A 365 environment with Azure would be most welcome on how to get this set-up. You've already given a lot of unintentional tips n tricks that help hugely for most environments, so thank you
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
Bitwarden (especially Vaultwarden) has a pretty impressive set of features embedded (thinking about 2FA for example) even being self hosted :) But Passbolt seems like a good alternative that I'll definitely have a look at!
@@jeffbrownstain Anything locked behind a paywall can change at the whim of those controlling the paywall at a moments notice. A secure password manager does not allow others control over the most important part of the password manager, logging in.
My whole fam uses our selfhosted vaultwarden. It is fantastic with all the normally paid features unlocked aka 2fa. It is really nice not having the kids ask me what is the netflix password since you can share certain pws. Or say I get hit by a bus, my wife can get in to anything that is just registered on my name. priceless
@@J.erem.y You must not comprehend what a hardware token is or how it makes an account secure even when under the control of someone elses server. Go away stop pinging me on every post I made here.
@@jeffbrownstain What the hell are you even talking about? Im going down the comments and posting just like you, you go all ad hominem and say I dont have a clue about security keys even when under the control of someone elses server? There is no security at all, if the controlling server has the ability to TURN THAT FEATURE OFF.
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
@@christianlempaOops sorry only just seeing this now. Instead of “environment” you can use “env_file” and point that to a dot file called “.env” which follows the “dotenv” format. Basically very very similar to Bash environment variable declaration syntax in a text file literally called that (.env) which is typical at least in web development circles.
If its just for a home lab then unless you share your home and or home lab with a bunch of other devs then surely something simpler like Keepass would be a lot simpler and more secure without needing multiple additional layers of apps, reverse proxies, services and browser plugins that all need maintaining and patching just to look after your passwords . Sure, its good to test things like this in your home lab before a commercial deployment where devs don't share the same workspace/file shares and secure sharing of credentials is required (but are shared credentials a sensible way of managing security or should each dev have their own credentials for each system for more accurate auditing??) but from a usability case for typical home lab scenarios Keepass takes a lot less to set up and support than multiple containers, secure certificates, docker infrastructure etc
Absolutely agreed, and i personally use keepass too - but only because we also use keepass at work! Many people want to use one single tool for a task, and I too dislike using 2 different password managers for different things. I feel like a solution like this is much more valuable in that case. also, i imagine many people won't want to bother with syncing keepass files themseves, actually i'll admit i STILL haven't set up a proper automatic sync of my keepass files on different devices.
@@Terminator85BS I find storing the file in Nextcloud works quite nicely. It syncs between my desktops and KeePass2Android syncs nicely through WebDav. Since I hosted on my own network I use Wireguard to connect in for access.
I stopped watching at „no safari support“. I‘m happy with bitwarden, but thank you anyways for introducing this alternative. I will not change my favorite browser because of the password manager.
Great video. Thanks for posting it. I am new to the Docker world and checking if you have a sample passbolt docker-compose file that can run locally on a docker without much configuration.
They both have their Pros and Cons, Passbolt is better when it comes to sharing passwords within your team and org, but vaultvwarden/bitwarden has other features Passbolt doesn't have. Maybe at some point I should dive into comparison videos about password managers
@@christianlempa that would be awesome. Thank you for the replies even for my late question. I use vaultwarden since 7 years or so and do not miss any feature. Only the autofill in the android app is a bit bad.
@@christianlempa No, really, in light of the LastPass breach becoming a real concern (I have to get all my family members off it). Have your review of this would be clutch. I need to make a decision in the next two weeks or so. Could you please do a breakdown of all the major options?
They have multi factor locked behind the paywall?? How does that make this even an option? I guess that rules out anyone who locks their passwords behind a fido key like me.
@@christianlempa "Good software" is a subjective take. I didn't hear you once in your video speak about what this software offers above and beyond of other software. What makes this software good, better or even any different than the 50 other offerings in the same space? In my opinion ANY software that phones home to be able to check if your allowed to use features is by default 10 points behind any definition of "good software". We self host because we want complete control over our software and more importantly the data behind that software. I'm probably coming off a bit harsh but don't read it that way, I enjoy your videos.
