I store ALL my Passwords in AWS

Поделиться
HTML-код
  • Опубликовано: 29 окт 2024

Комментарии • 154

  • @_JohnHammond
    @_JohnHammond  2 года назад +17

    Quick note, you obviously don't need to throw this into the cloud -- you can self-host something locally on your own intranet with something as small as a Raspberry Pi if you want. :) Check out all the sweet stuff Passbolt can do! j-h.io/passbolt

    • @JPEaglesandKatz
      @JPEaglesandKatz 2 года назад +5

      I know you were sponsored by them but I would have liked to some honest insight from you about the actual password manager itself, how it does things and how secure it is... etc.. Possibly a comparison with some other prime ones, bitwarden, lastpass. .. I mean I've heard nothing about this one would be bettter or good... (again aside from you being sponsored by them)

    • @tg-lu6hl
      @tg-lu6hl 2 года назад

      Could you take a look into sliver c2 ?

    • @wolfiexii
      @wolfiexii 2 года назад +2

      I can't believe you recomended this without 2FA ... I thought you were serious about security.

    • @JPEaglesandKatz
      @JPEaglesandKatz 2 года назад +3

      @@wolfiexii Yeh... I had high respect for some of the indept videos but this really looked and sounds like a quick sponsor cash grab. No 2FA / hardware key support makes this product null and void. And I guess John doesn't respond to his viewers raising concerns either.

    • @wolfiexii
      @wolfiexii 2 года назад +2

      @@JPEaglesandKatz Aye, what starts out good, goes down hill fast when cash and politics get involved.

  • @SamGib
    @SamGib 2 года назад +75

    It is good, but passbolt lacks 2FA unless you pay, which I think should come standard in 2022.

    • @robertgleaden5509
      @robertgleaden5509 2 года назад +2

      I agree, We've ended up going with Psono purely for the 2FA

    • @clb92
      @clb92 2 года назад +6

      A password manager without 2FA? Thanks but no thanks... I think I'll stay with Bitwarden.

    • @cryptoafc7655
      @cryptoafc7655 Год назад +1

      @@clb92 me too, Bitwarden with yubi key

    • @00Klingon
      @00Klingon Год назад +2

      Bitwarden has 2FA and can be self hosted. That is the standard all competitors must meet to even be considered.

    • @magicmanchloe
      @magicmanchloe 25 дней назад

      I’m confused, do you mean you want to store your 2FA in your password manager? Or enable to 2FA for Passbolt bc that’s included with the self hosted option?

  • @HyBlock
    @HyBlock 2 года назад +111

    Just self-host Bitwarden. Open source, audited and trusted.

    • @weiSane
      @weiSane 2 года назад

      @Hoxton stfu..they probably have a reason for it

    • @VIVEVIEV
      @VIVEVIEV 2 года назад +16

      Bitwarden > assbolt

    • @lel7531
      @lel7531 2 года назад +2

      @Hoxton lmao true

    • @QDLmcfresh
      @QDLmcfresh 2 года назад +5

      Vaultwarden for more features

    • @moose43h
      @moose43h 2 года назад

      @@VIVEVIEV oof

  • @magicmanchloe
    @magicmanchloe 25 дней назад

    I’ve had Passbolt running for over a year now. I love it

  • @grover-
    @grover- 2 года назад +5

    It's still the digital equivalent of keeping the front door key under a stone. Last pass learned it the hard way. As for using an open source tool for storing your secrets, OS has both the pro and con that everyone can see the source code. If someone finds a bug there's no financial encentive to fix it if the finder has nefarious plans.

  • @chompyumyum4615
    @chompyumyum4615 2 года назад +2

    Not tryna be mean but comes off to me as shill-y "I need to store my passwords somewhere. I will immediately use Amazon and Google to do this" Though, I am also enjoying watching your videos now that I just discovered them, so props! It is good to teach people about gpg keys and stuff. But there are other hosting and domain options, lol
    To me looks like amazon sponsored passbolt into sponsoring this video

  • @iamvinku
    @iamvinku 2 года назад +19

    Looks great but honestly I would not use a password manager that didn't at least support TOTP 2FA just for my own peace of mind. Bitwarden's free plan has TOTP 2FA and also allows self-hosting and free access to their cloud hosted instance. Passbolt looks great but it's not for me until it supports TOTP 2FA for the community edition.

