWallet (tab-text) format (see Figure 21 below), the service data is exported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to 'PasswordWallet', a program available to users of MacOS.


Figure 21. The Export dialog (PW tab-text file format)

When exporting in Printable (text file) format (see Figure 22 below), the service data is exported in a clear text format with the field order displayed in the Fields Included listbox. This text file can then be printed off on your printer and filed as a hardcopy reference of your password information.


Figure 22. The Export dialog (Printable tab-text file format)

When exporting in Custom (tab-text) format (see Figure 23 below), you can select which fields to include in the exported file, as well as the order of the fields. This allows you to export your data in any format you like. You can also include a blank (or filler) field in the exported data as well. The custom export option is for advanced users only.


Figure 23. The Export dialog (Custom tab-text format)

Note: Please keep in mind that files exported in tab-text format are unencrypted, and they should be deleted immediately after you have backed up the text file, printed out your service data (by opening the text file in a word processor and then subsequently printing it), or transferred and imported the text file to another computer. This will ensure maximum protection of your service data from hackers.

Importing service data
To import a service data file, press the Import button on the main window or select Import... from the File menu. The dialog shown in Figure 24 below will be displayed. Use the File Format popup menu to select the format of the file you want to import. You can import data in either encrypted PV data format, or in several clear (unencrypted) tab-text formats (ie. tab characters delimit the various fields in each service record).


Figure 24. The Import dialog (PV data file format)

When importing in PasswordVault (PV data) format, enter the master password of the file you wish to import and then press the Import button to select the file to be imported. If the master password you entered matches the master password in the file, the data will be imported and a message will be displayed showing how many services were updated and added (see Figure 25 below). This information is also added to the distribution log, so you can refer to it at any later time.

If you press the disclosure triangle at the bottom of the Import Complete dialog, more detailed information will be displayed, including the service's category and name, as well as the date on which the service was originally added or updated. This allows you to track changes to service information. Pressing the Copy To Clipboard button will copy the text in the textbox to the clipboard, so you can paste it into any text document editor.


Figure 25. The Import Complete dialog

When importing in PasswordVault (tab-text) format (see Figure 26 below), the service data is imported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to version 2.x of PasswordVault and is basically provided for legacy compatibility to the older version. It is recommended that you use the PV data file format described above, as it provides protection from hackers via its strong encryption.


Figure 26. The Import dialog (PV tab-text file format)

When importing in PasswordWallet (tab-text) format (see Figure 27 below), the service data is imported in clear tab-text format with the field order displayed in the Fields Included listbox. This file format is compatible to 'PasswordWallet', a program available to users of MacOS. To export your data from PasswordWallet, simply select Export to Text File... from the File menu when running PasswordWallet.


Figure 27. The Import dialog (PasswordWallet tab-text file format)

When importing in Password Depot (csv-text) format (see Figure 28 below), the service data is imported in clear csv-text format with the field order displayed in the Fields Included listbox. This file format is compatible to 'Password Depot', a program available to users of Windows. To export your data from Password Depot, select Export list... from the Tools menu when running Password Depot. Then set the Save as Type to Comma separated file (*.csv).


Figure 28. The Import dialog (Password Depot csv-text file format)

When importing in Custom (tab, csv-text) format (see Figure 29 below), you can select which fields to include in the imported file, the order of the fields, and the character used to separate the fields (' ; ' - semicolon, ' , ' - comma, <tab> - horizontal tab [control-code 9], or ' | ' - bar). This allows you to import your data in any format you like.

Important Note: PasswordVault now performs an automatic backup of your service data before performing a manual import. This ensures that if anything goes wrong with the import, that you can easily restore the service data you had previously. This automatic backup is stored in the Backup folder inside the PasswordVault preferences folder. To open the PasswordVault preferences folder, hold down the Control (Ctrl) and Shift keys while selecting Preferences... from the menu when running PasswordVault. You will then find a folder named 'PC-Mac PasswordVault v2.x' opened on the desktop. To restore a backup file, quit PasswordVault and copy the backup file into the 'PC-Mac PasswordVault 2.x' preferences folder. Then move the existing 'Prefs.txt' file somewhere safe, and rename the backup file to 'Prefs.txt'. When you next launch PasswordVault, it will use this file.

You can clear out the automatic backup files (to make more space on your hard drive), by selecting Clear Auto-Backup Files from the File menu. Generally, backup files are only about 30k in size, so it shouldn't be necessary to clear them very often.


Figure 29. The Import dialog (Custom tab, csv-text format)

The service name, username and password items are required fields (these items cannot be deselected). To include any other fields, however, simply check the checkbox on it's left side. Note: If a field is not checked, it will not be included, even if it is located near the top of the listbox, and other included fields surround it.

The type of data that can be successfully imported is now quite extensive. You can include a Blank item to ignore a particular field in the data, and there are 6 Blank items available for this purpose. There are also 6 Add to Notes items available. This item is incredibly useful as it allows you to bundle any data you wish to keep, and which doesn't properly correlate with another field type, into the Notes for the service. For example, a field may contain entries such as Street Address, Email Address, Card Number, Description, Mobile Phone, ICQ, etc. Using an Add To Notes item for these fields will correctly bundle this information into the Notes section of the service.

