Why emails and browser extension were a dealbreaker

I thought a lot recently about a web based password manager for myself.
The current workflow with Keepassx I have been using for the last ( :thinking: 15 years?) has been working well: I use it on my laptop running Linux, on the laptop with Windows and very often on my Android phone.
It just works, however I concede, keeping the three devices synchronized has been troublesome.
Passbolt had all the whistles I was looking for, and I took a deep look at it, here however are the dealbreakers for me which brought my switch to a halt :stop_sign::

  • I need to register :page_facing_up: with an email however I want in no way for emails to be tied to my password management workflow. I am already wary of a desktop software dealing with my passwords, even more of a web software, but the idea the software has open access to the outside through an email server is out of question. Off with an email like me@localhost.com I go.
  • I envisioned to run Passbolt on a docker container with restricted internet access to the outside world but access limited only to the local network, I would have accessed the Passbolt page by connecting through VPN from my phone when away from home :house_with_garden: and that would have been my workflow. Needing email access however complicates things, in a bad way. But even more, what is it worth it if you have to install a browser extension which has complete access to the internet?
  • I read you can activate users by opening “./bin/cake passbolt register_user -i” and it works, a user looks as activated and you imagine the need for email activation would end there. However if you open Passbolt in another browser you get greeted with another email activation warning:
  • activation emails :email:, verification emails :envelope_with_arrow:, notification emails :incoming_envelope:, all is an email. Dealing with passwords is hard already but keeping up also with email configuration is too much.
  • The browser extension is something which should be a feature, not an antifeature. In other words if I don’t have a way of installing the extension (mobile phone browser :iphone:? browser not supporting the extension? you name it) I would like to be assured I can access my passwords regardless.

All in all Passbolt is a good software, and in a corporate setup it might be worth evaluating, but for personal use, not so much as long as it is so tied to emails and browser extensions.
Hope I got my point across, and hope to see some improvements in the software regarding my topics.
Good evening all.

Hi @boudredodra Welcome to the forum.

I also use KeePass. It’s also a great tool for its purpose. I sync the db across devices and it works for me as an individual user. When I work with other people, though, I use Passbolt.

It’s possible to register in Passbolt without email. However, you need to get the registration token from the db. There was a recent post about this, actually. I will try to find it. Also, though the extension is not designed for mobile browsers, the mobile app provides access for users on a mobile device. Many users here access it via VPN which is to an internal network. I’m one of them. The app is great.

Passbolt is an excellent product with an eye to security needs of teams that share passwords among multiple users. We won’t hold it against anyone if it’s not a good fit for them. It’s great you’ve been checking it out!

Here it is Don't want to authenticate with email

Hi, I followed the procedure for manually activating users without email confirmation however as soon as I’m on another device/browser I need to open confirmation emails (I added a screenshot in my first post).
So in my opinion it should be clearly pointed out that: an email address is strictly required unless of course you want to be locked out the first time you are required to open a confirmation email!

though the extension is not designed for mobile browsers, the mobile app provides access for users on a mobile device.

this statement seems vague to me, if the extension is not made for mobile browser the fact it somehow works is not proof that this functionality can be relied on.
Again, great tool for corporate use, not so much for personal use at least if you are as paranoid as me.

All new device registration involves the same process you were able to do without an email. When you want to set up a new device, just repeat the process to get the link again. Same idea as before except it’s a recovery process, not initial registration.

The dev team has decided to make a mobile app rather than an extension for mobile browsers. The extension works fine in Chrome, Firefox and Edge desktop browsers. It does not work in mobile browsers, sorry if that was unclear.

Also, as a new user to the forum, if you’re not actually planning to use it, there’s no need to keep posting. We want to maintain a cordial community experience, and are happy to help users figure out how to make it work if we can.

Also, please refer to the Passbolt password manager for teams | Code of conduct if you have not already done so. If you need help to use it, please feel free to post again and if you decide it’s not for you then no harm done.

Thanks @boudredodra!