No video
I store ALL my Passwords in AWS
Рет қаралды 52,220
Жыл бұрынGet started deploying YOUR OWN instance of Passbolt! j-h.io/passbolt Huge thanks to Passbolt for sponsoring this video!
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering j-h.io/zero2auto
🐜Zero2Automated ➡ MISP & Malware Sandbox j-h.io/zero2auto-sandbox
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training j-h.io/escalate
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🤹♀️SkillShare ➡ j-h.io/skillshare
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
@_JohnHammond Жыл бұрын
Quick note, you obviously don't need to throw this into the cloud -- you can self-host something locally on your own intranet with something as small as a Raspberry Pi if you want. :) Check out all the sweet stuff Passbolt can do! j-h.io/passbolt
@JPEaglesandKatz Жыл бұрын
I know you were sponsored by them but I would have liked to some honest insight from you about the actual password manager itself, how it does things and how secure it is... etc.. Possibly a comparison with some other prime ones, bitwarden, lastpass. .. I mean I've heard nothing about this one would be bettter or good... (again aside from you being sponsored by them)
@tg-lu6hl Жыл бұрын
Could you take a look into sliver c2 ?
@wolfiexii Жыл бұрын
I can't believe you recomended this without 2FA ... I thought you were serious about security.
@JPEaglesandKatz Жыл бұрын
@@wolfiexii Yeh... I had high respect for some of the indept videos but this really looked and sounds like a quick sponsor cash grab. No 2FA / hardware key support makes this product null and void. And I guess John doesn't respond to his viewers raising concerns either.
@wolfiexii Жыл бұрын
@@JPEaglesandKatz Aye, what starts out good, goes down hill fast when cash and politics get involved.
@SamGib Жыл бұрын
It is good, but passbolt lacks 2FA unless you pay, which I think should come standard in 2022.
@robertgleaden5509 Жыл бұрын
I agree, We've ended up going with Psono purely for the 2FA
@clb92 Жыл бұрын
A password manager without 2FA? Thanks but no thanks... I think I'll stay with Bitwarden.
@cryptoafc7655 Жыл бұрын
@@clb92 me too, Bitwarden with yubi key
@00Klingon Жыл бұрын
Bitwarden has 2FA and can be self hosted. That is the standard all competitors must meet to even be considered.
@HyBlock Жыл бұрын
Just self-host Bitwarden. Open source, audited and trusted.
@weiSane Жыл бұрын
@Hoxton stfu..they probably have a reason for it
@VIVEVIEV Жыл бұрын
Bitwarden > assbolt
@lel7531 Жыл бұрын
@Hoxton lmao true
@QDLmcfresh Жыл бұрын
Vaultwarden for more features
@moose43h Жыл бұрын
@@VIVEVIEV oof
@ameliekk Жыл бұрын
$0.046/hr is like $30 a month? Too expensive for password manager imo
@biackshibe Жыл бұрын
don't they have a free tier
@paulstelian97 Жыл бұрын
@@biackshibe They have a theoretically-free tier that for me never really ended up being actually free.
@swapnildinkar Жыл бұрын
@@paulstelian97 the software itself is free.. the $0.046 is for using the resources on AWS - EC2 instance, etc
@paulstelian97 Жыл бұрын
@@swapnildinkar I meant the free AWS tier itself (not the one picked by this). It says free but I tend to pay and quite a bit actually.
@StrifeJester Жыл бұрын
Run it on digital ocean for $4/month.
@grover- Жыл бұрын
It's still the digital equivalent of keeping the front door key under a stone. Last pass learned it the hard way. As for using an open source tool for storing your secrets, OS has both the pro and con that everyone can see the source code. If someone finds a bug there's no financial encentive to fix it if the finder has nefarious plans.
@iamvinku Жыл бұрын
Looks great but honestly I would not use a password manager that didn't at least support TOTP 2FA just for my own peace of mind. Bitwarden's free plan has TOTP 2FA and also allows self-hosting and free access to their cloud hosted instance. Passbolt looks great but it's not for me until it supports TOTP 2FA for the community edition.
@NessHypegaming Жыл бұрын
THIS.
@Byter09 Жыл бұрын
You can also self-host vaultwarden (a Rust implementation), which comes with all premium features unlocked.