To change the order of the fields, simply drag them up or down the listbox until they are in the order you want.

The Separator popup menu allows you to select a number of separator character types. Most files in .csv format which can be imported actually use the ' ; '  character to separate fields, even though CSV means 'Comma-Separated Value' (CSV files are a common format used for database data interchange).

Hint: You can easily examine the record format of the text file you are trying to import by opening the text file using a text editor. You should then be able to see how many fields are included in each record, their size, order and location, and what field separator (ie. the spacer character placed between fields) is being used. The field separator is most often the 'horizontal tab' character, which is control-code 9 in the ASCII table. You can also then 'massage' the data using the text editor eg. remove the first line if it contains the field names, convert an unusual separator to a ' ; ' (semicolon) or ' | ' (bar) separator using a global search-and-replace on the text file (so it will import correctly into PasswordVault), or break the text file into pieces and import each piece separately (this may be necessary if the field order is different in different parts of the original import file).

For example, suppose you are trying to import the following data:

Hotmail;ffreakle;aadsfh8d;http://www.hotmail.com;ffreakle@hotmail.com;18/11/2006;;This is a note.
eBay;ffreakle;6sd9gnKh;http://www.ebay.com;;08/08/2006;Internet;Use Buy It Now setting more often.

The field order in this case that you would probably set in the Fields Included listbox is:

Name, Username, Password, Web Address, Add To Notes, Blank, Category, Add to Notes

After you have completed the import, be sure to check that the data imported correctly. You can check what services were imported by opening the distribution log by selecting Open Distribution Log... from the File menu. This log shows the names of all the services which were imported, the categories they were placed in, and the update date associated with the service. Thus, you can always remove these services, if you need to.

In some password managers, you can set which fields are included in an export file, as well as the field separator character - this allows you to export in a format which can then be imported easily by PasswordVault. For example, with Password Manager XP, a program available to users of Windows, you can Export to file..., set the Columns data delimiter to ' ; ', and then Export chosen columns (eg. Title, User name, URL, Description, and Password would correlate to the Name, Username, Web Address, Add To Notes and Password items in a custom PasswordVault importer).

Note: If a mandatory field (such as Username) is blank, it will automatically be filled with a default value, to ensure the data is imported in a usable form.

Note: if the csv file to be imported encloses fields in double-quotes (eg. "eBay";"ffreakle";...), these will be stripped automatically by PasswordVault during the import process.

Note: Due to the fact that time and date formats used by other password managers vary so widely, it is not possible to effectively import them into PasswordVault as a valid Last Modified date field. However, this time and date information can be added to notes, if required.

If you wish to move your Internet passwords and other data out of Apple's Keychain application on MacOS X, it appears the only way to do this is to copy and paste the data manually (use the 'Keychain Access.app' application in the 'Utilities' folder of the 'Applications' folder on MacOS X to access the Keychain data). Keychain only allows each application to access it's own Keychain data ie. you can't use a single application or utility to export or extract the data stored in Keychain for all applications.


Figure 30. Importing web bookmarks

Web Bookmark Files can also be imported from Internet Explorer (IE), Firefox and most other web browsers. With Firefox for example, select Organize Bookmarks... from the Bookmarks menu and then click the activity button and select Export HTML.... A 'bookmarks.html' will then be created by Firefox, which can be saved out and subsequently imported into PasswordVault. With Internet Explorer, select Import and Export... from the File menu, select Export Favorites from the Import/Export Wizard dialog, save out the file and then subsequently import it into PasswordVault.

During a Web Bookmark File import, duplicate bookmarks are automatically ignored by PasswordVault, making it easy to collate all your bookmarks from all sources into one location. Of course, once you've imported your web bookmark data, it can be synchronized across all your installations of PasswordVault on all platforms, either using the auto-distribution system or via online synchronization.

Your can also organize your 1000s of bookmarks easily with PasswordVault via the Organize Services dialog (see Organizing Services above for more details).


Figure 31. The Import dialog (Web Confidential file format)

When importing in Web Confidential (tab-text) format (see Figure 31 above), the service data is imported in clear csv-text format. This file format is compatible to 'Web Confidential', a program available to users of MacOS.


Figure 32. The Import dialog (URL Manager Pro file format)

When importing in URL Manager Pro (tab-text) format (see Figure 32 above), the web bookmarks are imported in a cleartext format. This file format is compatible to 'URL Manager Pro', a program available to users of MacOS.


Figure 33. The Import dialog (Titled custom, csv-text format)

The Titled Custom (csv-text) format (see Figure 33 above) is a very powerful importing scheme, since you can tag columns directly in the import file with their respective column names, and use a variety of field delimiters (ie. ';', ',', <tab> and '|'). Simply make the first row the column titles, as follows:
Column Title
 Column Description
Name
 Name of the service
Username
 Username (for a login)
Password
 Password (for a login)
WebAddress
 URL linked to the service
Ignore
 Ignore this column
AddToNotes
 Appends column to notes
Category
 Category or group

For example, a 'Titled Custom' text file may look like:

Name   WebAddress        Username    Password      Ignore       AddToNotes
GMail   www.gmail.com   Gregtinnon   excalibur       038557     Make sure it's checked daily
IMS       www.ims.com      gTinnon        macbeth        9759375   Online Survey - need to do this next week


Backing up your service data
It is strongly recommended that you backup your service data regularly (at least once per week). There are a number of methods to backup and restore your PasswordVault service data, and these are described below.

