moonsoftware Password Agent User Manual
Password Agent
User's Manual
Rev 2.6.1
Password Agent User's Manual Contents •••• 1
Contents
Introduction 4
Description.................................................................................................................................4
Lite vs. Unlimited......................................................................................................................5
Privacy.......................................................................................................................................5
How secure? ..............................................................................................................................6
Security scheme.........................................................................................................................7
Tutorial 9
Creating a new file & setting master password.......................................................................... 9
Program layout.........................................................................................................................11
Groups .....................................................................................................................................12
Entries......................................................................................................................................13
Entry Properties window .........................................................................................................15
Saving your file........................................................................................................................17
Undo feature ............................................................................................................................ 17
Opening a file ..........................................................................................................................17
Security features ......................................................................................................................18
Searching ................................................................................................................................. 20
Printing ....................................................................................................................................22
Sorting .....................................................................................................................................23
Hiding and reordering columns ...............................................................................................23
Useful tools & functions..........................................................................................................24
Password Generator.................................................................................................................24
Options.....................................................................................................................................25
Adding a group..........................................................................................................12
Renaming a group .....................................................................................................12
Deleting a group ........................................................................................................ 12
Moving a group ......................................................................................................... 13
Changing group color................................................................................................13
Adding an account entry............................................................................................ 14
Adding a note entry ................................................................................................... 14
Editing an entry ......................................................................................................... 14
Deleting an entry ....................................................................................................... 14
Moving an entry ........................................................................................................15
Locking a file.............................................................................................................20
Using QuickSearch.................................................................................................... 20
Using the Find tool....................................................................................................21
Main tab..................................................................................................................... 25
Colors tab ..................................................................................................................28
2 •••• Contents Password Agent User's Manual
Templates tab ............................................................................................................29
Hot keys tab............................................................................................................... 29
Common User IDs tab...............................................................................................29
Multiple users .......................................................................................................................... 29
Tips & tricks ............................................................................................................................ 29
Advanced Features 30
Automatically filling login prompts.........................................................................................30
Autofill using global shortcut key ............................................................................. 31
Basic autofill..............................................................................................................31
Sample workflow using autofill ................................................................................32
Templates.................................................................................................................................32
Taking the program with you...................................................................................................33
TakeWithMe wizard.................................................................................................. 33
Running Password Agent from removable disk ........................................................ 34
Using expiration date...............................................................................................................35
Command Line ........................................................................................................................ 35
Import & export ....................................................................................................................... 36
Import........................................................................................................................36
Export........................................................................................................................36
Keyboard shortcuts .................................................................................................................. 37
Network installation.................................................................................................................37
Solving problems 38
Autofill feature does not work.................................................................................................38
Autofill enters double/invalid password ..................................................................................39
Global hot key does not work..................................................................................................40
Open Link command does not open web pages.......................................................................40
Web links open in the same browser window..........................................................................40
Slow or erratic scrolling in entries list ..................................................................................... 41
File is damaged........................................................................................................................41
Administrator privileges required............................................................................................41
Knowledge base & forum........................................................................................................42
How to buy 42
How to Buy.............................................................................................................................. 42
Entering a key code .................................................................................................................42
Uninstalling & Contact Info 43
Uninstalling Password Agent...................................................................................................43
Contact information.................................................................................................................44
Credits...................................................................................................................................... 44
Index 45
Password Agent User's Manual Contents •••• 3
Introduction
Description
Password Agent is a powerful yet compact and easy to use password manager
program that allows you to store all your passwords and data snippets in a single,
easy to navigate and secure database. It is not limited to storing only passwords –
you can store any information you want, like key codes and serial number of
purchased software programs, bank account numbers, credit card numbers,
membership numbers, magazine/newspaper subscription dates etc. Storing all your
useful information in one place makes it very easy to find it when required and you
can also backup all this data at once just by copying single database file.
Main features:
• Fast, compact and easy to use program with familiar interface similar to
Windows Explorer.
• Encrypted password database files, accessible only via user selectable
master password (for enhanced security, master password is used as
encryption/decryption key only and is not stored anywhere). You can
also assign a short master password hint text so if you accidentally
forget your master password, the hint will help you to recall it.
• Unlock window where you enter master password contains function to
confuse key loggers, so if any key loggers are present in the system
where you enter master password, you password will not be logged by
key logger in plain text but is mixed with randomly generated
additional keystrokes.
