Im in terrible trouble. Wedding photos, documents etc - all is locked behind a login on my passbolt setup which is a virtual server I have full access to.
I have a desktop browser with the extension installed but is logged out. (its been a long time since i used that login). The passphrase is completely forgotten
I have public/private keys
I have the passbolt_recovery file - but have no idea how to use it??
I have full access to the VM running passbolt (including local emails from passbolt)
I have the mobile app logged in for my mobile user with access to most logins - but I dont have public/private keys for that account, nor the passphrase. Its behind biometric credentials. I know I can transfer to another device, but it wont help me recover access to anything ( i guess!)
Do you have any ideas as to how I can access anything again? Its been two years since I set it up. I was under the clear impression that if I had the recovery file, I would be able to gain access to the account if I forgot the passphrase. I must have been wrong.
Im devastated over losing access to this. Have I overlooked something�
I completely understand how critical this is for you to retrieve those data. Since you were mentioning being logged-in to the mobile application behind the biometric authentication. Have you tried to manually use the credentials with the mobile application? e.g. Typing manually the password using the decrypted password from the mobile app?
Another thing to do so, would be that since you lost the access on the web interface, you could create a new âtemporaryâ user from the server:
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt register_user -i"
If you are on a RPM distribution, youâll have to replace www-data with nginx
You donât need a valid email address to create the user, it should instantly print a configure URL that you can paste to the browser. I recommend using a new browser profile for this or another browser for the moment. PLEASE TAKE A MINUTE OR TWO TO CONSIDER ABOUT THE PASSPHRASE, I RECOMMEND USING A STRONG PASSPHRASE THAT YOU CAN EASILY REMEMBER After the new account is configured, you should be able to share your credentials from the mobile application as shown below to this account and then retrieve immediate access to your emergency crendentials. I recommend using the âOwnerâ permissions for those credentials in case youâll delete this account later on. (Even though the interface should ask you to promote your new account as owner, we are playing ultra safe here)
When the emergency has been mitigated, you can either try to find your passphrase on your main browser/browser profile OR proceed to the account deletion. After that, itâs possible to update the username from the database in order to re-use your current email address for the new created account.
In the future, I recommend performing regular backups of the passwords e.g. kdbx for offline access in case of emergency.
First of all thank you for developing Passbolt. It is absolutely awesome! I have indeed learnt my lesson from this and have a contingency plan now. I will still be using Passbolt - dont worry
I would like to ask you directly how I can use the recovery key file, as I have read in your documentation it can be used to recover access to an account if the passphrase is forgotten? I do have all three files - public key, private key, and the recovery file.
I have tried to find the documentation for this feature, but I cannot find it. Am I missing something here?
You mention: âTyping manually the password using the decrypted password from the mobile app?â
The mobile phone app is using a user dedicated to mobile use, so it does not have access to all passwords. It can access a subset, which I am able to access due to biometric login working fine for the mobile user. It is separate from my âdesktopâ user i am trying to recover access to.
Hello @oaehfiahufsjuhu, thanks for the kind words about passbolt and for being part of our amazing journey
Iâm afraid that what you are mentioning, the recovery key file also known as recovery kit is the private key which as I was mentioning is the possession factor, but the knowledge factor which is the passphrase is still missing⌠without this passphrase it wonât be possible to access your account. Since you were saying that you have both, do you confirm that the content of the private key is the same as the recovery kit file?
So from what I understand, you created two seperated users, one for the mobile and one for the browser interface, the browser interface being your main account and then youâve shared only a few resources to the mobile account? The only thing that I donât understand is that you were saying âI have the mobile app logged in but I donât have the passphrase which is behind biometric credentialsâ but since this is completely two differents account I assume this doesnât have any impacts?
Is there no other possibility that youâve noted somewhere the passphrase e.g. in a secure note or somewhere else?
I have indeed learnt my lesson from this and have a contingency plan now. I will still be using Passbolt - dont worry 