I am the security engineer at medium size hosting company. While looking for a password manager we came across passbolt. I fell in love with it opensource, built on PGP and it’s secure even when the server gets hacked.
While implementing passbolt we came across a few hurdles and I thought i would share them with you.
Medium
• Ability to add people to group while they never created a privatekey. Notify the group admin to share the passwords when they actually create there key pair.
• Resend activation mail button
Low prio
• Compliance would really like it if we could change the requirements for the password strength on the cert.
• Allow a single password to be used in multiple URI’s
• Ability to share multiple private passwords with group on one action.
• Ability to copy the username/email in the main overview.
• The ability to hide/delete shared passwords from personal view
Now I understand that some of these are design choices and might never get implemented but I did want to share them with the passbolt team.