• Make custom groups/subgroups to divide your entries into logical
groups for easier access.
• Each account entry consists of Title, UserID, Password, Link, Note,
Date Added, Date Modified, Date Expire and Old Password fields. You
can also make Note entries that do not have UserID and Password
fields. All text fields allow virtually unlimited length of text, so you can
store long memos in Note field.
• Option to close or lock the program automatically after defined period
of inactivity or when screensaver starts. So the program will lock
automatically if you are away from your computer.
• Fill login prompts with required data (customizable per entry by
template), thus reduce typing.
4 •••• Introduction Password Agent User's Manual
Lite vs. Unlimited
The Lite version is free but allows you to store up to 25 entries per file. If you need
to store more entries, you may purchase the Unlimited version. The Unlimited
version can store virtually an unlimited number of entries. There are no other
differences between Lite and Unlimited versions.
• Includes password generator that generates unique non-guessable
passwords.
• Powerful QuickSearch function that allows you to easily filter and
display entries across all groups.
• Print hard copy of your database.
• Export your database to HTML (grouped or columnar), XML or CSV.
Import entries from other password database programs in CSV format.
• Custom sorting and column order.
• View/hide sensitive information switch, you can mark what columns
contain sensitive information.
• Multiple users can open the same password database file over network
or as different users on the same computer (first user have full
read/save access, other users will have read-only access).
• Strong U.S. government approved AES encryption with 256-bit key.
• Compact files - its password database file that contains 100 entries may
be below 10 kilobytes in size!
Privacy
If you have just purchased the Unlimited version, see “Entering a key code” on page
42.
We guarantee that none of our software has built-in functions that can contact us
without your knowledge or send any of your information to us without your
knowledge. Some our programs have Check for Update functionality that can be
used to check if there is a new version of the program available. This function is
fully manual, so it is used only if you invoke this command manually. During update
checking the program will open a new web browser window that sends name of the
program, major, minor and build numbers to our server. No personal information is
transferred, including your name, serial number etc. Programs never contact our
server directly, but open your default web browser to establish connection and
display result.
Warning: Be careful when using the program in public computers (at work, internet
cafes etc). Using special logging and spy software it is possible to log all computer
activity, including your master password and other data you enter or view on screen.
If such program is installed then someone can steal your master password and other
data you enter through Password Agent. This is true for all Windows applications,
not only for Password Agent. For example it is possible to log all passwords you
enter manually into your web browser or all text you enter using keyboard; all active
programs, mouse clicks etc. See “How secure?” on page 6 for more information.
Password Agent User's Manual Introduction •••• 5
How secure?
People often ask, how secure is Password Agent. Is it 100% secure? Even when the
data file is encrypted using one of the best “strong” encryption algorithms, there are
several other factors that endanger total security. And unfortunately these others
factors are often overlooked, making people think that total security depends on the
“key length” that is used to encrypt you data.
Assume there is someone who is planning to get access to secrets you are keeping in
Password Agent. You need to know that there are several ways someone may try use
to get access to your secrets, so lets analyze them and make some conclusions.
Stealing your data file
If someone will get access to your data file, don’t worry. He will not get access to the
secrets if he doesn’t know your master password. It is very unlikely someone is able
to decrypt the file without valid master password using today’s computers. But as
today’s best encryption methods are considered “strong”, something may happen
tomorrow that will make them obsolete instantly. This is unlikely, but still possible.
Risk – very low.
Dumping memory
Another potential way to steal your info is to use special Trojan program to dump
Password Agent’s memory to a disk file, then later try to find any plain text info
from this file. To prevent this, Password Agent keeps data in memory in scrambled
form. It is unlikely something will leak that way, but possible (see “Security scheme”
on page 7). Risk – low.
Swap file
Windows manages a swap file – it is memory extension on hard disk, called virtual
memory or page file. Since programs and data files may be very large nowadays,
everything can’t be kept in limited computer memory at the same time, so Windows
now and then writes data and running programs not used at the moment from RAM
to hard disk. That means on one moment Password Agent and any other program
may end up written to swap file along with all memory in use and there is no way to
prevent this. That is almost identical to our previous “Dumping memory” case, but
done regularity by Windows itself! If you are on a public computer then someone
can potentially try to search the swap file for plain text, but Password Agent keeps
data in memory in scrambled form, that makes this difficult (see “Security scheme”
on page 7). Swap file can be only accessed when Windows is shut down. Risk –
medium.
