Setting to ask for password every time for signatures
Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan
-
- User
- Posts: 1
- Joined: Tue Oct 01, 2013 9:49 pm
Setting to ask for password every time for signatures
I have been using PDF-XChange Editor for a while now and have recently been using it to digitally sign documents. The first time I used it, it asked for my password for my signature and it signed the document just as expected. However every time after that when I go to sign a new document it does not ask me for the password and just signs the document. While convenient it is a large security problem. Anyone using the computer can digitally sign anything with my signature. Is there a setting to make sure it ask me for the password every time I want to sign something? Adobe Acrobat always asks.
- Will - Tracker Supp
- Site Admin
- Posts: 6815
- Joined: Mon Oct 15, 2012 9:21 pm
- Location: London, UK
- Contact:
Re: Setting to ask for password every time for signatures
Hi!
Thanks for the post - there isn't an explicit setting for this in the Editor, but you can set this by first closing the Editor, then opening the attached ZIP folder and double clicking the Reg file within: HTH!
Thanks for the post - there isn't an explicit setting for this in the Editor, but you can set this by first closing the Editor, then opening the attached ZIP folder and double clicking the Reg file within: HTH!
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
-
- User
- Posts: 8
- Joined: Wed Aug 29, 2012 6:39 am
Re: Setting to ask for password every time for signatures
Hi
I have tried to use the flushpin.reg but to no avail.
I am not prompted for pin and password of my digital signature.
In addition, all pages suddenly get the "Click to buy now" sun in the top corners.
Was that intended?
Regards,
Brian
I have tried to use the flushpin.reg but to no avail.
I am not prompted for pin and password of my digital signature.
In addition, all pages suddenly get the "Click to buy now" sun in the top corners.
Was that intended?
Regards,
Brian
- Will - Tracker Supp
- Site Admin
- Posts: 6815
- Joined: Mon Oct 15, 2012 9:21 pm
- Location: London, UK
- Contact:
Re: Setting to ask for password every time for signatures
Hi Brian,
Thanks for the post - I've spoken to the Dev. Team about this and they've told me that they intially misunderstood the question. Currently, this is not possible, but they've asked me to make a feature request out for this feature, for implementation in a future build.
Cheers,
Thanks for the post - I've spoken to the Dev. Team about this and they've told me that they intially misunderstood the question. Currently, this is not possible, but they've asked me to make a feature request out for this feature, for implementation in a future build.
Cheers,
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
-
- User
- Posts: 8
- Joined: Wed Aug 29, 2012 6:39 am
Re: Setting to ask for password every time for signatures
Fine, looking forward to the new builds.
Brian
Brian
- Tracker Supp-Stefan
- Site Admin
- Posts: 17823
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
-
- User
- Posts: 1
- Joined: Thu Jun 26, 2014 12:05 pm
Re: Setting to ask for password every time for signatures
Hi, do you have any developments on this issue? I am currently with build 308.0 but the password is only requested once for each certificate.
Thanks in advance,
Pedro
Thanks in advance,
Pedro
- Tracker Supp-Stefan
- Site Admin
- Posts: 17823
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
Re: Setting to ask for password every time for signatures
Hello Pedro,
Can you please try build 308.2 (the current latest) and let us know if the problem is still present?
Regards,
Stefan
Can you please try build 308.2 (the current latest) and let us know if the problem is still present?
Regards,
Stefan
Re: Setting to ask for password every time for signatures
Hello Stefan
We'd like to require the user enter his digital signature password every time he digitally signs a PDF document. This works "out-of-the-box" with Adobe Acrobat Reader - and it seems more secure than being able to sign subsequent documents without password entry.
Is this possible at all?
What does the setting "Flush PIN" setting do? - I see no difference if it is activated or not.
We are using XChange viewer version build 317.1. Digital signatures are created outside of PDF XChange viewer.
Yours sincerely, Daniel
We'd like to require the user enter his digital signature password every time he digitally signs a PDF document. This works "out-of-the-box" with Adobe Acrobat Reader - and it seems more secure than being able to sign subsequent documents without password entry.
Is this possible at all?
What does the setting "Flush PIN" setting do? - I see no difference if it is activated or not.
We are using XChange viewer version build 317.1. Digital signatures are created outside of PDF XChange viewer.
Yours sincerely, Daniel
- Tracker Supp-Stefan
- Site Admin
- Posts: 17823
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
Re: Setting to ask for password every time for signatures
Hello eumaios,
Are you using the Viewer or Editor?
If still using the Viewer - please try installing and testing in the Editor.