    • @NessHypegaming
      @NessHypegaming 2 года назад +2

      THIS.

    • @Byter09
      @Byter09 2 года назад +1

      You can also self-host vaultwarden (a Rust implementation), which comes with all premium features unlocked.

  • @TriSept
    @TriSept 2 года назад +7

    Looks like a great tool only if it supported at least some kind of MFA. For now I will stick with Bitwarden and Keepass.

  • @ThePapanoob
    @ThePapanoob 2 года назад +9

    Even if you host it via the „on-premise version“ it doesnt really justify as on-premise as aws can literally do whatever they want to your instance. That includes modifying the passbolt installation to dump your username + password to some logfile ;-) personally i wouldnt trust any hoster with such data.

  • @ameliekk
    @ameliekk 2 года назад +16

    $0.046/hr is like $30 a month? Too expensive for password manager imo

    • @biackshibe
      @biackshibe 2 года назад

      don't they have a free tier

    • @paulstelian97
      @paulstelian97 2 года назад +3

      @@biackshibe They have a theoretically-free tier that for me never really ended up being actually free.

    • @swapnildinkar
      @swapnildinkar 2 года назад +3

      @@paulstelian97 the software itself is free.. the $0.046 is for using the resources on AWS - EC2 instance, etc

    • @paulstelian97
      @paulstelian97 2 года назад

      @@swapnildinkar I meant the free AWS tier itself (not the one picked by this). It says free but I tend to pay and quite a bit actually.

    • @StrifeJester
      @StrifeJester 2 года назад +3

      Run it on digital ocean for $4/month.

  • @Ng123f4
    @Ng123f4 Год назад +1

    would've been nice if you followed some best practice and put the instance in a private sub and do the same setup, that would've been great, i doubt anyone would let their passsword manager app just that open.

  • @Duconi
    @Duconi 2 года назад +8

    Sounds really inefficient to use an EC2 instance for such things. Not just are EC2 instances expensive compared to other VPCs, the instance will also probably idle 99% of the time. On the other hand you could just sync your KeepassXC file with S3, Nextcloud, Google Drive, ... For big companies with a lot of users this is maybe useful. But I would not recommend it for personal use. But still there a lambda version would be nice, so you safe costs and do something good for the environment (less electricity, less hardware, ...). And let's not forget to implement a backup system. Keepass synced to the cloud is there already more secure, as copies are local and on the cloud.

  • @PowerUsr1
    @PowerUsr1 Год назад +1

    mehhh..I mean Bitwarden is the standard right? So not seeing a compelling reason to switch plus theres a lack of 2FA which is weird.

  • @Slm3lkm
    @Slm3lkm 2 года назад +6

    i use bitwarden its opensource too

  • @Jordan-hz1wr
    @Jordan-hz1wr 2 года назад +1

    I'm a grumpy old BSD guy who believes "worse is better".
    Which is why I'll stick with trusty ole pass.

  • @robbienorton9522
    @robbienorton9522 2 года назад +10

    I use keepass for personal use, but this looks great for corporate environments

  • @stephanrogers8947
    @stephanrogers8947 2 года назад

    Your tone of voice and demeanor make this hard stuff seem simple......but WHY would someone want to go through ALL this just to configure this?

  • @sammo7877
    @sammo7877 2 года назад +1

    Nice!

  • @gillesva51
    @gillesva51 2 года назад +2

    I think most people in here are missing the use-case for this. Great functionalities in passbolt honestly. You can admin the access control to passwords for a team eg IT, sales, production etc very easily. This is for businesses. What's wrong with having to pay for that.. I for one thank you John, as this is exactly what the startup I just started working in needed.

    • @Iwantapplez109
      @Iwantapplez109 2 года назад +1

      Yeah it's great until AWS servers have an oops, and then hashes get leaked. That and MFA is paywalled (i mean come on, this is like an EA game, get a half-assed product and get the rest as paid DLC). imo KeePassXC is the way to go. It's free, completely local, you're in control of everything, and if you need syncing, you can use syncthing, or just copy the database file over to your other device. And if you're *really* paranoid, you can always use a keyfile or hardware key to encrypt your database.

