Q1. What is the problem that you are trying to solve?
Reduce the barrier to entry for less technologically savvy user.
Acknolegement up from:
I understand that the security architecture is built on the assumption that the GPG key is strongly generated and that generating that key from a user master password like other solutions is less secure. However, I feel it would be best to allow an admin to make that decision for their users.
Q2 - Who is impacted?
Potentially all users
Q3 - Why is it important and/or urgent?
This allows admins to choose the level of security they desire for their users and allows them to choose to provide an experience more in line with what users may be used to coming from other solutions. Without this choice, admins are forced to retrain their users or find another solution.
Personnel note: My motivation for this request is due to my love of the simplicity of the Passbolt UI and how easy it is to navigate. Sharing with Passbolt if far more intuitive with folders compared to Bitwarden’s Organizations and Collection. However, the barrier to entry for users to manage their own key files is too high to make the jump just for the UI. This feature would allow familiar login work flows to be used and make it easier for organizations to migrate to Passbolt.
Q4 - What is your proposed solution? (optional)
Use this section to be describe how you would solve this problem if you have a preference or ideas on how to move forward. The more complete the proposal the better, so feel free to add:
- The admin console would include a toggle to require the use of a pregenerated key file
- If enabled, the existing architecture could be used. If disabled, the backend would generate the key based on the master password like other solutions.
- Users logging into the app / extensions would be allow to use only their password and email if a key is not required or must provide the key if it is.
- This would also address the challenges around logging in with new devices and the need to “recover”
Q5. Community support
People can vote for this idea to show traction:
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
Hi @JingleheimerSE, from my point of view, one of the key points of Passbolt is its security by encrypting your passwords using your GPG key.
If you remove this and use a master password, you are reducing the security of your password manager a lot and as a personal opinion, there is no difference between Chrome’s password manager or others.
I can understand your point, but I think this feature is not difficult to use, you just need to keep your key in a safe place. And in case you lose it or want to avoid it, you can use account recovery from the PRO version.
I think this should not be included, but I’m open to hearing other opinions
Thanks for the feedback @Termindiego25!
I absolutely agree that keyfiles are a clear feature of Passbolt and I certainly wouldn’t want that to change as a default. I also agree that not using the keyfile reduces the security of the tool to that of other options. That said, I think Passbolt has more to offer than just its security: intuitive UI, ability to self host, being able to intuitively share items via folders (sorry Vaultwarden but “organizations” and "collections"are clunky at best), etc. Implementing this feature would allow organizations to take advantage of all those other things and then make their own decisions on what level of security they require and if requiring keyfiles is worth the overhead of retraining and supporting their users who are coming from another product without keyfiles.
Lastly, I’ll be the first to admit that I don’t really expect that this feature would be implemented given how many other improvements could likely get implemented in its place. That said, I thought it important to mentioned and start a conversation as it likely is impacting the adoptability of Passbolt (I know its impacting our trade study). Thanks again for all the hard work!
Hi @JingleheimerSE. Now I can understand why you suggested it, but I still don’t agree.
In my opinion, doing this will reduce the security of Passbolt as we agree, and I don’t think the intuitive user interface is more important than security.
Passbolt has self-hosting options and sharing folders… (what you mentioned) and in my opinion, the user interface is quite intuitive, as the team is working together with the community to improve it.
If what you suggest is implemented, it means that it will bypass the second security check when logging into a new device and use only one password which, in most cases, would be the same as the passphrase they will use later to unlock. the extension. This would be very dangerous because if a password is found in a breach, a hacker can easily log into your server because their only challenge is to verify their email (in most cases, the same password as Passbolt).
If that happens in the real scenario (the hacker gets access to your email, verifies it and gets the password) you can’t do anything unless you also have your key file because the password is only stored in your browser and is not useful to decrypt all your passwords.
In short, I don’t think this security check makes Passbolt any less intuitive, and I don’t agree that changing it would make it more intuitive, just less secure.
As in the last post, I am open to hearing other opinions and improving Passbolt together
Totally understood and I think everything you stated is valid.
The only clarification I’ll make just for anyone else who stumbles on this is that I don’t think implementing this feature would per say make Passbolt more “intuitive” but rather more accessible. The difference being that allowing admins disable the GPG key requirement, while certainly impacting security, would make it so an organization could migrate to Passbolt and their users wouldn’t need to be retrained on the login process. As mentioned before this would be a lateral move for security coming from other tools but it would make the decision to make that move much easier. Additionally, it would enable organizations to migrate in a phased approach by say moving users over with a familiar login, letting them get familiar with the tool and train to its basic usage, then increase the security say in a year by requiring the use of the GPG key.
For example, say our organization was using LastPass but wanted to move to Passbolt and host internally. While the lack of the GPG key leaves the security on par with LastPass it allows us to move in the right direction. Certainly training will be needed in general and is a reasonable approach but every little bump on the road plays into the cost analysis where even a slight increase in training and IT support for users who don’t understand the need for the key or lost their key could cost tens of thousands of dollars extra to support users.
Thanks again for the discussion and hard work!