Q1. What is the problem that you are trying to solve?
There are times were external parties need to / want to share passwords with a passbolt user. This is often done via mail, which is highly insecure unless the email is encrypted. As we all know email encryption is not a real standard among the email users.
Q2 - Who is impacted?
Everybody who is receiving passwords from external parties.
Q3 - Why is it important and/or urgent?
Most password managers think about how to store passwords securely, but how do the passwords get into the storage? Thinking the password manager further is vital to stand out of the masses, right? And it’s a real security benefit!
Q4 - What is your proposed solution? (optional)
As a non-user (external) I want to transfer a password to a passbolt user so that it cannot be easily intercepted or is stored (in email accounts) unencrypted.
The idea: When you approach an external party to provide you a password, you prepare a password resource in passbolt beforehand. You copy the “public-insertion-link” into your email which you will send to the external party to request the password. The external party follows the link and reaches a passbolt website. Here he or she pastes/enters the password which encrypts the password on submission based on the public key of the password resource creator.
It’s like the inverse to e.g. Password Pusher
Q5. Community support
People can vote for this idea to show traction:
not allowed to create polls