Need some information about Passbolt password manager

Community Feedback
1

Hi Team,

We heard about Passbolt and we do have created a criteria sheet , we see that most of our requirements are covered , still we would like to get more info.
Below are our questions. We would really appreciate if someone from Passbolt can answer these :slightly_smiling_face:

|1|Should be cross platform , should work on all OS - WIndows/MAC/Linux/mobile /IOS/web should have browser extensions |
|2|Should be on premises|
|3| Must be totally secure with -end-to-end and strong encryption, multi-factor authentication, and up-to-date security|
|4|Should have a user-friendly interface|
|5|Recovery option should be provided in case master password is forgotten

Recovery option should only work for group managed passwords and not individual passwords? No recovery is a sign of good security here.

More explanation: Recovery requires the central location to have the ability to decode it independent of the persons master password. So inability to recover without the master password means even the central location doesn’t have access to decode it, only the endpoint with the user’s password and the operations done on that password allow the decoding. That is a trade off.|
|6|Automatic Device Sync -when switching devices we should instantly find all up-to-date information on our vault.|
|7|Should be able to create groups|
|8|Should serve as a centralized repository to consolidate sensitive passwords. A strong vaulting mechanism, AES-256 encryption, dual encryption, and other standard good practices to ensure rock-solid data security.|
|9| Detailed reporting feature when required|
|10| Provision to transfer data only through secure communication channels via SSL/TLS.|
|11|A simple and powerful password generator that helps to generate a strong and unique password for each application based on the internal password policy.|
|12|Help users access the service from any device, operating system, and browser without any additional requirements.|
|13| Administrators should be provided with a powerful dashboard to carry out operations like user import, set user roles, policies, and grant and terminate user access.|
|14|Users should be able to share passwords with different levels of password-sharing permissions: view, modify, manage, one-click access only|
|15| Helps users quickly log in to their everyday apps and websites in a single click.|
|16|Works with identity providers and popular apps, and also offers APIs for custom integration if required|
|17|Admins can share a password with multiple groups and changing the password is reflected across all users + devices that have access to it|
|18|Rotating a shared password is reflected across all users + devices who have access to it|
|19|Passwords rotation should be easy or there should be some automation for same|
|20|Addition of new users should be easy and seamless|

2

Hi @nilesh Welcome to the forum!

You mentioned you had questions? In case you haven’t seen it, there’s also https://help.passbolt.com/ with documentation and FAQs.

3

|1|Should be cross platform , should work on all OS - WIndows/MAC/Linux/mobile /IOS/web should have browser extensions |
There are browser extensions for all chrome based browsers, firefox and edge (it is chrome based but we did the leg work to have it on their webstore)

|2|Should be on premises|
Aye aye captain we do support a lot of linux distro, docker image, OVA, helm chart for k8s

|3| Must be totally secure with -end-to-end and strong encryption, multi-factor authentication, and up-to-date security|
More info here

|4|Should have a user-friendly interface|
Have a look here

|5|Recovery option should be provided in case master password is forgotten
A couple of release back we introduced for the business version account recovery

|6|Automatic Device Sync -when switching devices we should instantly find all up-to-date information on our vault.|
We do not have the concept of vault, our encryption work at the password level where each user that have access to a password (or a shared password) got a specific version of it encrypted with his public GPG key. So that being said, when you use a client to access passbolt you will fetch the resources you have access to.

|7|Should be able to create groups|
Yes

|8|Should serve as a centralized repository to consolidate sensitive passwords. A strong vaulting mechanism, AES-256 encryption, dual encryption, and other standard good practices to ensure rock-solid data security.|
See point 3. with security white paper

|9| Detailed reporting feature when required|
The PRO version allows activity logs when user access a password, edit, share, …

|10| Provision to transfer data only through secure communication channels via SSL/TLS.|
You can setup the server with HTTP but the server will be marked as unsecure, so it is the responsability of the admin to set it up.

|11|A simple and powerful password generator that helps to generate a strong and unique password for each application based on the internal password policy.|
Yes

|12|Help users access the service from any device, operating system, and browser without any additional requirements.|
A part from the browser extension or mobile app yeah

|13| Administrators should be provided with a powerful dashboard to carry out operations like user import, set user roles, policies, and grant and terminate user access.|
User and group provisioning with pro version can be done via the interface or a cronjob
Groups and Users management is done in the user workspace

|14|Users should be able to share passwords with different levels of password-sharing permissions: view, modify, manage, one-click access only|
Read only
Update capability
Ownership which allows users to share or unshare passwords

|15| Helps users quickly log in to their everyday apps and websites in a single click.|
Autofill is possible yes thanks to the mobile app or browser extension

|16|Works with identity providers and popular apps, and also offers APIs for custom integration if required|
SSO with azure is done, more to come in the upcoming releases like Keycloak, Google, etc…
Ultimately it will be compatible with any provider that support OIDC code flow
There is also a CLI tool for machine to machine communication (here)

|17|Admins can share a password with multiple groups and changing the password is reflected across all users + devices that have access to it|
Yes

|18|Rotating a shared password is reflected across all users + devices who have access to it|
Yes

|19|Passwords rotation should be easy or there should be some automation for same|
To be discussed

|20|Addition of new users should be easy and seamless|
Yes

Feel free to DM me

Cheers,
Max

2 Likes