Backup with your existing backup software or service
If you currently use backup software or an online backup service (eg. Time Machine, Retrospect, Carbonite, Mozy, BackJack, etc.), you can include the 'PasswordVault' preferences folder in your periodic backups. To open the 'PasswordVault' preferences folder, simply hold down the 'Control' (Ctrl) and 'Shift keys' while selecting Preferences... from the menu. You will then find a folder named 'PC-Mac PasswordVault v2.x' opened on the desktop - this entire folder needs to be added to your backup folder list.

Automatic backup and manual restore
PasswordVault automatically makes a backup of your preferences each time it is launched and every two hours it is in operation. It stores these timestamped backup files in the 'Backup' folder inside the 'PC-Mac PasswordVault 2.x' preferences folder. If you find you need to revert back to an older version of your service data (for example, if you accidently deleted a service you need), simply select Restore From Auto-Backup... and select the timestamped file you wish to restore.

Please note that automatic backups are made to your normal hard disk. In the event that your normal hard disk fails, the backups will also be lost. It is thus recommended that you use automatic backups in conjunction with either (or both) auto-syncing to PasswordVault2Go running off a USB stick, or online synchronization (both of these are described below).

Manual backup and restore
The simplest way to backup your data manually is to select Save Service Data To File... from the Backup menu. This will bring up the file save dialog, allowing you to save your encrypted service data to the location you like (some users choose to save it to their 'Documents' folder so it gets included in their normal automated backup system). Files are marked with a time/date stamp to ensure easy identification eg. 'Prefs-Default- Backup 1535 7Jul2010'. To restore a backup file, quit PasswordVault and copy the backup file into the 'PC-Mac PasswordVault 2.x' preferences folder. Then move the existing 'Prefs.txt' file somewhere safe, and rename the backup file to 'Prefs.txt'. When you next launch PasswordVault, it will use this file.

Manual export and import
You can also backup by selecting Export... from the File menu on the main window to display the Export dialog, selecting PasswordVault (PV data) from the popup menu and pressing the Export button. You can save this .pve file onto backup media such as a USB drive, zip disk, burnable CD, a networked hard disk, or other storage. To restore the data from a .pve file, select Import from the File menu and use the file save dialog to select your previously exported file.

Online backup and restore
If you are current using the online synchronization feature of PasswordVault (which is highly recommended), you already have a secure backup stored online.

Note: A very important part of setting up online synchronization on PasswordVault is to print out and securely file your 'Online Synchronization' login username, password and encryption PIN. A Print Details button is available on the 'Online Synchronization' dialog to assist you with doing this small but important step. Please read Using online synchronization below for full details.

To restore your data, run PasswordVault on the computer you want to restore your service data to, select Setup Online Sync... from the Sync menu, and set it up using your existing 'Online Synchronization' details. Then press the Sync Now button. You should find your data downloaded and restored from online storage.

Using PasswordVault2Go data to restore your desktop data
It's assumed you're running PasswordVault2Go from a USB stick, but the following procedure will work for any portable storage device you're running PasswordVault2Go on.
  1. Start by making a copy of the 'Data' folder located inside the PasswordVault2Go folder on your USB stick - this ensures that any sync with your desktop installation does not affect your original source data.
  2. Launch PasswordVault2Go folder from your USB stick and enter your master password to get to the main window. Select Preferences... from the top menu and make sure the Auto-Sync To Desktop checkbox is checked on the 'Preferences' dialog. Quit PasswordVault2Go.
  3. Locate the 'Prefs.txt' file in the 'PC-Mac PasswordVault 2.x' preferences folder on your desktop, and move it to a new location ie. you should now not have a 'Prefs.txt' file in the 'PC-Mac PasswordVault 2.x' preferences folder on your desktop.
  4. Launch the desktop version of PasswordVault. You should be asked to set up your master password again - enter the master password you normally use with the PasswordVault2Go installation on your USB stick. Quit the desktop version of PasswordVault.
  5. Launch PasswordVault2Go folder from your USB stick again and enter your master password. You should find that the auto-sync to desktop occurs and the Synchronization Complete dialog shows a large count for 'Portable services added'.
  6. When you next run the desktop version, all the services from your USB stick installation of PasswordVault2Go should be there.

Using online synchronization
Online synchronization makes it easy to keep passwords on multiple computers up-to-date, and also provides effective password data backup (in case your primary computer's hard disk ever fails).

Data stored online is protected by a Username/Password login, and an additional layer of 128-bit AES encryption applied on the user's computer (whose key is based on a unique 'Encryption PIN' entered by the user). Data is always encrypted with 256-bit double-AES encryption before the additional layer of 128-bit AES encryption is applied, thus providing exceptional security. If hackers were somehow able to obtain your online password file from our servers, they would then have to crack both the 256-bit double-AES encryption and the 128-bit AES encryption to access your password data.

Special note for IT administrators: When setting up the online synchronization, the Activity Monitor dialog provides invaluable information about what activities are occurring during the synchronization process. See Activity monitor of synchronizations below for further details.

