Is Passbolt for me?

I administer the personnel records of a club with 500 members. Their passwords are now stored in a database in plaintext. I am looking for a software which would automatically salt and hash the passwords and grant access to the members’ area of our website without my having access to the plaintext passwords. Will Passbolt do this? I would hope that it has an interface for a non-coder. I know Javascript and ColdFusion but not php, Perl, Python or any other coding language. I do not fully understand encrypting passwords, and how to generate and assign salts, and am hoping that there is a software which does this.

Hello @FrankF,

It seems to me you could always use passbolt, but wether it’s the best for this particular use case really depends of the details of your use case.

For example it’s unclear to me how these passwords are used, who is setting them, when they are accessed and why.

Are these passwords used only to login into a web application? If so maybe the best would be to just salt and hash the passwords directly in such application and not store the password anywhere in clear. Your members can then store their password in the password manager of their choice (passbolt or else). By default password in passbolt won’t be automatically sync’ed with your web application, unless you build the integration between passbolt and this application yourself.

I hope this helps, feel free to ask more questions if I misunderstood your query.

Remy, thank you so much for replying to my question! I am the webmaster of a club with a few hundred members. Their login email addresses and passwords are contained in an MS Access database. When they login correctly, ColdFusion code writes a cookie to their browser which let’s them access their profiles and account info.

Their passwords are all in plaintext now, and I need a software package which will encrypt their passwords when they register and then approve the passwords every time they log in. I don’t care at all what individual password managers they use for all of their passwords, I need a password encryptor/administrator on my end which will administer the website automatically. I hope this makes sense!

I’m not really sure if there is a “tool” to do this – for your website it would more-so be a library you would use/load into your code to hash these raw passwords in your database.

Passbolt is a password manager for self / teams, it’s not really for your use case… Passbolt is more so for saving your personal passwords and then when you go to a website, it will fill in your password for you, so that you just have to remember your 1 password and not your password for that specific website. I’m sure there is a way you could integrate passbolt into your website, but i’d assume all users would have to then download passbolt and use it, and that’s not really what you are looking for.

I’m not sure if you have, but I did a quick google for “coldfusion password hashing” and found many results…

Good Luck!

1 Like

Yes, I can see that the answer to my problem is going to be found in a ColdFusion community forum where custom-made functions and code are available. Of course I have googled the issue, but I always find it unbelievable how much knowledge Google makes available which is many years out-of-date, with solutions referring to obsolete code and applications. Thanks for your advice, and I shall try to close this topic now, if I can!

1 Like