Social engineering
That is old truth and known to everybody – the simpler the password the easier is to
guess it. Don’t use simple master password. Don’t use your name, your dog’s name,
your wife’s name, your children’s name, your favorite actor name, any of your
favorite things, known dates etc as your master password. If someone is trying to get
access to your secrets, that is what he will try first. Use something much more
abstract, like several random words combined with some numbers or even better,
totally random string. Risk – high.
Spy programs
There are too many spy programs available that allow someone to secretly watch and
record your every key press, including your master password you type, text you copy
to clipboard, screen captures, mouse movement and clicks etc. Basically everything
you see on the screen can be also recorded, so on public computers is impossible to
6 •••• Introduction Password Agent User's Manual
Security scheme
warrant secure work environment. Although from version 2.6 Password Agent
contains function to confuse key loggers during entering master password, using the
program in public computers is not recommended if you data files contain any secret
information. The same applies to other people’s computers that are out of your
control. Risk – very high.
Conclusions?
As you can see, final security depends mostly on other factors than encryption
algorithm and key length used. Your file may be encrypted using the best encryption
available, but if someone can easily just “steal” your master password using key
logger or social engineering, then even the best encryption will not help.
To make long story short – total security depends also on you.
Note: On Windows NT/2000/XP/Vista/7 it is possible to tell Windows to clear swap
file on shutdown. You can do this by selecting Clear page file at shutdown option
(see Security options on page 26). This will reduce the risk that something will leak
through the swap file, but if computer crashes or is switched off without normal
shutdown procedure, this procedure will not be carried out, leaving the swap file as
is. If this option is active, Windows shutdown process will take much more time
because the swap file will be overwritten.
Note: This topic is for advanced users.
This topic discusses how exactly Password Agent works behind the scenes, what
kind of encryption is used in Password Agent and also some possible weak points of
the program that may potentially leak your information. You can then decide if this
kind of security is enough for you or not.
Encrypted data files
Data files on the disk, where the data is stored (*.PWA files), are encrypted with
strong AES (Rijndael) algorithm using 256-bit key that is created using Haval
algorithm from user’s master password. Rijndael was chosen lately as new U.S.
government encryption standard to replace older DES and is now called AES
(Advanced Encryption Standard):
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
All data stored in disk file is encrypted, except master password hint (if provided).
Master password
The master password itself is not saved in the disk file. Instead, its hash is stored in
encrypted form. When user wants to open a data file, he is asked to enter master
password. Password Agent will then make a hash from entered master password, and
will decrypt part of the disk file where the actual hash is stored. Then these two
hashes will be compared and if they are the same, valid master password is provided
by user. The actual master password is not kept in memory or anywhere, only its
hash.
Data in memory
Keeping data in memory as safe as possible is also part of program’s design -
something that is very often overlooked and many password managers don’t pay
Password Agent User's Manual Introduction •••• 7
attention to this, putting your secret data in danger. We need to do this to prevent our
secrets end up plain text in swap file or to prevent someone from stealing our secrets
by dumping Password Agent memory into a disk file.
For performance reasons, Password Agent keeps memory data scrambled using
simpler, reversible ‘pseudo-key’ algorithm (XOR-like, but much improved), not the
same strong encryption algorithm AES that is used for data files. Encryption key for
memory data is a random string that is different each session.
Data fields that are scrambled in memory: Title, UserID, Password, Link, Template
and Note. Group names are not scrambled and are kept in plain text format.
Possible plain text leaks
First, these plain text leaks are issue only in non-controlled/public environment,
where very high security is needed. Plain text leak means that some of your secret
data may potentially end up in Windows swap file or RAM and when someone
specialist is specially looking for it, he may find it. It does not mean that Password
Agent will leave temporary files or text files on your disk, readable by anyone.
Normal Password Agent operation, including autofill functionality, should not leak
any plain text into memory or swap file.
The number 1 plain text leak is when using clipboard functions. That means Copy
Password, Copy Note and all other Entry | Copy ... functions. Password Agent will
clear clipboard automatically, but nevertheless copied text may remain in global
memory due to Windows design.
The following functions will leak plain text in big amounts: Import CSV, Export
HTML/XML. These are not optimized to be safe due to their huge use of string
tokens and rare usage, but this may change in the future. When using these
import/export functions in an environment that requires very high security it is
advised to restart computer after completion.