To setup PasswordVault for online synchronization, select 'Online Synchronization' from the 'File' menu, and the Online Synchronization dialog will be displayed (see Figure 34 below). Enter your preferred login username and login password, and press the Create Account button. If the username is available, a message will be displayed saying that the account was created. To verify that your login information works, press the Verify Login button. To display your login password in readable form for 15 seconds, press the Unmask Login Password button.

The encryption key used for the 128-bit AES encryption is based on the 'Encryption PIN' you enter. To have the computer generate a random encryption key for you (this is highly recommended), press the Generate PIN button. The Encryption PIN textbox will then be filled with the new encryption PIN. Alternatively, you can make up your own PIN using the Enter PIN keypad (make sure you enter 8 numbers from 0-65535 separated by commas). To clear any existing PIN, press the Clear PIN button. To display your PIN in readable form for 60 seconds, press the Unmask PIN button (this longer time interval gives you more time to edit and/or check it).

Note: The encryption PIN is quite long (this is especially noticeable when entering it manually on the keypad), but this is needed to ensure full 128-bit AES encryption strength. The strength of this key is an important factor in keeping your online password data safe.


Figure 34. The Online Synchronization dialog

To perform your first online synchronization, press the Sync Now button. It can take up to 45 seconds for PasswordVault to download an existing password file (if there is one), import it and then upload the synchronized password data.

You can set PasswordVault to automatically synchronize your passwords every day at a particular time. This ensures that if you have a number of computers running PasswordVault, that the passwords stored by each will be the same after the synchronization. It's good practice to set the synchronization time of your primary computer to be slightly later than your other computer(s), as your primary computer will then almost always have the most up-to-date passwords each day. The synchronization will generally start within a minute or two of the set time.

If you launch PasswordVault after the set synchronization time on a particular day, it will synchronize within a minute or so of launch. When you change the synchronization time, it will synchronize within a minute or so after the change. Scheduled online synchronizations will occur even if the Enter Master Password dialog is displayed ie. the main window needn't be displayed for synchronizations to occur.

Of course, at any time you can manually synchronize by pressing the Sync Now button on the Online Synchronization dialog.

You can print out your online synchronization details by pressing the Print Details button. This will print a page containing the name of the user (from the PasswordVault runtime key you received when you purchased PasswordVault), the printing time and date, the username, the password, the encryption PIN and advice to, 'Please file this document in a secure place'.

To set up another computer for online synchronization, enter the login username, login password and encryption PIN (using the Enter PIN keypad) you used to set up the primary computer. It's good practice to check the login information at this point by pressing the Verify Login button. Pressing the Sync Now button will start the synchronization process and synchronize this computer's passwords with your primary computer.

Note: The Standard Edition of PasswordVault supports a single online synchronization account for each unique runtime key. The Pro Edition supports multiple users, each with their own unique online synchronization accounts.


Auto-distribution of passwords
PasswordVault offers a very streamlined and secure way to automatically distribute passwords (and other service information) between large groups of users, making it very useful for password management and control within organizations. Some example auto-distribution schemes are shown below in Figure 35.

Typically, an organization would assign a user (or department) to be responsible for management of particular service categories, and this user would then set up the auto-distribution system in PasswordVault to periodically auto-export those service categories to a shared network drive. Other users connected to the shared network drive can then periodically auto-import those service categories, if authorized, ensuring all users have the latest sets of passwords (and other service information). In addition to network drives, users can auto-import from URLs, allowing PasswordVault Distributable (.pvd) files that are uploaded to a Web server to be easily distributed to remote users over the Internet.

Extending this concept further, a number of users (or departments) can each be assigned to manage different sets of service categories eg. the IT department manages server passwords, development manages vendor Website passwords, etc. Authorized users in the organization can then be set up to auto-import service information from different locations (ie. shared network drives, or URLs) for each set of categories, seamlessly bringing together on their computer only those sets of service categories they need for their work and should have access to.

In a home or small office environment, one key user may manage all passwords used by the group and auto-distribute the latest updates to those users. If one computer is shared by multiple users with different login accounts, PasswordVault Distributable (.pvd) files can be auto-exported to a public folder accessible to all users and then the other users can set up PasswordVault to auto-import the files when they subsequently log in.

You can also use the auto-distribution system to perform multi-user synchronization of passwords ie. multiple users make changes to service information, and these changes are automatically synchronized to other users. See multi-user synchronization of passwords for further information about setting this up.


Figure 35. Example auto-distribution schemes

PasswordVault makes it very easy to set up a new employee with the standard set of company passwords they need, since only the auto-distribution system need be set up. The first time an auto-import occurs, the new employee will have all the latest passwords. They can then begin to add any personalized passwords they need (email account, etc.) to PasswordVault, ensuring that this information is protected and secure.

To display the Auto-Distribution dialog (shown in Figure 36 below), select Auto-Distribution... from the File menu. This dialog allows you to set any number of exporters, each with a unique name, encryption password, file save path, category list, and export schedule. You can also set up any number of importers, each with a unique name, decryption password, file load path or URL, and import schedule.