  • @ahmedtahervlogs8119
    @ahmedtahervlogs8119 2 года назад +3

    Nice video . Thank you

  • @belalal1902
    @belalal1902 2 года назад +2

    why not use a normal password manager like last pass on so?
    and whats the best free password manager?
    Thanks!

    • @i_sometimes_leave_comments
      @i_sometimes_leave_comments 2 года назад

      There's no 1 "best" password manager, or "best" anything most of the time. It largely depends on your own preferences and requirements.
      1. Do you trust the company who made the password manager?
      2. Do you trust whoever is hosting the server?
      3. Do you want it to be accessible from anywhere in the world or just from inside your intranet?
      4. How many sets of credentials do you need to store?
      5. How many people do you need to share some of those credentials with?
      6. Do you want a CLI client for automation or just because you love the terminal, or do you just want a plugin/extension that works on your favorite browser?
      7. If you're *really* into tech & security, what specific features and configurations do you want on your self-hosted server?
      8. How many milliseconds do you want to shave off of each login?
      9. [Insert some other seemingly-obscure preferences a bare-bone Linux user might think of]
      I use Arch Linux but I wouldn't recommend it as "the best OS" to someone asking for a beginner Linux distro. I like Python and Rust but can't recommend them without knowing what someone wants to develop.
      John's sponsored so he's showcasing it, but for all we know he could have just cancelled his subscriptions after making the video (I'm not saying he did, just that he can). You can use Lastpass if it seems useful. I used it for years until I had some issues with it and switched to Bitwarden because I liked some of the things they offer for free (e.g. not having to pay for MFA).

    • @belalal1902
      @belalal1902 2 года назад

      @@i_sometimes_leave_comments Thanks man,
      appreciate it!

    • @KevinArellano
      @KevinArellano Год назад

      This defeats the purpose of you watching this whole video. It's most secure since your hosting it yourself. As long as you don't get hacked ( which quite honestly is very slim unless you frequent on sketchy side of the net ) you are not relying on a 3rd party to handle your credentials. Now you obviously are compromising "easiness" over "security", but you are more than welcome to go the easy route and have a higher risk of it getting leaked. LastPass get's hacked twice a year lol

  • @MrManonoFly
    @MrManonoFly 2 года назад +5

    Enpass is better if you need one Vault per user
    PassBolt is nice if multiple users need access for one vault, but with different premissions

    • @PixelHamster
      @PixelHamster 2 года назад

      enpass is paid, closed source and has been buggy on linux for years :P
      I only use it cuz i've a lifetime licence from back when it was 5 bucks

  • @junaisetp
    @junaisetp Год назад

    Is it possible to protect files like PDF /Excel using passbolt ?

  • @djcb4190
    @djcb4190 Год назад

    Thant s a good idea. I seriously need to write down each password instead of remembering them

  • @bob_kazamakis
    @bob_kazamakis 2 года назад +1

    I don’t see why they use an external provider for SSL when certificate manager would have just been another line in their cloudformation script. On top of that, same for cloudfront…

  • @vboutique2188
    @vboutique2188 7 дней назад

    What does it cost to run on aws per month on average?

  • @michaelortega804
    @michaelortega804 Год назад

    lol all good until you have to grab your phone in order to enter 2FA, it should be included on the CE. Anyways ill stick with Vaultwarden.

  • @dura2k
    @dura2k 2 года назад +1

    So, it's open source, but all the good functions which would be better than other services are paid? Even freaking folders and MFA? So keepass if you using it for your own or bitwarden for multiple user is still the better option for hosting tbh (and even has a open-source community rust server implementation). And it's 360€ for a year? That's insane... Not an alternative.

  • @bdot02
    @bdot02 2 года назад

    We used passbolt but migrated to passwork because it just had more of the stuff we need.

  • @drgr33nUK
    @drgr33nUK 2 года назад

    Did I see you just log into AWS as root! Tut tut :) I use GNU Pass for my personal password manager.

  • @evilgibson
    @evilgibson 2 года назад +2

    have been using self hosted KeePass database on Google drive for the past 10 years. have avoided all the "safe" online password sites and their oopsie-daisies data exposures.
    I'm good with my solution (which has 2FA built in for those that are going to bring up it's only password)

  • @magicmanchloe
    @magicmanchloe 25 дней назад

    How many ch does this cost on aws?

  • @ilusions4
    @ilusions4 2 года назад +2

    vaultwarden

  • @BoostedNW
    @BoostedNW 2 года назад

    Passbolt vs Bitwarden(vaultwarden) ?

