Q1. What is the problem that you are trying to solve?
The security standard is slowly shifting from passwords to passkeys as Google, Microsoft, and Apple provide their own implementations, and 1Password and Bitwarden have announced future support for the feature.
Q2 - Who is impacted?
This would be beneficial for both personal users and enterprises as an option, creating a future-resistant product for all use cases.
Q3 - Why is it important and/or urgent?
As the security landscape evolves, passkeys will become the norm for online accounts both for enterprises and consumers. In order to prevent passbolt from becoming a product only supporting legacy security methods, supporting passkeys is a must for the roadmap in the near future.
Q4. Community support
People can vote for this idea to show traction:
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
My organisation is looking into passkeys due to a recommendation by our security assessment consultant, and as a Passbolt Pro subscription holder support by Passbolt will be an important sign this technology is maturing.
Presently it seems KeepassXC along with its Firefox extension is the only fully open source way to do passkeys on Linux without a hardware key.
I would love to see Passkey support with Passbolt. I currently use KeePassXC and like to move over to self-hosted version of Passbolt for easy management.
As the big actors out there are pushing more for the use of Passkeys, the ability to store it on either self hosted or cloud instance is becoming more pertinent by the day.
More and more websites are either requiring passkeys or strongly encouraging it. Passbolt needs to support this ASAP, otherwise users will be forced to migrate to other password managers. For example, I received an email from my crypto exchange today stating that passkeys are now mandatory. Therefore, I’m no longer able to use Passbolt to manage this credential.
I completely agree. Passkeys are the only feature preventing us from switching to Passbolt at our company, especially as more and more websites now require them.
This is the biggest holdback from keeping me from switching from Vaultwarden (Bitwarden browser plugin) to being able to use Passkeys within Passbolt. I know this can be considered a security risk (having all of the keys to the castle at the guard station), but it’s something that makes it super easy to use when logging into a site and not having to worry about the grabbing the hardware key which can sometimes be in a different location or room.
Soon as passkeys are supported in Passbolt I’m switching from Vaultwarden (Bitwarden) over to passbolt. More and more websites are now supporting passkeys and eventually will be enforced.
I am eagerly awaiting this feature as well. It is crucial to our rollout, as an increasing number of enterprise and consumer services—particularly in the financial and online shopping sectors—are migrating to passkey authentication. In some cases, these services now require passkeys to authenticate logins on new devices or to approve critical account settings changes.
Currently, we are forced to use Proton Pass, which has a questionable history regarding overall security and exposure risk. I do not trust them, but Google is the only other major free option available, and it lacks cross-platform support. Google Password Manager remains unimplemented on Linux ARM64, as well as on Yandex, Firefox, and other browsers across various platforms.
We need wide-ranging support that allows users to operate on any modern operating system, CPU architecture, and web browser. KeePass appears to be the only valid, workable alternative. However, without a reliable synchronization mechanism or centralized storage with backup and restore capabilities, implementing it becomes a risk and a liability—an accident waiting to happen, particularly in the event of database or key file corruption.
The only other feature I am looking for in PassBolt is export options to PGP and CSV flat files. This would enable data migration in situations where critical features like passkeys are not implemented in a timely manner, forcing a company or individual to complete a full migration to another authentication provider’s backend.
I can’t believe this still isn’t a feature. And I’m shocked to see that the roadmap says that they will be implementing passkeys as an MFA for the account BEFORE they actually implement it as a content type.
This is so disheartening. This has been open for 3 years. This passbolt forum has used passkeys as a login type for more than 2 years, and yet I can’t even use my passbolt to login to this forum.
For us this feature becomes more urgent every day. There are a lot of portals in the internet which allow passkeys and some of our customers require us to use strong authentication if administering their infrastructure. In many cases we would be able to use passkeys to fulfil this requirement easily. But, without support in Passbolt this is not practical for us.
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