Special notes for IT administrators:
 Exporters will save out a PasswordVault Distributable (.pvd) file to the specified location according to the set method: Every x minutes, Manually or On Every Change. Selecting the periodic method (Every x minutes) will make the exporter auto-export after the set interval, with a minimum of 10 minutes. The manual method (Manually) will only export when you explicitly press the Export Now button at the bottom of the Auto-Distribution dialog (this is effectively like switching off auto-export, since no exports will occur unless you manually trigger them). The On Every Change method will auto-export whenever you add a new service, or edit or remove an existing service, in a category listed on the exporter. Of course, you can have multiple exporters set up to include any combination of categories, and saving out to different locations.

The popup menu next to the Password To Use textbox (the downward pointing arrow) will display all services in the special 'PVDistribution' category. This category is intended purely to provide a location to store auto-distribution passwords (ie. passwords to use in auto-importers and auto-exporters) - the 'PVDistribution' category should never be included in any auto-exporters, to prevent these special passwords being automatically distributed to users (you should selectively distribute these passwords via other means, such as physically handing the user the auto-import password, since this is the key way that user access to auto-imports of password collections is controlled). Services in this special category can be added, edited and removed in the same way as any other service.



Figure 36. The Auto-Distribution dialog showing an auto-exporter

When PasswordVault is first launched, all importers and exporters which are not set to Manually will be processed. From that time on, periodic importers and exporters will trigger according to their interval. For example, if an exporter is set to export every 60 minutes, it will export as soon as PasswordVault is launched, and then export at 60 minutes, 120 minutes, 180 minutes, etc. If an importer is set to 20 minutes, it will import at 20 minutes, 40 minutes, 60 minutes, etc.

Whenever a periodic auto-import trigger occurs, the PasswordVault Distributable (.pvd) file is downloaded and the timestamp inside it is checked against the last import performed. If they are the same, the import is ignored (ie. the .pvd file has not changed since the last import). This prevents repeated auto-imports occurring when the import file has not actually been updated, as well as eliminating redundant distribution log entries.

Whenever a periodic auto-export trigger occurs, the PasswordVault Distributable (.pvd) file is generated and saved out, but only if changes have been made to services in categories included in the exporter. If no changes have been made, the file is not saved out. This prevents repeated auto-exports occurring when the data has not actually been updated, as well as eliminating redundant distribution log entries.

If you select the On Every Change method, the file is saved out every time a change is made to a service in a category listed on the exporter. This is a very efficient way to set up auto-distribution if you seldom add, update or remove a service.

The popup menu next to the Password To Use textbox (the downward pointing arrow) will display all services in the special 'PVDistribution' category. This category is intended purely to provide a location to store auto-distribution passwords (ie. passwords to use in auto-importers and auto-exporters). Services in this special category can be added, edited and removed in the same way as any other service. You should receive your auto-import password directly from the password collection administrator (ie. the person who makes PasswordVault Distributable (.pvd) files available to users by auto-exporting them to a shared network drive or uploading the auto-exported file to a Website).

The Password To Use you enter adds an additional layer of 128-bit AES encryption to exported password files (on top of the normal 256-bit double-AES encryption), making it even more secure. It is recommended that you use a password that is randomly generated and around 12 characters or longer (a random password generator is available on the Add Service and Edit Service dialogs, which is where you will be adding services to the special 'PVDistribution' category anyway).

Important Note: Please keep in mind that you should be giving users an 'Auto-Distribution Password' by a direct method such as telephone, memo, personally handing it to them on paper, secure email, etc. Once a user has the 'Auto-Distribution Password' and the URL of the PasswordVault Distributable (.pvd) file, they can set up PasswordVault to automatically receive all PasswordVault Distributable (.pvd) updates. Your organization's IT security policy should be the guiding force when considering these issues.

When you press the Export Now button, the status of the export will be shown in the status area just above the button on the Auto-Distribution dialog. The following result message types may be displayed:

Success: x services exported
The PVD file was saved successfully.

Error: Could not overwrite PVD export file
The PVD file could not be saved because an existing file at that location could not be overwritten (it may be busy, open, locked, etc).

Note: Files exported by the auto-distribution system do not include data for master password recovery (ie. lose the password, and you lose the data). It is better to backup data by manually exporting it, rather than using the auto-distribution system. Password distribution simply has a different set of requirements to backing up, the primary requirement being security - 128-bit AES encryption is very strong encryption and is thus very secure.

Figure 37 shows the Auto-Distribution dialog with an importer's information displayed.


Figure 37. The Auto-Distribution dialog showing an auto-importer

The example importer above shows an importer with an auto-import period of 10 minutes, loading the PasswordVault Distributable (.pvd) file from a URL on a LAN. Many personal Web servers are now available which operate on LANs, including the 'Personal Web Sharing' function built into MacOS X and the web server service built into Windows 7.

If you create auto-importers to import services in a particular category from one or more sources and then use an auto-exporter to export them with that same category, you can merge services with that category into a single importable file.

A green up arrow appears on the left side of the Lock button when a file is exported by the auto-distribution system, and a green down arrow when a file is downloaded and imported. This clear indication shows that password data is being actively processed, and imported data merged into PasswordVault is immediately available for use.

If you press the Import Now button, the status of the import will be shown in the status area just above the button on the Auto-Distribution dialog. The following result message types may be displayed:

Success: x services added, x services updated
The file was loaded successfully and it contained new data (ie. the datestamp hadn't been processed before), so the data was imported and the number of services added and updated was shown.

