Passbolt - Why I Can't Recommend This Password Manager
HTML-код
- Опубликовано: 24 июл 2024
- Passbolt is an open source password manager designed for team collaboration. Securely generate, store, manage and monitor your team credentials.
Here are the main reasons I can't recommend Passbolt:
1. Users Can See TOO Much For No Reason
2. Browser Extension REQUIRED
3. Signing Out and Back In Can Be A Pain
3a. Changing your PassBolt Password is ONLY for your local browser
4. SO. MANY. EMAILS.
Passbolt does have a great mobile experience if that's all you need, though.
Passbolt also offers 2FA pretty easily including Yubico
Yubico 2FA Keys:
www.yubico.com/product/yubike...
BitWarden/VaultWarden Install Video:
• How to Install BitWard...
Blog post: dbtechreviews.com/2023/04/pas...
Timestamps:
0:00 intro
2:53 Issue 1. Passbolt users can see too much
4:00 Issue 2. Browser extension required
4:36 Issue 3. Signing in can be a nightmare
5:31 Issue 3a. Changing account passwords isn't global
6:08 Passbolt has a great mobile experience
6:37 Passbolt mobile app is a great experience
7:34 Email. So. Much. Email.
8:44 Some additional notes
9:06 Who is Passbolt for?
10:11 Wrap up
/=========================================/
Get early, ad-free access to new content by becoming a channel member, a Patron or signing up for the members' only website!
✅ / dbtech
✅ dbtech.fans/
✅ / @dbtechyt
/=========================================/
The hardware in my recording studio is:
✔ Custom PC w/ Ryzen 2600, 32GB RAM, RTX 2070, Assorted Storage
✔ Panasonic LUMIX G7 4K Digital Camera: amzn.to/3IGEOcb
✔ SAMSUNG 34-Inch SJ55W Ultrawide Monitor: amzn.to/395g9BZ
✔ LG 27UK650-W 27” UHD IPS Display with HDR 10: amzn.to/398pg4S
✔ WALI Premium Dual Monitor Stand: amzn.to/398AiqM
✔ Neewer Lights: amzn.to/3nZcoSX
✔ Light Power Supply:amzn.to/3Konpqf
✔ 55" Gaming Desk: amzn.to/3AkgHgw
✔ Sabrent USB-C Hub: amzn.to/3qFcwbV
✔ Das Keyboard 4 Professional: amzn.to/3G9rPxM
✔ Fuqido Big and Tall Gaming Chair: amzn.to/3IGegrq
/=========================================/
The hardware in my current home servers:
✔ Synology DS1621xs+ (provided by Synology): amzn.to/2ZwTMgl
✔ 6x8TB Seagate Exos Enterprise HDDs (provided by Synology): amzn.to/3auLdcb
✔ 16GB DDR4 ECC RAM (provided by Synology): amzn.to/3do7avd
✔ 2TB NVMe Caching Drive (provided by Sabrent): amzn.to/3dwPCxj
✔ TerraMaster F5-221 (provided by TerraMaster): amzn.to/3IfH2QD
✔ 5x6TB WD Red Plus NAS: amzn.to/3LnbPvC
✔ 8GB DDR3: amzn.to/3kfLTX3
✔ TerraMaster F4-423 (provided by TerraMaster): amzn.to/3kjUms5
✔ 2x8TB Seagate Barracuda Compute: amzn.to/3xBAO95
✔ 16GB TEAMGROUP Elite DDR4: amzn.to/3MzzFV9
✔ 512GB Silicon Power NVMe Caching Drive: amzn.to/3MzkBae
All amzn.to links are affiliate links.
/=========================================/
✨Find all my social accounts here:
✅ dbte.ch/
✨Ways to support DB Tech:
✅ / dbtech
✅ www.paypal.me/DBTechReviews
✅ ko-fi.com/dbtech
✅ Cashapp: cash.app/$dbtechyt
✅ Venmo: venmo.com/dbtechyt
✨Come chat in Discord:
✅ dbte.ch/discord
✨Join this channel to get access to perks:
✅ / @dbtechyt
✨Hardware (Affiliate Links):
✅ TinyPilot KVM: dbte.ch/tpkvm
✅ LattePanda Delta 432: dbte.ch/dfrobot
✅ Lotmaxx SC-10 Shark: dbte.ch/sc10shark
✅ EchoGear 10U Rack: dbte.ch/echogear10u 
Наука
Greetings from the UK....Love your videos and content...Keep up the great work. I tried Passbolt too and another factor I found was that it requires ipv6 to function properly even if your not going to connect via ipv6. I turn off ipv6 as a standard as I don't need it so it just caused issues as the web interface wants to bind to it. Maybe there is a way round it but I spent hours and never got it to work. Again thanks again for your fantastic channel 😊
I tried passbolt and didn't last more than 5 min before destroyed it and went back to bitwarden.
I probably would have done the same, but I needed content, so here we are LOL :)
@@DBTechYT 😂
Thanks DB Tech and really enjoy your channel. Have been using self-hosted, cloud based Passbolt for a while now and for me there are no equals. Gives us the most control and the fact that each browser requires encrytion key and is device specific adds an extra layer of security for us. We use self-hosted Kasm VDIs so encryption keys are always nearby should we need to recover or add a device. Its pure Linux and I really love it!