  • @mikeleio007_xd9
    @mikeleio007_xd9 2 года назад

    The thumbnail wants to kill me

  • @P4V3LS
    @P4V3LS 2 года назад +1

    This is so freakin scary. I am always worried my pass word file database and app is making connections to the internet.

  • @wizzbitgxs
    @wizzbitgxs Год назад

    I kinda wonder why a hacker would recommend your passwords to be stored in a cloud service? that would really be the last resort where i would put my passwords to be honest. Bitwarden has 2fa out of the box. also opensource and can also locally be installed that all and for zero costs
    .

  • @MD4564
    @MD4564 2 года назад +1

    Nice, but it's not your own infrastructure, it's still cloud.

  • @chibiichen
    @chibiichen 2 года назад +1

    How much does it cost using Amazon?

    • @MrNolimitech
      @MrNolimitech 2 года назад +1

      Apps are Free, but the Instance is 30$/month
      $0.046/h = $1.104/day = +30$/month

    • @chibiichen
      @chibiichen 2 года назад +1

      @MrNolimitech seems too much for just hosting a password manager. Is there a way to get it cheaper?

  • @ChairmanHehe
    @ChairmanHehe 2 года назад

    why not bitwarden?

  • @devKazuto
    @devKazuto 2 года назад +1

    Passbolt sucked so much when I had to use it. Never again. "stay logged in" never worked and I got logged out after 5 minutes and it got no app during the time. Bitwarden is so much better in my opinion.

  • @VR-Nomad
    @VR-Nomad 2 года назад +4

    Is BitWarden still a great password manager?

    • @An.Individual
      @An.Individual 2 года назад +7

      I would say the best

    • @bennihtm
      @bennihtm 2 года назад +3

      It's the only one I know of that has been independently audited multiple times and never had any data leaks

    • @clb92
      @clb92 2 года назад +1

      I like it. You can host your own Vaultwarden server too, if you'd like.

  • @stavros222
    @stavros222 2 года назад +1

    plot twist: it really found elon musk's car location

    • @England91
      @England91 2 года назад +2

      I'm glad I wasn't the only one that noticed Elon was mentioned in the setup screen

  • @custard131
    @custard131 2 года назад +2

    thats kinda scary how casually you overwrote your existing primary ssh key

    • @Freeak6
      @Freeak6 2 года назад

      He is in a virtual environment. One he probably created for the video, so, it's fine.

    • @custard131
      @custard131 2 года назад +1

      @@Freeak6 ye i get that but didnt even hesitate :p
      not from doing that but ive felt the pain of locking myself out of my servers before and its not fun :(

  • @Troiler
    @Troiler Год назад

    This is rude.. you''re not showing or explaining the pricing it'll take to rent the ec2 instances..

  • @ElSarcastro
    @ElSarcastro Год назад

    Just make sure to mute your amazon doorbells or you will lose your passwords

  • @Catge
    @Catge 2 года назад

    Probably just self hosting bitwarden is better. Open source, audited, and good community.

  • @aeonel
    @aeonel 2 года назад +3

    Bitwarden ruls.

  • @pr1nzp1
    @pr1nzp1 2 года назад

    Ohama means family, right?

  • @goodboy8833
    @goodboy8833 2 года назад +1

    Is this promotional video.

  • @3398halofreak
    @3398halofreak Год назад

    Why are non of these tutorials on actual in-home clients there all I ya here my rdns like show us a real world scenario where we have a ubuntu computer kicking around and we want to to run on it and be accessable.

  • @jasonrochau
    @jasonrochau 2 года назад

    The master password is legit

  • @timisthebest
    @timisthebest 2 года назад +5

    Im not sure how anyone could recommend this when they paywall MFA, SSO and auditing. What a complete joke.

  • @wilcosec
    @wilcosec 2 года назад

    Nah, Bitwarden for me.

  • @khalidelgazzar
    @khalidelgazzar Год назад

    13:04 locating Elon Musk's car 😅

  • @navarrov
    @navarrov 2 года назад

    Very cool. I still prefer LastPass simply because it has my 500+ passwords and is sync’d on all my devices.
    They have been compromised a few times though, so that’s one con. I’ve been considering bitwarden, but I’m pretty happy with LP.