Success: PVD file loaded, but no new data
The file was loaded successfully but it contained no new data (ie. the datestamp had been processed before), so no import was required.

Error: PVD file format error
There was something wrong with the format of the PVD file, so it could not be processed.

Error: PVD file master password mismatch
The password in the file did not match the password set for the auto-importer. The passwords must match for the PVD file to be decrypted and processed.

When the auto-importer Source is set as a URL and PasswordVault downloads the PVD file from a Web server, progress messages are displayed (shown below), which are then followed by one of the result message types listed above.

Status: Attempting to connect to Web server...
Status: Connected to Web server...

If an error occurs during the download process, one of the following error messages will be displayed:

Error: PVD file not found on Web server
The file does not exist at the URL specified - the Web server returned a code 404, a 'File Not Found' error

Error: Could not download PVD file (timeout)
A timeout occurred on the download (10 seconds is allocated), so the file could not be downloaded. This may be because you are not currently connected to the Internet, the Web server specified in the URL does not exist, or some other general access problem.

To see what has been imported or exported during an auto-distribution event, you can open the 'DistributionLog.txt' file (located in the PasswordVault preferences folder) by selecting Open Distribution Log... from the File menu (see Figure 38 below). This will open the distribution log in the default application set on your computer to display '.txt' files (usually Wordpad, Notepad or TextEdit).

Note: if you open the distribution log again before closing it in the default '.txt' application, you may find the text has not been refreshed with the newest auto-distribution events. Always close the text file before opening the distribution log again to see the latest changes.


Figure 38. An example distribution log

If you wish to create separate category groups for different locations (eg. work and home), you can do this by adding a prefix to the basic category name. For example, 'Home-Banking' and 'Work-Banking', 'Home-Network' and 'Work-Network', etc. This makes it clear which location the category refers to. You might also use a prefix if you need the same basic category name for different company environments eg. 'UDV-Vendor sites', 'Megatronic-Vendor sites', etc. A company may use two (or more) levels of subcategory, such as 'UDV-Network','UDV-Vendor sites', 'UDV-Email Accounts', etc. to segregate category groups.

In addition to category groups, you may wish to use the above techique to logically group service names. Example service names for a company may be: 'UDV-Email-jbloggs', 'UDV-NetAdmin-Login Server 1', etc. This has the added advantage that service names are unique across a large set of users, so password auto-distribution will work cohesively.

Note: If you are using the auto-distribution functions when running PasswordVault2Go, any auto-imports which may occur will not flow through to the desktop installation (if it is installed) until the next time PasswordVault2Go is launched. This is because PasswordVault2Go synchronizes to the desktop only when it is launched.

Note: Periodic auto-import and auto-export events are queued and processed every 15 seconds. If two events occur at the same time, the first event will take 15 seconds, and then the second event will be processed in the next 15 seconds. Thus, there will be a short delay between processing of events. After an event has been processed, the green indicator arrow (down-pointing for imports, up-pointing for exports) will be displayed on both the main window and the global floating window for 5 seconds. Of course, if more than 2 events occur simultaneously, they will be queued and processed in turn.

Note: If you have set up an auto-exporter to export all categories, and you add a new category, make sure you check the appropriate checkbox for the new category on the Auto-Distribution dialog if you want it included in the auto-exporter.


Activity monitor of synchronizations
When setting up the synchronization of service data across a number of users, the Activity Monitor dialog provides invaluable information about what activities are occurring during the synchronization process. The example below in Figure 39 below shows both auto-distribution activity as well as online synchronization activity.

The synchronization engine in PasswordVault is highly optimized: files are imported only if they has been updated since the last import, and files are exported only if services have actually been added or updated, etc.

Key errors to look for in the activity monitor (to correct sync problems) include incorrect passwords (which result in decryption errors), files required for import which are missing, incorrect file paths, broken network shared folder connections, etc.


Figure 39. The Activity Monitor dialog


Multi-user synchronization of passwords
Multi-user synchronization is really just a special case of auto-distribution. In this case, multiple users can make changes to service information, and these changes are automatically transferred to other users by the way the auto-importers and auto-exporters are set up on each computer. See the example in Figure 40 below, which shows one of three users being synchronized.


Figure 40. Synchronizing one of three users

In this example, there is a shared network drive which is used to store the PVD files auto-exported by each of the three users. The user in the illustration is user 1, and he is set up to auto-export to a file on the shared network drive named 'user1.pvd' (we made up this file name for this example - you can use whatever file name you like for each user). He is also set up to auto-import files named 'user2.pvd' and 'user3.pvd' (the files set up to be auto-exported by user 2 and user 3 respectively). User 2 is set to auto-export 'user2.pvd' and auto-import 'user1.pvd' and 'user3.pvd'. User 3 is set to auto-export 'user3.pvd' and auto-import 'user1.pvd' and 'user2.pvd'.

The most effective way to ensure all users are synchronized regularly is to set the auto-importers and auto-exporter on each user's computer to trigger every hour or so. If service data doesn't change during this time, this will be detected during each auto-import and no data will be imported. If a service has been added or updated by any user, this update will propagate to each user.