Finally, when Password Agent tries not to leave any plain text in the memory, we
can’t take responsibility about all the other software where you send your secrets
using autofill or by any other means.
Backdoors
There are no backdoors in the program, so if you forget your master password, we
can’t open your file. Master password is not stored anywhere, so there is no way to
“retrieve” it. So be careful with your master password.
8 •••• Introduction Password Agent User's Manual
Tutorial
Creating a new file & setting master password
When you launch Password Agent for the first time, you’ll see the following screen:
To start using the program, you’ll need to create a database file where Password
Agent can store your data.
If you are new to Password Agent, you’ll need to create a new file (if not, see
“Opening a file” topic):
1. Choose Create a new file link or File | New command from menu. A
message is displayed that this is a 2-step process. Press OK.
2. Now Save As window is displayed, asking for file name. Type name for
your password database file, it may be good idea to use your name (like
“John”) if there are more users for your computers besides you. You
can select also different folder if you wish, but by default your file is
saved under My Documents folder. All your data you enter into
Password Agent will be saved into this disk file. After typing your file
name, press Save.
Password Agent User's Manual Tutorial •••• 9
3. Master Password window is displayed.
Every password database file must have master password specified. It
is used to restrict access to the file, so only people who know the
master password can open the file and see its contents. You are
required to supply your master password every time you open your file.
Note: It is important to understand that master password is assigned to
each file separately. Master password is not a password that allows you
to get access to the Password Agent program, but Password Agent uses
it to encrypt and decrypt the file contents. For example, if your friend
brings his own Password Agent database file to your computer, then
only his master password can open his file, not yours.
Choose a master password for your file and enter it in the New
Password field (don't worry about the disabled Current Password field,
it is not used this time). Try to choose a long, hard to guess password,
since if anyone guesses your master password, they will have access to
all your other passwords stored in the Password Agent database file
too. Enter the same master password once again, into the next field.
This is for making sure you did not make an error or "typo".
Warning: You should be very careful not to forget your master password, because if
you forget it, no one, even us, can open the file.
Into the Hint field you can write something that will help you to recall
the master password if you happen to forget it. You can display this
password hint text when you need to enter your master password.
Please note this text is visible to all people who are trying to open your
encrypted file, so don’t use something too simple that could help others
to guess your password.
If you are finished typing your passwords, press OK to finally create
the file.
At this point Password Agent has finished creating your file and you can start
entering your data. See the following topics about program layout and how to add
your first entries.
10 •••• Tutorial Password Agent User's Manual
Program layout
Password Agent has a simple 2-panel (left and right side) layout similar to Windows
Explorer. On the left side you see a hierarchical tree that displays the groups. You
can click groups with the mouse to display their contents in the right panel. Initially
the left panel (lets call it the "groups tree" from now on) only lists one root entry
titled "Root". The right panel, as mentioned, displays entries that the selected group
contains (we will call it the "entries list" from now on).
Other parts of the program are menus, toolbar and status bar. You use the menu and
toolbar as in other programs - there is nothing really different with them. Status bar
displays info about state of the program, see image below for description of status
bar sections.
The groups tree and entries list have right click (context) menus, so you can perform
common actions just by right clicking on a group or entry. There are context-menus
available for the entries list column headers and main toolbar as well.
Explanation of the main screen:
1. Groups tree. Right-click to display context-menu.
2. Entries list, displays entries from group selected on left tree. Rightclick to display context-menu.
3. Header
drag with the mouse to rearrange columns. Right-click to display
context menu.
4. Main menu bar.
5. Toolbar buttons for fast access to most used menu commands.
6. Name of currently open data file.
7. Count of currently visible entries (if group is selected or filter is active),
total count of entries and count of groups.
8. QuickSearch text entry box allows you to quickly find an entry by
typing part of its title.
Password Agent User's Manual Tutorial •••• 11
control of entries list. Press column title to sort by that column,
Groups
You may create groups to keep related entries together. If you have many entries,
this helps to navigate through your password entries faster. You don't need to create
any groups at all to use Password Agent, but groups help you to organize your data
better. You may find it helpful to think of groups in Password Agent as folders in
your file system. You work with groups the same way as folders in a filing system.
Tip: You can perform most group-related commands also by right-clicking on a
group. That will invoke context menu that displays the same commands that are in
the Groups menu.