Biggest issue with passbolt is the inability to easily restore deleted items. There is now bin where you can go to restore the "accidentally" deleted items.
Nice. I may investigate this but I do like bitwarden. I stopped using vaultwarden as primary and now just use it as a backup of my vault. If for some reason something happened to bitwarden, I can easily still have access to my passwords. Does passbolt support yubikeys? Yes, would like to see how you do DNS. I tried pihole, but I had some weirdness, so moved over to Adguard Home and everything works nicely. I have a docker container that syncs my Adguard's so I don't need to make changes to both servers when modifying DNS entries. I definitely would like to see what you use.
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
As avid mac user my self I only can recommend replacing Safari with Orion. Orion supports many Chrome and FireFox Plugins and yet stays close to Safaris WebKit.
@@christianlempa it’s fairly new and is basically still in beta or even alpha but I use it for 3 month now as my daily driver and works great. I only had a couple webpages where JavaScript was broken but this could also be a security setting haven’t really dug to deep into those yet as they weren’t really important on my day to day use. But anything else is great. Especially that I have my SearXNG instance as native default search.
Hey Christian. Awesome video as always. Have you ever ran into the issue where when you visit the URL, nothing shows on the screen but it does seem to redirect? I am running docker in an Ubuntu 22.04 container within LXD to see if this same process will work.
did you managed to get over this ? I`m having the same issue where I get too many redirects ... I`m also using custom nginx with authelia howver I`ve changed now 2 dockers to kinda pin point the problem but I can`t get around it ... when I get the end link to go to I always get an error no matter what I try ... all the other 17 links I have with cloudflare and ngnix work fine there must be something about passbolt
@@J.erem.y yes, it's prettier. But is it also better usable? In Bitwarden it's very long-winded to add a new password, because everything has an own form. Some annoying point, why i am not using Bitwarden after i had set it up.
But it is a fork of bitwarden's server that is compatible with bitwarden's clients. The moment bitwarden change protocol, vaultwarden will become useless. Kind of scary IMO
@@hitmajax Not at all, if the protocol forks so does the clients. At most development would halt and older versions of the clients would be used for a short period of time. Being able to use the official clients seamlessly is a major bonus tho.
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
I really like your videos and all the new tools you demonstrate. However, just a constructive criticism. Your pace are really too fast and the concept doesn't follow a step by step which makes difficult to understand for a non native English speaker and just an IT enthusiastic like myself. Anyway, thank you for all your efforts.
Thank you! It's going to be harder and harder to provide technical detail without making it too boring. I always try to find the sweet spot between complexity and simplicity, but it's sometimes difficult. I'll keep that in mind ;)
Not at all, lack of multi factor without paying is a no go. This video didn't mention anything that vault warden doesn't already do, only things you have to pay for that you can do for free in vaultwarden.
In their defense edge is just chrome with a bunch of Microsoft molestation. Safari is garbage anyway, kind of like apple as a whole. Sorry I offended you ahead of time.
@@christianlempa While it may be a common practice for password managers to have the capability to send emails, it also introduces an additional attack surface that could potentially compromise the security of sensitive information. Any feature that involves transmitting data externally increases the potential for exploitation by malicious actors. Additionally, the ability to send emails opens up the possibility of phishing attacks or unauthorized access if not properly secured. It's important to thoroughly evaluate and mitigate these risks to ensure the overall security of the system.
Literally my only question; if I host this on my home machine, can I unlock it simply using a u2f key? That's all I want out of a pm right now, because I want to use my flipper zero to access unlock keys for other services.
@@hitmajax What EXACTLY is the difference between how u2f and 2fa works? Seriously, I just want to use my flippers u2f function as a master password for everything. Ignoring security issues (because there are none beside losing the device itself) is what I'm asking even possible?
A password manager, which ideally is also used in insecure environments (browser extension, smartphone, etc.), must be able to be secured as much as possible, since all my passwords, Internet access, credit card information, etc. are ultimately at stake. In my opinion, you should really stay away from a variant without MFA. I find the approach of offering a password manager as a free open source variant without MFA quite questionable! You can do without functions, but maximum security should be given in every variant. I prefer to stay with Vaultwarden, because I can even use a Yubikey as a second factor. Maybe a sponsored video, but even not a good recommendation - sorry bro!