Full multi-user synchronization (ie. any user can make service changes) is most effective for small groups of users because as the group size increases, the number of auto-importers that need to be set up on each computer also increases. Though technically there is no hard limit on the size of a group that can do full multi-user synchronization, the practical limit is probably about 10 users.

Usually, however, not all users in a group will actually make changes to service information ie. only a subset of privileged users will be assigned responsibility to update passwords. Normal users who never make changes will only need to be set up to auto-import changes made by each privileged user, so a very large number of normal users can be set up in this way. In other words, privileged users will be set for full multi-user synchronization between themselves, and normal users will only be set to auto-import each privileged user's PVD file.


PasswordVault2Go special features
This special portable version of PasswordVault is designed to run on USB drives, Zip drives, iPods, etc. For example, university students can use PasswordVault2Go to store their password collections securely on a USB drive and plug it into whichever computer they are given access to at their university. Data is always secure, since it is protected by very strong 256-bit double-AES encryption.

World travellers can use PasswordVault2Go to securely carry their Internet password collections with them on their journey, accessing the Internet at any Internet cafe. Data is always secure, since it is protected by very strong 256-bit double-AES encryption.

Note: The preferences for PasswordVault2Go are stored in the 'Prefs.txt' file in the 'Data' folder inside the PasswordVault2Go folder, so they move along with the application itself. It's a very good idea to backup your data regularly, to prevent the loss of this critical file - see Backing up your service data for more information.

You can auto-sync PasswordVault2Go to a desktop installation of PasswordVault ie. new services you've added to the portable version are copied to the desktop version (and vice versa), and updates you've made with the portable version are copied to the desktop version (and vice versa).

When you run PasswordVault2Go for the first time and a desktop installation of PasswordVault is detected, the Desktop Installation Detected dialog will be displayed (see Figure 41 below). To sync to an existing desktop installation, select the username to sync with from the Sync To Username popup menu, enter your desktop master password, and press the Continue button. If the master password you enter matches the desktop installation, the data between your portable and desktop versions of PasswordVault will be synchronized.


Figure 41. The Desktop Installation Detected dialog

You can activate and deactivate the auto-syncing to the desktop on the Preferences dialog on PasswordVault2Go (see Figure 42 below). To activate auto-synchronization to the desktop, open the Preferences dialog and check the Auto-Sync To Desktop checkbox (this special checkbox is only available on PasswordVault2Go, and is located near the top right of the dialog).


Figure 42. The Prefences dialog for PasswordVault2Go


Then, whenever you run PasswordVault2Go (and the portable master password matches the desktop master password), your service data will be auto-sychronized to the desktop.

You can also synchronize multiple desktops using PasswordVault2Go. For example, after running PasswordVault2Go at home (and thus syncing your home service data), you could subsequently bring your USB stick to work and run it there. If you did this daily, all your service data would then be synced across these two desktops on a daily basis.

When you launch PasswordVault2Go, you can select which desktop user login account you'd like to sync with from the Sync To Username popup menu (see Figure 43 below). Alternatively, if you select the 'None' option, then no sync to desktop is attempted. For a sync to be successful, the portable master password must match the desktop master password.


Figure 43. The Enter Master Password dialog for PasswordVault2Go

After a successful synchronization, the Synchronization Complete dialog will be displayed (see Figure 44 below). This dialog shows how many services were added, updated or deleted between the portable and desktop versions. To get full details about all changes made to services, press the More Details expansion arrow.


Figure 44. The Synchronization Complete dialog

Installation
The 'passwordvault2go.zip' archive contains the 'PasswordVault2Go' folder. During the installation procedure outlined below, this folder will be copied onto your USB drive or other portable media (eg. iPod, Zip disk, etc). USB drives are also called USB memory sticks, JetFlash, USB flash drives, flash memory sticks, etc.

Note: It is recommended that you format your USB drive in FAT32 format on Windows so that it is compatible to the Windows, MacOS and Linux platforms.

To install PasswordVault2Go under Windows, open the 'passwordvault2go.zip' archive using Winzip (available from www.winzip.com), press the Extract button and select your USB drive as the destination. The MacOS X version of the PasswordVault2Go program will remain in MacBinary format (denoted with the '.bin' extension), and can be converted from MacBinary on a Macintosh computer using StuffIt Expander (available from www.aladdinsys.com).

To install PasswordVault2Go under MacOS X, drag and drop the 'passwordvault2go.zip' archive onto StuffIt Expander (available from www.aladdinsys.com). Then copy the resulting 'PasswordVault2Go' folder onto your USB drive.

To install PasswordVault2Go Lite under Linux, open the 'passwordvault2golite.zip' archive (with 'File Roller' or equivalent) and extract the folder to your USB drive (on Red Hat Linux, you can simply double-click a zip archive and 'File Roller' will open the archive). The 'PasswordVault2Go_Lin' application must then be set as 'Executable'.

All platform versions are included in the 'passwordvault2go.zip' archive, so when you look at the files under Windows, you may see a number of special Macintosh files (the MacOS applications, some files with dot prefixes, etc). On MacOS, you will see the Macintosh applications, as well as the Windows '.exe' file. On Linux, you will see all the Windows and Macintosh applications.