The "Flush PIN cache before applying signature" setting turned on in the Edit -> Preferences -> Signatures window should make it so that you are asked for the password every time you try to apply a signature, and it seems to work for us with the Editor.
Regards,
Stefan
Are you using the Viewer or Editor?
If still using the Viewer - please try installing and testing in the Editor.
The "Flush PIN cache before applying signature" setting turned on in the Edit -> Preferences -> Signatures window should make it so that you are asked for the password every time you try to apply a signature, and it seems to work for us with the Editor.
Regards,
Stefan
-
- User
- Posts: 1
- Joined: Tue Jun 30, 2020 7:52 pm
Re: Setting to ask for password every time for signatures
Hi,
This seems to be an older post, but I am having the same issue and was wondering if there is any update about this.
I have turned on the setting "Flush PIN cache before applying signature" but it does not seem to have changed anything on my end and I am not prompted for a password anytime I sign or certify a document.
Thank you!
Stephanie
This seems to be an older post, but I am having the same issue and was wondering if there is any update about this.
I have turned on the setting "Flush PIN cache before applying signature" but it does not seem to have changed anything on my end and I am not prompted for a password anytime I sign or certify a document.
Thank you!
Stephanie
- TrackerSupp-Daniel
- Site Admin
- Posts: 8436
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Setting to ask for password every time for signatures
Hi, langlois.steph
Apologies for the confusiuon, I have discussed with the Dev team at length, and it turns out that checkbox is specifically pertaining to Smartcard readers which have a "Pin" system. This checkbox will clear that memory when signing so that users are prompted to enter it each time. This unfortunately will not have any effect on self signed certificates or signature files/certificates which are not associated with a Smartcard.
We do have a new "digital ID manager" planned for an early V9 release, probably not the initial release planned for September, but more likely one of those following it. This new ID manager will include an option to "never remember passwords" for you certificates. Until then, there is no way to do this.
Kind regards,
Apologies for the confusiuon, I have discussed with the Dev team at length, and it turns out that checkbox is specifically pertaining to Smartcard readers which have a "Pin" system. This checkbox will clear that memory when signing so that users are prompted to enter it each time. This unfortunately will not have any effect on self signed certificates or signature files/certificates which are not associated with a Smartcard.
We do have a new "digital ID manager" planned for an early V9 release, probably not the initial release planned for September, but more likely one of those following it. This new ID manager will include an option to "never remember passwords" for you certificates. Until then, there is no way to do this.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Re: Setting to ask for password every time for signatures
Hello
I know this post is old but there still seems to be no way to make PDF XChange Editor forget the password for digital signatures after every use which is still a security risk. Please advise when this feature will be implemented.
I know this post is old but there still seems to be no way to make PDF XChange Editor forget the password for digital signatures after every use which is still a security risk. Please advise when this feature will be implemented.
- TrackerSupp-Daniel
- Site Admin
- Posts: 8436
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Setting to ask for password every time for signatures
Hello, nsimmons
A colleague of yours seems to have emailed us about this as well, I have just replied to them, but this was the main part of that reply:
In short, this item has once again been pushed back. I have spoken some of my colleagues, and the we have had a brief meeting with the Lead Developer about this item and why it has gone on so long. He has informed us that it is very difficult to change the system at this time, due to how windows feeds us certificate information. As such any changes to this system will take considerable time and resources.
He has promised that it will be done, but cannot offer a timeline. There is however one other thing we wanted to mention. The Editor only stores certificate passwords within the current users account registry (encrypted at that). If you try to sign with the same signature file on another user account, even on the same device, they will be prompted for the password, and unable to use it until they can supply it. This makes it highly secure, assuming that you are employing good security practices, like using a unique password for the certificate, locking your user account when away from the device, and ensuring you do not share user profiles on the same device.
Kind regards,
A colleague of yours seems to have emailed us about this as well, I have just replied to them, but this was the main part of that reply:
In short, this item has once again been pushed back. I have spoken some of my colleagues, and the we have had a brief meeting with the Lead Developer about this item and why it has gone on so long. He has informed us that it is very difficult to change the system at this time, due to how windows feeds us certificate information. As such any changes to this system will take considerable time and resources.
He has promised that it will be done, but cannot offer a timeline. There is however one other thing we wanted to mention. The Editor only stores certificate passwords within the current users account registry (encrypted at that). If you try to sign with the same signature file on another user account, even on the same device, they will be prompted for the password, and unable to use it until they can supply it. This makes it highly secure, assuming that you are employing good security practices, like using a unique password for the certificate, locking your user account when away from the device, and ensuring you do not share user profiles on the same device.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com