Thanks for the honest feedback, Markus! However, I still go to bat for Passbolt, as it's a great alternative to password managers, 2fa is still a viable option in their Pro licenses, which you can also self-host. Haven't said though it's better or the best software in all ways, that wouldn't be fair in a sponsored video. But I just like to show people alternatives, give them their choices, so everyone can do a decision on their own, what's the best solution for them.
@@christianlempa I just find it rather dubious to offer an actually good product in a free version that lacks security. A password safe without MFA is a nogo these days. Would you have presented this application in a video even if the manufacturer had not sponsored you and you could only present the community edition? Would you still be so excited then? I don't think so... And I'm not talking about better, I'm talking about safer! There is no alternative to security and the best application is useless if it is not secure. I can't understand your reasoning, sorry!
@@Glatze603 Keep in mind Passbolt uses a Passphrase whcih encrypts your privatekey, so it requires already 1. Passphrase (Something you know) and 2. the PrivKey (Something you Own) So it's already a 2FA to authenticate,. Even if somebody knows your passphrase, without your private key, nobody can access your data. I would like to see a key rotation option first. :)
I think it's kinda useless tool. There are already alternative for Mac, called "Passwords". Or use any of KeePass like apps. For sharing credentials in corp. you can always use Nextcloud or Windows Share. How about integration with desktop apps like putty? For example, auto login using: "ssh:{TITLE} -pw {PASSWORD}".
Not sure why would teams would like to share passwords. Every user should have a separate authentication. It is bad in a corporate environment to let users share auth credentials. I mean really bad. In corp you may share some secrets like API key, but that could easily be stored in a repository with something like git secrets. Thanks, but for my personal use I will stay with GNU pass and git.
I can think of so many use cases where you sometimes have to use shared credentials for infra, customers, whatever. Just because you don't need it doesn't mean every company needing this has a bad practice.
@@christianlempa In a corp environment when auth credentials are shared it would be hard to track who logged in and did a specific action. This makes everyone sharing the auth makes less accountable. One could argue that they may do such a practice in a start up where everyone knows everyone else very well and trust each other. But this won't scale when you add new members to the team. That is why I call sharing auth credentials is a very bad practice.
@@christianlempa I absolutely agree with @SenthilBabuji, and I really find it quite careless to not mention it in the video. Not only is sharing credentials very insecure for obvious reasons, but it becomes an even bigger problem when you share a lot of credentials with your team. What happens when people leave the team? You'd have to rotate every single credential, what a headache that'd be. So, making it easy to share credentials only points in the wrong direction. It'd probably be better if sharing credentials was a bit difficult to discourage it. Oh, and then it seems like Passbolt is lacking quite some features like auditing, monitoring, expiring, metadata, etc
@@SenthilBabuji That's why using password manager is critical for sharing password. Some passwords manager like bitwarden, zoho vault etc have advance auditing feature to control the access. Don't say it is bad because it makes you looks like lacks of perspectives.
@@christianlempa multi factor being locked behind the paywall says everything about the company that needs to be known. Clearly end user security is second priority behind dark mode.
I'm surprised you don't have millions of subscribers. A very clever and security oriented guy.
The CE Version without 2Fa is not acceptable and not dispensable...
Agree... hiding 2fa behind a paywall isn't great.
Agreed. Not even worth checking out.
@@Fishd1 Part of the reason bitwarden is losing me as a user. You get one u2f option and alternate methods are locked without self hosting
From what I saw on the passbolt community forum they plan to move down MFA in the community edition by the end of this month
@@hitmajax He really should of waited to make the video then. First impressions and all that.
A 365 environment with Azure would be most welcome on how to get this set-up. You've already given a lot of unintentional tips n tricks that help hugely for most environments, so thank you
Been using passbolt for sometime now... really like it
Oh, cool! I have now joined the group :D
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
Ooh! Ooh! I would upvote your lab DNS!
+1 :D
I'm pretty happy with Bitwarden, This might be the next thing i try though :) Thanks for this video !