To reduce the space used by PasswordVault2Go on your USB drive, you can delete one or all of the following items:

1) Delete the 'User_Manual' folder (however, you then won't be able to display and read the user manual)
2) Delete the executable program files for platforms you don't need (you then won't be able to use PasswordVault2Go on all platforms) eg. if you only need to run on Windows, remove all files and folders except 'PasswordVault2Go.exe' and the 'Data' folder.

Running PasswordVault2Go
 Launch PasswordVault2Go by double-clicking the correct program icon for your operating system on the USB drive. On Windows, the program is called 'PasswordVault2Go.exe'. On MacOS X, the program is called 'PasswordVault2Go X'. On Linux, the program is called 'PasswordVault2Go_Lin'.

Special notes for Linux users:
A) The 'PasswordVault2Go_Lin' application must be set as 'Executable'. You can do this in Red Hat Linux by right-clicking the application, selecting 'Properties' and checking the 'Execute' checkbox in the 'Permissions' panel.
B) If you are simply double-clicking the application to run it, make sure the path and application name do not have any spaces in it. Spaces in the file path may prevent it from running correctly.
C) If you haven't mounted your USB drive before, the following information should assist you (though some specific instructions may be different for your particular distribution of Linux and how your hard disks are configured). In newer versions of some Linux distributions, some of these steps may be automated.
  1. Log in as 'root'.
  2. Create a directory called 'usbhd' in the 'mnt' directory by entering 'mkdir /mnt/usbhd' in the terminal.
  3. Insert your USB flash drive and enter 'mount -t auto /dev/sda /mnt/usbhd' in the terminal. This should mount your USB flash drive and make it available for use - the files on the USB drive can be found at '/mnt/usbhd'.
  4. Run the 'PasswordVault2Go_Lin' application.
  5. To unmount your USB drive after quitting 'PasswordVault2Go_Lin', enter 'umount /mnt/usbhd' in the terminal. Then you should be able to safely remove your USB drive.
  6. For information about mounted disks, enter 'fdisk -l' in the terminal.


Overview (Enterprise Edition)
The Enterprise Edition of PasswordVault is a unique password management system which combines a secure centralized database server (for easy data management, backup and disaster recovery) with a PasswordVault client which securely stores data locally, and which synchronizes regularly with the server. It features:

For further details about the Enterprise Edition of PasswordVault, please visit the Lava Software website.


PasswordVault client setup (Enterprise Edition)
Your computer login forms the basis for your identification by the PV Server, thus leveraging your organization's existing identity infrastructure. In large organizations, this is particularly helpful, as there is no additional identity setup required for PasswordVault. Also, all user data is encrypted on the user's computer before being transferred to the PV Server, ensuring the data is kept secure.

The first time a new user launches the PasswordVault client on their computer, the 'PV Server Connection' dialog will be displayed (see Figure 8 below). Enter the IP address of the PV Server (your PV Server administrator can provide you with this information) into the IP Address textbox and click the Connect button.

Figure 8. An empty 'PV Server Connection' dialog

After connecting to the PV Server, it's details will be displayed in the 'Server Information' section of the dialog (see Figure 9 below). If a connection error occurs, check that you have entered the correct IP address of the PV Server, or contact your PV Server administrator for assistance.

After connecting successfully, check that the PV Server information is correct (ie. that you are connecting to the correct server). The most important information to check is the organization name, and the IP address. Your PV Server administrator may also have given you the server's 'Server Name' and 'Server Signature'. If so, you should also check that that is correct.


Figure 9. A 'PV Server Connection' dialog, showing server information

If the PV Server details are correct, enter your user name, department and email address into the textboxes provided (see Figure 10 below). You can leave this information empty if you wish, but entering these details will assist your PV Server administrator in providing you with effective support. When you have entered your details, press the Register button and your details will be registered with the PV Server. After successful registration, you should see the Quit button at the bottom of the dialog change to 'Done'. This indicates that the PV Server registration has been completed successfully, and you can begin using PasswordVault on your computer.



Figure 10. A 'PV Server Connection' dialog, showing entered user information

Note: If you have been using any of the other editions of PasswordVault (ie. the Lite, Standard or Pro Editions), your existing data will be uploaded to the PV Server during the syncing process. This will effectively back up your data to the PV Server, whilst retaining your existing data on your local computer. Your existing data will also work in exactly the same way as it always has with the PasswordVault client of the Enterprise Edition. Thus, it is very easy to upgrade to the Enterprise Edition from any existing edition of PasswordVault.

For full details about using the PasswordVault client, please see the PasswordVault client user manual.


PasswordVault client recovery (Enterprise Edition)
If you are setting up a new computer or recovering from a computer data loss caused by disaster, but have previously been using the PasswordVault client and already have data stored on the PV Server, you'll probably want to simply restore your data to the new computer. This is quite easy to do.

The PV Server uses your computer login to identify you, and your unique data. Since you've already logged in to your computer to be able to access your desktop and installed software (such as the PasswordVault client), your computer login will already be authenticated and ready to go.

When you subsequently launch the PasswordVault client and go through the PV Server connection and registration process, the PV Server will recognise your login, see that you have existing data, and automatically restore your data. The PasswordVault client will then load your services as usual, making them available for immediate use.