Password Recovery

zain.abedin · April 25, 2024, 5:49am

I am using passbolt 4.6.2 community edition and I want to customize it to be able to recover account if the user has forgotten password as well as lost the recovery kit. I know it is available in the Pro edition but is there a way to do it in the community edition?

antony · April 25, 2024, 5:55am

Hello @zain.abedin , welcome to the forum

How much users do you have or do you plan to have in the future? IMHO, I think it might be less costly to migrate to PRO especially if account recovery is a feature that you really need. There is also other features that could interest you such as SSO, Users Provisioning via LDAP, more control due to more policies settings etc…

Btw, you’ll have 14 days trial and we already have some dedicated guide to migrate from CE to PRO if you want to keep your current configuration.

zain.abedin · April 25, 2024, 6:26am

I am aware that the option is available in pro edition but I want to stay in the community edition and want to customize it to make that option available if it is possible.

AnatomicJC · April 25, 2024, 9:29am

Here is a camping-car:

Here is another camping car:

You would like the second one for the price of the first one with the yellow car included.

Your question is quickly answered: it is not possible.

remy · April 25, 2024, 9:42am

One way to implement account recovery in the CE is to ask users to share their private key and passphrase with you. It’s actually quite simple to implement.

zain.abedin · April 26, 2024, 4:41am

You are so funny! where did you learn these jokes? Did you watch tutorials on youtube?

AnatomicJC · April 26, 2024, 5:35am

Ha ha

You are not so far from truth, as I made some YouTube videos

Regarding your initial topic, @remy’s reply is the best match for community edition.

Best regards,

jacobias13 · April 30, 2024, 5:09pm

@antony This is very misleading. If the “recovery-kit” can’t be used to recover the account without the passphrase, then its not a recovery-kit at all. I can see locking the recovery of the private key behind the pro paywall but if I have the users private key, I should be allowed to reset their passphrase.

If I’m self-hosted using CE and a user forgets their passphrase, then there is no way for them to get back into their account. Am I correct in my understanding of this?

Termindiego25 · May 1, 2024, 4:59am

Currently in CE, if a user loses the passphrase and recovery kit, it is not possible to recover the account because all passwords are encrypted and you will not be able to decrypt them. If there was a possibility, it would be a security risk.

If you forgot your passphrase and you have your recovery kit, you should be able to recover your account using it. At least this was possible in the past, I don’t know if it will be possible now.
Also, keep in mind if I remember correctly, that for administrator users the private key is encrypted with the passphrase so you will need both to recover your account.

jacobias13 · May 1, 2024, 2:45pm

Of course. I have the recovery kit.

Whenever I try, I get a “contact your admin” message and it prompts to send an email but the email never arrives.

Termindiego25 · May 1, 2024, 3:42pm

Maybe you have a problem with your email settings. Have you checked the healthcheck or tried sending a test email?
You can query the database to get the email data and create the link as a workaround.

jacobias13 · May 1, 2024, 5:43pm

We get all the other emails just fine. Health check comes back clean. Are you using CE? If so, can you test this scenario on your system?

jacobias13 · May 1, 2024, 5:51pm

Tested again. Email all went through this time. I must’ve just missed them before. However, as stated above, if a user forgets their passphrase, the only option is to delete the account and create a new one.

@antony Are there any plans to add this to CE in the future?