|About Lost Passwords|
Helix provides the ability to password protect databases (collections) at multiple levels. This documents discusses password options and what to do if a password is lost or forgotten.
|What Types of Password Protection Does Helix Offer?||
Helix allows you to password protect collections at two levels.
|How Do I Set a Collection Password?||
Collection passwords can be set while in Design Mode by selecting Collection Password… from the Set menu.
The Collection Password… command can also be added to any user menu, allowing access to the while in User Mode, or while accessing the collection via Helix Client and Helix Engine.
Please be sure to read the cautionary note below about lost collection passwords.
|How Do I Set a User Password?||
User passwords can be set while in Design Mode by selecting User Password… from the Set menu. (If there is more than one user, you will be prompted to select which user to set.)
The Edit Users command can be added to any user menu, allowing access to user editing (including passwords) in User Mode, or while accessing the collection via Helix Client and Helix Engine.
|I Lost My Password, Can You Tell Me What It Is?||
No. Passwords in Helix are stored in an encrypted form, and are not stored along with the rest of the user log in data. Without a detailed understanding of the internal format of a Helix collection, it is impossible for anybody to locate the password data. And even if it is found, it is impossible for us (or anybody else) to reverse engineer a password and figure out what it was. (Passwords are encrypted with a one way hash that can not be reverse-engineered.)
|What If I Forget My User Password?||
User passwords are secure against reverse engineering, but our collection repair facilities can remove a password, should the need arise.
Naturally, the key to this process is a well-guarded secret. It also requires that you clearly demonstrate to us your right to request such a service.
Please be aware that we do exercise due diligence in attempting to determine whether a password bypass request is legitimate or not. While we don’t encounter too much cloak and dagger stuff in the Helix world, there have been occasions where we have been asked to bypass a password in order to help a customer avoid paying a developer for services rendered, or to access data in a collection acquired through less than upright methods. Please do not take offense if we “put you through the ringer” in attempting to establish the legitimacy of your request. Remember: if your database was stolen, you wouldn’t want us to help somebody else access your personal data simply because they asked for it.
|Our Developer Is Gone, and He Never Gave Us The Passwords. Can You Help Us?||
Maybe. We take copyright and data ownership very seriously. Some developers sell collections for end users, but do not include the right to access Design Mode. Of course, developers also go out of business from time to time and even though they would no longer assert such a claim, they simply can not be contacted. In all cases, we attempt to determine who the original developer was and to contact them to learn what their position is. If there is a dispute over the right to access the collection, we do what we can to resolve it.
|We Had a Fight With Our Developer, and He Refuses To Work For Us. Can You Help?||
Yes. If a relationship between a developers and customer goes bad, we can attempt to mediate the dispute. One party will probably disagree with our decision, but we will make a good faith effort to resolve it fairly.
|How Do I Arrange a Password Bypass?||
Bypassing a password falls under the category of collection repair services. Review our Collection Repair Policy page for information on the process.
The first step is to download the Repair Services Agreement (in pdf form). You must sign and return this Repair Services Agreement along with documentation proving your ownership of the collection and establishing your right to have the password(s) removed. Once we have a signed Repair Services Agreement in hand, we can accept the collection and proceed to the next step.
Our next step is to research the collection’s origins to confirm ownership. If there is any question regarding your right to access the collection, we will attempt to contact other parties (e.g. the original collection designer) who may put forth a claim that counters your assertion of ownership. In these cases we can attempt to mediate the dispute and arrive at a settlement that works for all parties, or we can step back and wait for the parties to work through legal channels to arrive at a resolution.
Once the red tape is dealt with, it takes less than 24 hours to complete the repair.
Because there is no way — not even for us — to decrypt the passwords, all we can do is clear them and return the collection to you with the password removed.
|What If I Forget My Collection Password?||
If you lose or forget a collection level password, you will not be able to access the database. It will be locked against all attempts to open it and your data will be lost until that password is recovered. In most situations, it is impossible for QSA ToolWorks to bypass a collection password, and should not be relied upon as a safety net. If you must use a collection level password, be sure you are running the newest version of Helix available, as that increases the odds that we have the knowledge required to bypass it.
QSA ToolWorks does not recommend using collection level passwords unless the database contains highly confidential data. There is no way to reverse engineer a collection level password and bypassing a collection level password is difficult and time-consuming (i.e: expensive) — even impossible in certain situations.
Nonetheless, should you lose a collection password, you should contact us to discuss the options available for recovering your data.
|Can I Use Passwords to Protect my Database Design?||
Yes! The best way to do this is to remove the Design Mode command from all users except your own, and put a password on your user. Other users can then only access User Mode. Even if they open the collection with Helix RADE, the collection will remain in User Mode unless your user/password is used to log in.