Thank you! Let me know what you think about it :)
@@christianlempa Yup, will do !! Keep these videos going sir !
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
loved it, cant wait to setup on my
homelab, and yes, I am waiting for Homelabs DNS😎😎
Noted :D
@@christianlempa PiHole, AdGuard or a surprise? 😁
@@L3Gn3Rp hope it’s gonna be a surprise ;)
Great tutorial as always. Loving the content as always.
Thank you Bro! :)
No Folders (Private and Shared), No Admin panel and No Activity log (audit changes) => NO GO for the community version (this is subjective)
Agree, missing those 3 features kind of kills the purpose of it imo.
Passbolt is an excellent password manager. I can only recommend it.
+1 :D
Bitwarden (especially Vaultwarden) has a pretty impressive set of features embedded (thinking about 2FA for example) even being self hosted :) But Passbolt seems like a good alternative that I'll definitely have a look at!
Without self hosting all 2fa beside cell or email are locked behind a paywall.
That means hardware tokens 😑
@@jeffbrownstain Anything locked behind a paywall can change at the whim of those controlling the paywall at a moments notice. A secure password manager does not allow others control over the most important part of the password manager, logging in.
My whole fam uses our selfhosted vaultwarden. It is fantastic with all the normally paid features unlocked aka 2fa. It is really nice not having the kids ask me what is the netflix password since you can share certain pws. Or say I get hit by a bus, my wife can get in to anything that is just registered on my name. priceless
@@J.erem.y You must not comprehend what a hardware token is or how it makes an account secure even when under the control of someone elses server.
Go away stop pinging me on every post I made here.
@@jeffbrownstain What the hell are you even talking about? Im going down the comments and posting just like you, you go all ad hominem and say I dont have a clue about security keys even when under the control of someone elses server? There is no security at all, if the controlling server has the ability to TURN THAT FEATURE OFF.
Thank you for all of your content.
You're welcome! Thanks for your support :)
The ansible extension is interesting😜
Indeed!
Looking forward to the DNS video, need to fix that in our home-lab too! (7:10)
Same here
If you already have a NextCloud you could use Password for Nextcloud, too. Then you have a one stop shop.
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
8:23 - A .env file via the “env_file” directive in your docker-compose.yml file is also a great alternative for this as well.
How do you mean that mate?
@@christianlempaOops sorry only just seeing this now. Instead of “environment” you can use “env_file” and point that to a dot file called “.env” which follows the “dotenv” format. Basically very very similar to Bash environment variable declaration syntax in a text file literally called that (.env) which is typical at least in web development circles.
Thanks. Nice Vaultwarden is much more cool.
Hm, that's at least debatable :D
DNS video!
Noted! ;)
Interesting!
The dev fearures sound very interesting
Indeed!
Are you planning to make video for using it with ansible?
If its just for a home lab then unless you share your home and or home lab with a bunch of other devs then surely something simpler like Keepass would be a lot simpler and more secure without needing multiple additional layers of apps, reverse proxies, services and browser plugins that all need maintaining and patching just to look after your passwords . Sure, its good to test things like this in your home lab before a commercial deployment where devs don't share the same workspace/file shares and secure sharing of credentials is required (but are shared credentials a sensible way of managing security or should each dev have their own credentials for each system for more accurate auditing??) but from a usability case for typical home lab scenarios Keepass takes a lot less to set up and support than multiple containers, secure certificates, docker infrastructure etc
Absolutely agreed, and i personally use keepass too - but only because we also use keepass at work! Many people want to use one single tool for a task, and I too dislike using 2 different password managers for different things. I feel like a solution like this is much more valuable in that case.
also, i imagine many people won't want to bother with syncing keepass files themseves, actually i'll admit i STILL haven't set up a proper automatic sync of my keepass files on different devices.
@@Terminator85BS I find storing the file in Nextcloud works quite nicely. It syncs between my desktops and KeePass2Android syncs nicely through WebDav. Since I hosted on my own network I use Wireguard to connect in for access.
I stopped watching at „no safari support“. I‘m happy with bitwarden, but thank you anyways for introducing this alternative. I will not change my favorite browser because of the password manager.