Adding a group
1. To create a new group, choose Group | New command. Note that there
is now a new node visible in the groups tree, titled "Untitled group"
and it is in edit mode.
2. Type in the name you want to use, and press the Enter key.
Each new group is created as a subgroup of the selected group. So, if you have a
group selected and use the New group command, the new group is automatically
created as a subgroup under the selected group. To create top-level groups, the
virtual root group titled "Root" must be selected first.
Renaming a group
You can rename a group anytime you wish:
1. Select the group you want to rename
2. Press the F2 key or choose Group | Rename command. The group
node changes to edit mode.
3. Type in the new name, and press the Enter key. If you don't want to
finish renaming for any reason, you may cancel editing by pressing the
Esc key.
Deleting a group
To delete a group:
1. Select the group you want to delete.
2. Press either the Delete key, or use the Groups | Delete menu
command. Alternately, you can use the mouse to highlight, and right
click to bring up the groups menu.
If your group was empty, it will be deleted immediately. But if your group, or
subgroup below it, contains entries, Password Agent will display "Delete group"
window asking what you would like to do with the accounts the group contains. You
may either keep the accounts by moving them to a group of your choice, or you can
tell Password Agent to permanently delete those accounts.
12 •••• Tutorial Password Agent User's Manual
Note: You cannot delete or rename the Root group. The Root group is a special built-
in virtual group that represents all entries in database. Selecting this group will
display all entries in the entries list, no matter into what user-defined group they
belong. That way you can list all entries at the same time, even from different
groups. Also, since it is possible to create new entries that do not belong to any userdefined group, Root group is the only way to list these entries since they only belong
to that virtual group automatically (as do all other entries).
Moving a group
You can move a group by dragging it with the mouse. By dragging one group over
another and then releasing mouse button will make the dragged group subgroup of
the target.
To cancel already started drag operation, press the Esc key or drag the group outside
the groups pane.
Changing group color
You can change color of a group image that is displayed in the group listing. That
way you can mark certain groups to be different so you’ll locate them more easily.
1. Select the group you want to change.
2. Choose Group | Change Color and choose a new color from the
displayed submenu.
Entries
To restore the default yellow color, just repeat the process but choose the yellow
color.
Password Agent allows you to use two different kind of entries – account and note
entries.
An account is a small collection of information related to one object (web
site/program/credit card etc). An account can consist of the following main fields:
Title, UserID, Password, Link, and Note. You don't need to provide all the
information, only the fields you want to store.
For example to access the Internet, your service provider usually gives you special
user name and password so only authorized customers can connect their
computer/server. We call this information user account (or just account for short).
On the other hand, many web sites nowadays require you to register to create an
account on their site, especially Internet stores. So you can easily create and store
these accounts in Password Agent.
In addition to password accounts you can create special note entries. They are simple
entries that can be used to store free form textual information, like your software
serial numbers, credit card numbers, secret notes etc. Note entries are similar to
account entries except they don’t have UserID, Password and OldPassword fields,
but simply use the Note field to store your information.
People are sometimes confused how they can store their credit card or other specific
data when there is no special credit card entry type. The note entry allows you to
store any kind of textual data, just don’t think you are not allowed to type your data
here because the name of the field is Note.
Password Agent User's Manual Tutorial •••• 13
Adding an account entry
To create a new account entry:
1. Choose Entry | New Account command. The New Account window is
displayed (see “Entry Properties window” topic for details).
. Fill in the fields you need, and press OK button.
2
Your new entry should now be displayed in the entries list.
Tip: The data entry window is resizable so if it looks too small you can resize it to
your taste by dragging its border with the mouse.
Adding a note entry
Creating a new note entry is identical to creating a new account entry (see previous
section), except note entries don’t have UserID and Password fields.
1. Choose Entry | New Note command. The New Note window is
displayed. See previous section “Adding an account entry” above about
field descriptions.
Editing an entry
To edit an account or note entry:
1. Double-click it with the mouse, or select it and choose Entry |
Properties command from the menu. The Properties window is
displayed. Pressing the Enter key in entries list also displays the
Properties window about selected entry.
2. Make the modifications you need, and press the OK button.
Deleting an entry
To delete an entry:
1. Select the entry you wish to delete by clicking it with the mouse.
2. Press the Del key, or choose Entry | Delete command.
14 •••• Tutorial Password Agent User's Manual
Loading...