Great product and thanks for your hard word and paying attention to details as you develop! Also, thank you for committing to offer the Mobile App as a permanent feature in the Community Edition.
I have one more ask: Offer MFA/2FA for all editions.
Rationale:
With MFA/2FA now being the standard for accessing portals, I believe it would be appropriate to offer MFA/2FA for all editions (including Community Edition) for STANDARD security.
Thanks for your consideration.
People can vote for this idea to show traction:
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
Well, I wouldn’t mind paying a bit for this feature, but it should have a “home-use” license that you are only allowed to use in private and not in businesses (where things like LDAP etc are not included) together maybe with some auditing features etc.
I understand that certain features you will need to pay for do make sure that the product will keep developing.
I thinks this one is a security enhancement who can be profitable to everyone and not only enterprise. It’s the only PRO feature which is terribly missing on Community.
Can someone explain why the 2FA in the passbolt pro edition effectively increases the security of passbolt ?
If I’m not wrong, even in the community edition, the passphrase (first factor : what I know) is there to decrypt the private key (second factor : what I own) on the client side. So it is already a 2FA way to be able to retrieve a password. No ?
Instead of multiplying the factors of authentication beyond the two ones that are already there in the community edition, I’d rather focus on easing the differentiation (by device) and the rotation of the keys to be able to have fast and intuitive reaction in case of compromission (key file exposed, device stolen, …)
@farfade we tried to explain that 2FA is already build-in by default since authentication is not password based but to be honest it’s an uphill battle. The same way there is also option to add 2FA for SSH, it doesn’t hurt to add one more for passbolt as well, even if it’s just marginally better.