user password lost

Hi everyone! this is my first time using the forum and I am not an experienced passbolt administrator, having said that I have a local installation of passbolt and my problem is a user has forgotten the login password but has available the private key that he saved during configuration, the problem arises when he tries to restore because in addition to the private key he asks for the password which he does not have… searching online I find little information or they refer to the PRO or Cloud version.

Can anyone help me?

Hello @oettam, welcome to the forum :slight_smile:

Unfortunately, it’s true that most of the time, users lost their private key and not the passphrase associated. Even though this is the contrary here, the result will be the same. In order to recover the account you need the possession factor which is the private key and the knowledge factor which is the passphrase.

You are right about referencing PRO and Cloud. They both come with an account recovery feature which once enabled, let the users the possibility to share their recovery kit with the server. Obviously, this has to be done before losing the access.

In this case, the only solution would be to delete the user account and proceed to the re-creation. Unfortunately, all of the unshared passwords would be lost.

Also, before deleting the account, we’ve seen similar issues where users type a white space at the very end of the passphrase while configuring the account for the first time, which sometimes lead to an incorrect passphrase. It worth nothing to try adding this white space at the end of what they tried already.

Is it the plan for account recovery to be part of passbolt CE at some point?

Not in the near future. It is possible for users to share their private key with another user already in the CE (by creating a resource that does this), the account recovery feature just make it more configurable.

Yes but the private key alone is not enough, right? We need the master passphrase as well.

@joe you can create a resource where you put the passphrase in the password field and the private key in the description.