Make videos of whatever came in your mind we're here to view them all
I’ll do :D thank you for watching :)
I was going to try it, and maybe replace Bitwarden, but the free version doesn’t have 2FA… so, I won’t even try it.
The free version now also have 2FA!
I am happy with Bitwarden, but I will try Passbolt later
I couldn't see to figure out the domain?
Great video. Thanks for posting it. I am new to the Docker world and checking if you have a sample passbolt docker-compose file that can run locally on a docker without much configuration.
Thank you :)
I know it's an old video, but how you would compare passbolt to vaultwarden?
They both have their Pros and Cons, Passbolt is better when it comes to sharing passwords within your team and org, but vaultvwarden/bitwarden has other features Passbolt doesn't have. Maybe at some point I should dive into comparison videos about password managers
@@christianlempa that would be awesome. Thank you for the replies even for my late question. I use vaultwarden since 7 years or so and do not miss any feature. Only the autofill in the android app is a bit bad.
safari nowdays is a the same thing that was IE for widnows :) bad crap that need to be replaced :)
Well, that's just your opinion man ...
Please cover Psono too, I’ve tested both and liked Psono more from a user perspective
Thanks for the heads up, I'm not sure if I'd like to cover another password manager, as I already have some suitable solutions.
@@christianlempa No, really, in light of the LastPass breach becoming a real concern (I have to get all my family members off it). Have your review of this would be clutch. I need to make a decision in the next two weeks or so. Could you please do a breakdown of all the major options?
They have multi factor locked behind the paywall?? How does that make this even an option? I guess that rules out anyone who locks their passwords behind a fido key like me.
Why not pay for a good software, then?
@@christianlempa "Good software" is a subjective take. I didn't hear you once in your video speak about what this software offers above and beyond of other software. What makes this software good, better or even any different than the 50 other offerings in the same space? In my opinion ANY software that phones home to be able to check if your allowed to use features is by default 10 points behind any definition of "good software". We self host because we want complete control over our software and more importantly the data behind that software. I'm probably coming off a bit harsh but don't read it that way, I enjoy your videos.
Does CE edition support's sharing TOTP tokens?
Will cloudflared zero trust tunnel work same as Traefik?
Finally get it to work, but found the apk doesn't support my phone 😓
Biggest issue with passbolt is the inability to easily restore deleted items. There is now bin where you can go to restore the "accidentally" deleted items.
Nice. I may investigate this but I do like bitwarden. I stopped using vaultwarden as primary and now just use it as a backup of my vault. If for some reason something happened to bitwarden, I can easily still have access to my passwords.
Does passbolt support yubikeys?
Yes, would like to see how you do DNS. I tried pihole, but I had some weirdness, so moved over to Adguard Home and everything works nicely. I have a docker container that syncs my Adguard's so I don't need to make changes to both servers when modifying DNS entries. I definitely would like to see what you use.
It does
The DNS video is definitely coming in the next weeks ;)
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
I also prefer Adguard Home over Pihole
As avid mac user my self I only can recommend replacing Safari with Orion. Orion supports many Chrome and FireFox Plugins and yet stays close to Safaris WebKit.
Hm never heard of this Browser
@@christianlempa it’s fairly new and is basically still in beta or even alpha but I use it for 3 month now as my daily driver and works great. I only had a couple webpages where JavaScript was broken but this could also be a security setting haven’t really dug to deep into those yet as they weren’t really important on my day to day use. But anything else is great. Especially that I have my SearXNG instance as native default search.
@@bufanda well that's nothing I'd consider using now, but maybe in the far future when it's a more mature solution.
Can you do one for psono
uuu I like this one...
Hey Christian. Awesome video as always. Have you ever ran into the issue where when you visit the URL, nothing shows on the screen but it does seem to redirect? I am running docker in an Ubuntu 22.04 container within LXD to see if this same process will work.
Hm, I haven't had this issue before, have you tried clearing your browser cache?
did you managed to get over this ? I`m having the same issue where I get too many redirects ... I`m also using custom nginx with authelia howver I`ve changed now 2 dockers to kinda pin point the problem but I can`t get around it ... when I get the end link to go to I always get an error no matter what I try ... all the other 17 links I have with cloudflare and ngnix work fine there must be something about passbolt
Yes, please show office 365 videos! :)
Noted! :)
Waiting for dns server configuration...
