I think the split between free and paid features is pretty logical. Some companies offer a "community" version that is basically just a nerfed trial; but Passbolt's community edition has everything that I'd expect to matter for an individual, and the paid features are all around managing multi-user access such as you'd have within a business. The commercial edition is clearly aimed at businesses rather than individual consumers, but for the kind of individual who would self-host their own server the community version is perfectly fine. I wouldn't recommend the community version for a business of any significant size, though. As indicated in the video I consider the activity logs in the commercial edition to be a pretty hard requirement for business use.
this is a great showcase of why developers and programmers are not marketers. everyone has their gifts. passbolts gift is how robust it was engineered.
@@ProTechShow indeed. btw, thanks for your videos bro! i have been having an absolute rut and mental block lately being paranoid over my personal cyber security and your videos on MFA weaknesses and this passbolt video really helped me ease the concerns i had :) i read that you do IT consulting in your bio. out of curiosity, how much would you charge for like a 15 minute zoom call? 😅
@@shuccle6161 Thanks! My “day job” is a senior position at an IT consultancy. I can't offer individual consulting engagements because it would create a conflict of interest if I were to provide similar services on a freelance basis as my primary employment.
@@ProTechShow ohh, that makes sense. what if it was free and just to help me out? haha. i honestly just wanted to chat for a bit to see if there was anything else i could learn for you. i work in IT, kinda, but mostly just helping people in my industry troubleshoot their tech, implement tech for them in their businesses, and stuff like that. but i was more so curious about cyber security stuff like email security, hygiene, and things like that. just for my own stuff. i wouldn't want to get you in trouble with your work tho so i would understand if you couldn't.
@@shuccle6161 afraid it's not something I plan to offer. I get a lot of messages asking for help with various things and if I accepted them all I'd need a small team to manage it. RUclips is a hobby alongside my main job and I prefer to keep it that way, so it's easier just to say no to any individual assistance rather than try to pick who to help and who not to. It also helps keep a clear boundary from my main employment. Hope that makes sense. If I start saying "yes" to some then I'll be opening Pandora's box!
Interesting. In the future, when covering something like this that we would consider hosting, can you cover, just briefly, deployment options (do they maintain container images? RPMs? Debs?), resource use, (just a rough approximation for minimum expected) and technologies used (what's it built in? Which ecosystems do I need to be listening to for incoming vulnerabilities and the like?)
Good feedback, thanks. The short answer to most of those questions is "yes". There are install guides for various distros, Docker, source, etc. here: help.passbolt.com/hosting/install
Hmm so as an individual you have to save your pgp key somewhere in case you lose your computer or you are screwed. I like how Passbolt implement things in general but that pgp saving thing might be problematic for the average user. Not only do they need to remember the master password but also keep the pgp key safe.
I talk about it near the end of the video - 15:25. The short version is that it's not really aimed at an average user. It's aimed at business scenarios where an IT team can assist people and use the escrow feature to recover their accounts, or technical users who can deploy their own server and use it for free. The licensing model almost enforces this as you either need to build a server or buy a chunk of business licences, so it would be difficult for an average individual to end up with it by themselves.
For organisations I recommend skipping the community edition and going straight to the business plan for the escrow feature that lets you recover end-users' keys for them. Expecting end-users to look after it themselves is asking for trouble. For a family the community version could work. It's a small enough group that you could walk them through the setup and save a copy of the key. As designated family tech person you would need to take ownership of the process to make sure it happens. It's not a tool I'd recommend to the average end-user without support.
I really think Passbolt are aiming at business users i.e. not community users.
I think the split between free and paid features is pretty logical. Some companies offer a "community" version that is basically just a nerfed trial; but Passbolt's community edition has everything that I'd expect to matter for an individual, and the paid features are all around managing multi-user access such as you'd have within a business.
The commercial edition is clearly aimed at businesses rather than individual consumers, but for the kind of individual who would self-host their own server the community version is perfectly fine. I wouldn't recommend the community version for a business of any significant size, though. As indicated in the video I consider the activity logs in the commercial edition to be a pretty hard requirement for business use.
this is a great showcase of why developers and programmers are not marketers. everyone has their gifts. passbolts gift is how robust it was engineered.
Yup. Two very different skillsets.
@@ProTechShow indeed. btw, thanks for your videos bro! i have been having an absolute rut and mental block lately being paranoid over my personal cyber security and your videos on MFA weaknesses and this passbolt video really helped me ease the concerns i had :)
i read that you do IT consulting in your bio. out of curiosity, how much would you charge for like a 15 minute zoom call? 😅
@@shuccle6161 Thanks! My “day job” is a senior position at an IT consultancy. I can't offer individual consulting engagements because it would create a conflict of interest if I were to provide similar services on a freelance basis as my primary employment.
@@ProTechShow ohh, that makes sense. what if it was free and just to help me out? haha. i honestly just wanted to chat for a bit to see if there was anything else i could learn for you. i work in IT, kinda, but mostly just helping people in my industry troubleshoot their tech, implement tech for them in their businesses, and stuff like that. but i was more so curious about cyber security stuff like email security, hygiene, and things like that. just for my own stuff. i wouldn't want to get you in trouble with your work tho so i would understand if you couldn't.
@@shuccle6161 afraid it's not something I plan to offer. I get a lot of messages asking for help with various things and if I accepted them all I'd need a small team to manage it. RUclips is a hobby alongside my main job and I prefer to keep it that way, so it's easier just to say no to any individual assistance rather than try to pick who to help and who not to. It also helps keep a clear boundary from my main employment.
Hope that makes sense. If I start saying "yes" to some then I'll be opening Pandora's box!
Interesting. In the future, when covering something like this that we would consider hosting, can you cover, just briefly, deployment options (do they maintain container images? RPMs? Debs?), resource use, (just a rough approximation for minimum expected) and technologies used (what's it built in? Which ecosystems do I need to be listening to for incoming vulnerabilities and the like?)
Good feedback, thanks.
The short answer to most of those questions is "yes". There are install guides for various distros, Docker, source, etc. here: help.passbolt.com/hosting/install
Passbolt is a phenomenal tool, and what an excellent review!
Thanks!
Fantastic video thanks. That's makes it so much clearer
Thanks!
Hmm so as an individual you have to save your pgp key somewhere in case you lose your computer or you are screwed. I like how Passbolt implement things in general but that pgp saving thing might be problematic for the average user. Not only do they need to remember the master password but also keep the pgp key safe.
I talk about it near the end of the video - 15:25. The short version is that it's not really aimed at an average user. It's aimed at business scenarios where an IT team can assist people and use the escrow feature to recover their accounts, or technical users who can deploy their own server and use it for free. The licensing model almost enforces this as you either need to build a server or buy a chunk of business licences, so it would be difficult for an average individual to end up with it by themselves.
14:17 is the Yubikey Bio FIDO2? I think it's just Fido
It's FIDO2: www.yubico.com/store/compare/
Passbolt backup and recovery, It is a nightmare, each user has to keep his private key. Not useful for family neither for an organization.
For organisations I recommend skipping the community edition and going straight to the business plan for the escrow feature that lets you recover end-users' keys for them. Expecting end-users to look after it themselves is asking for trouble.
For a family the community version could work. It's a small enough group that you could walk them through the setup and save a copy of the key. As designated family tech person you would need to take ownership of the process to make sure it happens. It's not a tool I'd recommend to the average end-user without support.