Emergency access

Does Passbolt have any “Emergency access” feature which makes it possible to gain access to an account when the original owner for whatever reason loses access?

I know there is a Account Recovery feature which enables administrators to recover user accounts. But as I understand it the user must still have access to their email and any browser that was used to log in to Passbolt before. Is there any way to gain access to a user’s account when the user does not have access to either their email or their usual browsers?

Hello @hertog , welcome to our community :slight_smile:

Indeed, there is a PRO feature that is Account Recovery, you’re basically sharing your encrypted recovery-kit with the server, in case you lost it, you’ll be able to recover your account.

So, in your case, yes there is a possibility for your user to proceed to the recovery of his account even if he can’t access his email, the only thing that is mandatory it’s his recovery-kit (his private key), if the user have it, you can generate a recovery token from the server:

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt recover_user -c -u user@to_recover.com"

If he doesn’t have access to his private key, he could navigate to his passbolt profile from the usual browser, navigate to “Key Inspectors” and download his private key. (Make sure to have it somewhere safe).

If for any reasons he lost his private key, without the Account Recovery feature, unfortunately it’s impossible for him to recover his account. If he had any shared passwords, you could create a new account, make sure that all of the shared passwords are shared with his new account, but all the unshared passwords will be gone…

I hope it helps