I've made the video already :)
Can I use my personal gmail as a mail server ? for the mail server setup
Yep :)
Benefits to bitwarden?
It's a great alternative! A direct comparison as part of a paid promotion video wouldn't be fair and honest ;)
Its prettier is about all I notice. If your into that kind of thing. Well that an the paywall.
@@J.erem.y yes, it's prettier. But is it also better usable? In Bitwarden it's very long-winded to add a new password, because everything has an own form. Some annoying point, why i am not using Bitwarden after i had set it up.
@@technickr It's one button?
Hm, i still prefer to use Bitwarder (vaultwarden) which is imho an industry standard today...
Me too
is it free and opensourse?
@@khayal88 technically, yes.
But it is a fork of bitwarden's server that is compatible with bitwarden's clients. The moment bitwarden change protocol, vaultwarden will become useless. Kind of scary IMO
@@hitmajax Not at all, if the protocol forks so does the clients. At most development would halt and older versions of the clients would be used for a short period of time. Being able to use the official clients seamlessly is a major bonus tho.
what vs code theme do you use?
I have created my own theme recently, but because I need to add a light variant, I'm switching it with the GitHub theme from time to time.
personally i like and use KeepassXC with the database hosted on Keybase but this looks like something i would try
It's worth having a look!
Our company has always give the best platform specially if you starting to play online gaming, you will earn up to 20 to 30 per day in every session.. our platform is all about 3 minutes Red/Green because will bet in just 3 minutes and you can bet again after 3 minutes.
I really like your videos and all the new tools you demonstrate. However, just a constructive criticism. Your pace are really too fast and the concept doesn't follow a step by step which makes difficult to understand for a non native English speaker and just an IT enthusiastic like myself.
Anyway, thank you for all your efforts.
Thank you! It's going to be harder and harder to provide technical detail without making it too boring. I always try to find the sweet spot between complexity and simplicity, but it's sometimes difficult. I'll keep that in mind ;)
Using vaultwarden now? Any user are planning to make the jump?
Nope
Not at all, lack of multi factor without paying is a no go. This video didn't mention anything that vault warden doesn't already do, only things you have to pay for that you can do for free in vaultwarden.
No way
nope
Oof, no 2fa for the free version - for a password manager…
They support Edge, but not Safari. EDGE from MS.... welp that's it for that video for me xD
In their defense edge is just chrome with a bunch of Microsoft molestation. Safari is garbage anyway, kind of like apple as a whole. Sorry I offended you ahead of time.
Written on PHP? really!? no way
Lamp!
Well if you fuck up the config file. You should always run yamllint before using it.
I don't like the idea of that software being able to send emails. That sounds to me like a major security gap!
what's the problem with it? it's common practice
@@christianlempa While it may be a common practice for password managers to have the capability to send emails, it also introduces an additional attack surface that could potentially compromise the security of sensitive information. Any feature that involves transmitting data externally increases the potential for exploitation by malicious actors. Additionally, the ability to send emails opens up the possibility of phishing attacks or unauthorized access if not properly secured. It's important to thoroughly evaluate and mitigate these risks to ensure the overall security of the system.
Literally my only question; if I host this on my home machine, can I unlock it simply using a u2f key?
That's all I want out of a pm right now, because I want to use my flipper zero to access unlock keys for other services.
A master password is required to log in the a yubikey can only be used as a 2FA
@@hitmajax What EXACTLY is the difference between how u2f and 2fa works?
Seriously, I just want to use my flippers u2f function as a master password for everything.
Ignoring security issues (because there are none beside losing the device itself) is what I'm asking even possible?
@@jeffbrownstain That is a rabbit hole that really sucks to go down, but a necessary rabbit hole. I wish you good luck on that adventure lol
@@J.erem.y Seriously who tf are you?
@@jeffbrownstain bro your seem to be worked up over something and I dont know what that is. Have a great day.