When we look at security tools, real security is always at odds with usability. Bitwarden has a nice balance between security and usability. As with all tools, the end user knowledge plays closely with how well the tool is implemented.
everything you have said is a postive thing and shouldnt be considered as negative, sounds like they make it very dificult for anyone not authorised to access you account very dificult.
Which open source password manager can you suggest for teams?
I'm using vaultwarden (self hosted of course) and have auto fill turned off. This allows be able to examine the site to see if i can auto fill or not. I know this isn't ideal but until they fix the problem 🤷♂ I thought of changing as you did but like the feature and security (2AF, etc.) of vaultwarden. I set my docker container as persistent storage, so should be able to update it easily enough when the fix comes out.
With RBAC you can now control what users see, so they can't see other users anymore if you set it up correctly.
Thank you for all your content. Years of following you helped me a lot buildind my home server...
Just to clarify because "password" and "passphrase" were used interchangeably here which may explain some of the confusion. It is the pgp key that gets generated for the user at the point of setting up that is actually used for encryption and decryption of the passwords. This is why there is the browser plugin which you referred to. The pgp key itself is encrypted with the "passphrase" (like SSH keys). Hence if you were to decrypt the key and set a new passphrase on it on another device you would have two different passphrases across the two devices. The underlying key is the same. Ive been using passbolt for years and love it. I frankly find the strict security reassuring even if some of it may feel inconvenient.
I was playing around with passbolt the past few weeks. Its not for me I would prefer to keep using vaultwarden + a backup that connected into my Keepass i that Auto uploads once a week to my Gdrive. that way if my home server dies or something else happens, I have a 1:1 copy. I know i can export on phone from vaultwarden but its also nice having anther copy.
I think passbolt has some growing pains still as I did a 2ed install of it to toy some more and I could never get it setup again in a new VM/LXC
Thanks for watching and sharing how you handle your setup :)
@@DBTechYT rules of 3-2-1 but I go overkill
LXC for vault
LXC for keepass
Gdrive backup of both database
Offsite at my moms place for both
then a usb drive that is always on my keys that is excryped with Rclone and then that zip is passwored.
been thur 1 fire where I lost data in a self hosted pass so I overbackup these days
Very interesting video, thanks
you explained wrongly how that "threat" is working in bitwarden... it's not triggered if you enable autofill, but if you enable a specific option, which is not enabled by default, and even not recomended
This is why there's a blog post linked in the description of the video with more information including links to the original article.
id love to see them have the option to be able to use multiple YubiKeys in case one gets lost for example. I myself also use Vaultwarden and would see if it is going to be a Switch or to be used as a Backup of some sort.
If you can't add two hardware tokens it isn't for me. Are you sure you can't? Haven't installed or tried it yet myself.... may give it a go but if I can't add my backup Yubikey as an option I'll try another solution, shame.
I see your points.
I've been using PassBolt for some time with only a few personal and professional accounts. Seems to work as well enough for us. With just a bit of fiddling I was able to get it up and running. Also integrates quite well with Trafik. Seems pretty solid to me but I am not just your average self-hoster. In regards to being on a customer site and needing a password, the mobile app is great for this purpose. I would not be installing a browser extension on someone else's system and logging into my password management account.
One thing I have to say is, back up your Database! I and an employee couldn't figure out why the mobile app kept crashing on us until I got back and looked at the database logs. It had crashed. Not a Passbolt issue really, just databases being databases. Luckily we had a back up from the day before and were up and running again in less than two minutes.
The one thing that I really wish they would implement is TOTP support in the password records. That would make it so much more usable for a team. The ability to share password records with a team is very important when dealing with customer sites. When the support accounts require MFA this is not yet a tool that can be used.
Passbolt backup and recovery, It is a nightmare, each user has to keep his private key. Not useful for family neither for an organization. Fully agree with you!!!
Hey DB, could you do a video about dockerized Unity3D?
Yesterday I searched here for passbolt dbtech because I can't make it work on my server, because you upload this video now? Good even if was because you have bad news to me.
I tried to just get passbolt running in docker and never could. Glad I didn't spend more time on it. Vaultwarden is what I started with (self-hosting) and will probably be what I always use. If RoboForm ever goes open-source and allows for self-hosted, I would jump on trying that.
Really? took me under 10min first try and I was shocked how easy it was to set it up.
I agree. It was easy to set up. I just didn't like the way most of it worked after it was set up.
It was a little finicky as a newbie, like always i have problems with https. However the instructions where so good i never gave up. It been reliable so far. Been running 4 months and its fun to see big and exciting updates. Which has been easy but not as easy as it could be to update…
Idk much about anything else except keepassxc locally. So bitwarden might be much better? But i like passbolt, but its still in BETA! It will be better with time
so which one do you recommend then? open source and that can be used to share credentials?
I use Vaultwarden
what about buttlecup password manager or proton pass?
I've got no experience with either of them. I only really looked into Passbolt because I had a few different people request it
The simple fact that grouping and field referencing aren't present (at least weren't available in the community version) makes me go naaaah...
I'm sticking with KeePassXC with a cloud available file.
Is it the Bitwarden browser plugin or the docker image with the vulnerability?
It's the auto-fill option that is/was an issue
@@DBTechYT So the browser plugin then? I don't know this setting that you are speaking of.
Number the 3rd is FALSE, you only need to do this if you want to get to it from a different browser (on the same machine or another) ...yes, security is the enemy of convenience.
Passbolt sounds and is better than Vaultwarden and for my next trick im am unsubing due to you do not know what you are talking about.
All the best