    • @FaZekiller-qe3uf
      @FaZekiller-qe3uf 2 года назад +1

      You can export passwords as a csv and import it to another password manager.

    • @redtrillix2
      @redtrillix2 Год назад +1

      even with all the breaches they have?

  • @venkatasurajjami5653
    @venkatasurajjami5653 2 года назад

    Make a video on evilginx2

  • @josemicod2
    @josemicod2 2 года назад

    I use my mind, fuck passwords services

  • @NeverGiveUpYo
    @NeverGiveUpYo Год назад

    I was never a fan of password managers..

  • @mattplaygamez
    @mattplaygamez 2 года назад +2

    Looks great but Costs 34 dollars a month. So be carefull

  • @asddsa6465
    @asddsa6465 2 года назад

    i store on blockchain

  • @SolitaryElite
    @SolitaryElite 2 года назад +3

    thank you for letting me know, ill be trying to hack your aws now xd

    • @SolitaryElite
      @SolitaryElite 2 года назад +1

      ​@Hoxtonyeah that was a joke but I have a reset password poisoning exploit for aws so I could probably do that if he doesn't have 2fa🙃

    • @England91
      @England91 2 года назад

      @@SolitaryElite from what I've seen the comments the 2FA is in the paid service not the free service

  • @canahmetbe
    @canahmetbe 2 года назад

    Aferin

  • @zeroordie453
    @zeroordie453 2 года назад

    Bitwarden all day.

  • @stupidmariogamer6952
    @stupidmariogamer6952 2 года назад

    is he leanring us how to hack?

  • @liveunderflow5511
    @liveunderflow5511 2 года назад +1

    John Shere your csv file for educational purpose

  • @zShipStreeTz
    @zShipStreeTz 2 года назад

    any pros over using vaultwarden🤔

  • @garyruiz2491
    @garyruiz2491 2 года назад

    Any 1Password Fans?
    👇🏼Like

  • @Hdio99
    @Hdio99 2 года назад +2

    this guy is all about money, once asked help because I was robed , nor even responded and I contacted him by email, after I unsubscribed him and lost track , today I see this video, and for this because they sponsored him he makes an huge promotional video...I dont trust the good faith of this guy...just saying...maybe he is a good guy, not to me but who cares right!!!

    • @josemicod2
      @josemicod2 2 года назад

      Call the Police idiot, he doesnt make that type of services, its ridiculous.

    • @majoryoshi
      @majoryoshi 2 года назад +1

      i’m gonna assume briefly that this comment is legit, most people aren’t gonna help some stranger on the internet get money after being robbed. not easy to even confirm it to begin with, much less figure out how much you should get. you’re not entitled to getting money after being robbed.
      for the video being sponsored we don’t know much about the contract and that’s common, but we can likely infer that the contract said something about making a video about setting it up. when there’s money changing hands, you need to learn to take what’s being said with a grain of salt, and even then the FTC prevents sponsored videos from being forced to say something they don’t believe. this goes for every creator online, not just john

    • @Hdio99
      @Hdio99 2 года назад

      @@josemicod2 well I did, its not the point, I asked help for understanding how was it done, so if he is so eager to make videos about security if you are here just to promote and get money out of youtube and not even do human things I call him out on that!! simple, but in a normal maner without calling names like you did, fan boy...maybe the idiot is other...maybe you have it so often in your mouth maybe

    • @Hdio99
      @Hdio99 2 года назад

      @@majoryoshi well I understand what you say, the point is I was reaching him not to get the money back for that I made contact with the police, of course he has no power to go after, but because I was in shock and I wanted to know/understand how was it done, it was from a BINANCE app someone hacker entered my pc and entered the security of BINANCE APP like butter avoiding second A2F security...etc...so you are assuming to much I believe

    • @josemicod2
      @josemicod2 2 года назад

      @@Hdio99 nobody work for free, only scammers

  • @Yasin33
    @Yasin33 2 года назад +1

    First

  • @axer552
    @axer552 2 года назад +1

  • @rdxdt
    @rdxdt 2 года назад +2

    I store all my passwords in my keepassxc offline i trust no one.

  • @push42
    @push42 2 года назад +2

    "open source", why is 2FA behind paywall? trash

  • @sebastian93921
    @sebastian93921 Год назад

    KeepassXC for me