A password manager, which ideally is also used in insecure environments (browser extension, smartphone, etc.), must be able to be secured as much as possible, since all my passwords, Internet access, credit card information, etc. are ultimately at stake. In my opinion, you should really stay away from a variant without MFA. I find the approach of offering a password manager as a free open source variant without MFA quite questionable! You can do without functions, but maximum security should be given in every variant. I prefer to stay with Vaultwarden, because I can even use a Yubikey as a second factor. Maybe a sponsored video, but even not a good recommendation - sorry bro!
I don't know if he realized how much of a sensitive subject this would be. I'm with you absolutely tho.
Thanks for the honest feedback, Markus! However, I still go to bat for Passbolt, as it's a great alternative to password managers, 2fa is still a viable option in their Pro licenses, which you can also self-host. Haven't said though it's better or the best software in all ways, that wouldn't be fair in a sponsored video. But I just like to show people alternatives, give them their choices, so everyone can do a decision on their own, what's the best solution for them.
@@christianlempa I just find it rather dubious to offer an actually good product in a free version that lacks security. A password safe without MFA is a nogo these days. Would you have presented this application in a video even if the manufacturer had not sponsored you and you could only present the community edition? Would you still be so excited then? I don't think so... And I'm not talking about better, I'm talking about safer! There is no alternative to security and the best application is useless if it is not secure. I can't understand your reasoning, sorry!
@@Glatze603 Keep in mind Passbolt uses a Passphrase whcih encrypts your privatekey, so it requires already 1. Passphrase (Something you know) and 2. the PrivKey (Something you Own) So it's already a 2FA to authenticate,. Even if somebody knows your passphrase, without your private key, nobody can access your data.
I would like to see a key rotation option first. :)
@@nazg91 When I take a look at the feature list on there website, the community edition has no multi factor authentication!
I think it's kinda useless tool. There are already alternative for Mac, called "Passwords". Or use any of KeePass like apps. For sharing credentials in corp. you can always use Nextcloud or Windows Share.
How about integration with desktop apps like putty? For example, auto login using: "ssh:{TITLE} -pw {PASSWORD}".
Not sure why would teams would like to share passwords. Every user should have a separate authentication. It is bad in a corporate environment to let users share auth credentials. I mean really bad.
In corp you may share some secrets like API key, but that could easily be stored in a repository with something like git secrets.
Thanks, but for my personal use I will stay with GNU pass and git.
I can think of so many use cases where you sometimes have to use shared credentials for infra, customers, whatever. Just because you don't need it doesn't mean every company needing this has a bad practice.
@@christianlempa In a corp environment when auth credentials are shared it would be hard to track who logged in and did a specific action. This makes everyone sharing the auth makes less accountable.
One could argue that they may do such a practice in a start up where everyone knows everyone else very well and trust each other. But this won't scale when you add new members to the team. That is why I call sharing auth credentials is a very bad practice.
@@christianlempa I absolutely agree with @SenthilBabuji, and I really find it quite careless to not mention it in the video. Not only is sharing credentials very insecure for obvious reasons, but it becomes an even bigger problem when you share a lot of credentials with your team. What happens when people leave the team? You'd have to rotate every single credential, what a headache that'd be.
So, making it easy to share credentials only points in the wrong direction. It'd probably be better if sharing credentials was a bit difficult to discourage it.
Oh, and then it seems like Passbolt is lacking quite some features like auditing, monitoring, expiring, metadata, etc
@@SenthilBabuji That's why using password manager is critical for sharing password. Some passwords manager like bitwarden, zoho vault etc have advance auditing feature to control the access. Don't say it is bad because it makes you looks like lacks of perspectives.
@@ebudist how could a password manager audit if a person just copied the password and used it at a later time?
No one uses safari these days. And if you do its good that no plugin exists to punish you for using a lame os and lame browser
This sounds very terrifyingly unsafe, or maybe more safe than a black box product
And you can claim this even without watching the video? I mean, you posted the comment 1 min after the video was published? :D
@@christianlempa Don't feed the trolls :) IMO
@@JasonsLabVideos xD
@@christianlempa multi factor being locked behind the paywall says everything about the company that needs to be known. Clearly end user security is second priority behind dark mode.
Show us the cli
Noted :D