Password Pusher: November 2024
Here are all the things that have happened, happening and progressed since September 2024.
I’ve been so busy building that I missed October in writing this so November it is.
What’s New on pwpush.com
Requests
Securely request sensitive information from your clients, colleagues and customers.
Read more about this feature here.
Thank you for all the great feedback on this new feature!
Coming next for Requests: email notifications on responses - and probably optional web push notifications as well.
QR Codes
You can now push QR codes directly to end users.
This is often used to send things like:
Two Factor Setup codes (TOTP)
Wifi Passwords
VPN Settings
Delivery Tracking Links
And more…
End users open a secret URL and get a QR code that they can scan with their mobile phone.
Subscriptions & EU VAT Taxes
With the subscriptions comes tax reporting. EU based subscribers are now charged VAT tax for the EU.
If you are an EU business and have a VAT ID, add yours here so you don’t get charged VAT on the next billing cycle.
UK VAT taxes coming soon. I’m awaiting registration to complete.
Up Next for pwpush.com
Pro Users: Full End to End Branding
Pro users will soon login and use the entire site using their custom domain. Further, your Pro account will offer full branding of the entire site according to your branding preferences. No more Password Pusher logo, no more pwpush.com (unless you want it).
Datacenter Migration
Some organizations have strict security policies barring users and end-users from accessing services located outside of the United States.
pwpush.com currently hosts some resources in data-centers in Europe. This is historical and all resources will be moved to the United States likely within the next month or so.
I’ll announce a maintenance window in the near future (on the weekend) to perform the migration. There may be a small window of downtime on a Saturday or Sunday.
Longer term, I may offer a choice going forward as to where you prefer your account and data to be hosted.
For all pwpush.com users, this change will be transparent.
New Security Documentation
I often get questions regarding what encryption is in use, security strategies and best practices.
If you are evaluating Password Pusher for your organization, I put together this Security documentation that hopefully summarizes the most important parts.
Open Source Edition / Self-Hosted
The most important piece of information to note for the OSS edition is that a potential XSS vulnerability has been reported. If you are self-hosting and enabled the login system, please update to at least v1.48.1 as soon as possible to best mitigate risk.
Details about the vulnerability has been granted ID CVE-2024-51989 and is available in this Github Security Advisory.
Security & Hardening
I’ve had some great security firms and researchers reach out to me recently in private pointing out potential weaknesses in the application.
This is a big benefit to the application and makes the whole community (and application) more secure.
Password Pusher has been through these revisions multiple times in the past and is welcomed every time.
You might have noticed some security improvements in recent releases. More are on the way.
What’s Next for the Open Source Edition
The open source edition is currently in a temporary state of flux as I update and improve backend code to accelerate future development.
The result of these changes may result in a v2.0.0 release.
Once this process is complete, next up for OSS is Requests and QR codes which should be a simple copy/paste from pwpush.com.
This is the end goal of the previously mentioned work - simpler migration of features and overall easier code maintenance .
Summary
There is of course a lot more happening behind the scenes (like the initial steps on a HaloPSA integration - thanks Rising Tide Group!) but these are the most relevant items without wasting your time.
I massively appreciate the community and all of the great feedback (and kind words) I’ve gotten. Password Pusher is built directly as a result of this feedback.
As always, if you have any questions or issues, feel free to contact me anytime at pglombardo@pwpush.com.
Thanks for Reading!
Peter Giacomo Lombardo
See Also
- Password Pusher on Github & Docker Hub
- Configuration Guide for Password Pusher
- Support Password Pusher and get $200 in cloud credits by signing up to Digital Ocean with this link