@TriSept Жыл бұрын
Looks like a great tool only if it supported at least some kind of MFA. For now I will stick with Bitwarden and Keepass.
@ThePapanoob Жыл бұрын
Even if you host it via the „on-premise version“ it doesnt really justify as on-premise as aws can literally do whatever they want to your instance. That includes modifying the passbolt installation to dump your username + password to some logfile ;-) personally i wouldnt trust any hoster with such data.
@chompyumyum4615 Жыл бұрын
Not tryna be mean but comes off to me as shill-y "I need to store my passwords somewhere. I will immediately use Amazon and Google to do this" Though, I am also enjoying watching your videos now that I just discovered them, so props! It is good to teach people about gpg keys and stuff. But there are other hosting and domain options, lol To me looks like amazon sponsored passbolt into sponsoring this video
@Slm3lkm Жыл бұрын
i use bitwarden its opensource too
@Duconi Жыл бұрын
Sounds really inefficient to use an EC2 instance for such things. Not just are EC2 instances expensive compared to other VPCs, the instance will also probably idle 99% of the time. On the other hand you could just sync your KeepassXC file with S3, Nextcloud, Google Drive, ... For big companies with a lot of users this is maybe useful. But I would not recommend it for personal use. But still there a lambda version would be nice, so you safe costs and do something good for the environment (less electricity, less hardware, ...). And let's not forget to implement a backup system. Keepass synced to the cloud is there already more secure, as copies are local and on the cloud.
@ahmedtahervlogs8119 Жыл бұрын
Nice video . Thank you
@sammo7877 Жыл бұрын
Nice!
@Ng123f4 Жыл бұрын
would've been nice if you followed some best practice and put the instance in a private sub and do the same setup, that would've been great, i doubt anyone would let their passsword manager app just that open.
@Jordan-hz1wr Жыл бұрын
I'm a grumpy old BSD guy who believes "worse is better". Which is why I'll stick with trusty ole pass.
@timisthebest Жыл бұрын
Im not sure how anyone could recommend this when they paywall MFA, SSO and auditing. What a complete joke.
@PowerUsr1 Жыл бұрын
mehhh..I mean Bitwarden is the standard right? So not seeing a compelling reason to switch plus theres a lack of 2FA which is weird.
@belalal1902 Жыл бұрын
why not use a normal password manager like last pass on so? and whats the best free password manager? Thanks!
@i_sometimes_leave_comments Жыл бұрын
There's no 1 "best" password manager, or "best" anything most of the time. It largely depends on your own preferences and requirements. 1. Do you trust the company who made the password manager? 2. Do you trust whoever is hosting the server? 3. Do you want it to be accessible from anywhere in the world or just from inside your intranet? 4. How many sets of credentials do you need to store? 5. How many people do you need to share some of those credentials with? 6. Do you want a CLI client for automation or just because you love the terminal, or do you just want a plugin/extension that works on your favorite browser? 7. If you're *really* into tech & security, what specific features and configurations do you want on your self-hosted server? 8. How many milliseconds do you want to shave off of each login? 9. [Insert some other seemingly-obscure preferences a bare-bone Linux user might think of] I use Arch Linux but I wouldn't recommend it as "the best OS" to someone asking for a beginner Linux distro. I like Python and Rust but can't recommend them without knowing what someone wants to develop. John's sponsored so he's showcasing it, but for all we know he could have just cancelled his subscriptions after making the video (I'm not saying he did, just that he can). You can use Lastpass if it seems useful. I used it for years until I had some issues with it and switched to Bitwarden because I liked some of the things they offer for free (e.g. not having to pay for MFA).
@belalal1902 Жыл бұрын
@@i_sometimes_leave_comments Thanks man, appreciate it!
@KevinArellano Жыл бұрын
This defeats the purpose of you watching this whole video. It's most secure since your hosting it yourself. As long as you don't get hacked ( which quite honestly is very slim unless you frequent on sketchy side of the net ) you are not relying on a 3rd party to handle your credentials. Now you obviously are compromising "easiness" over "security", but you are more than welcome to go the easy route and have a higher risk of it getting leaked. LastPass get's hacked twice a year lol
@robbienorton9522 Жыл бұрын
I use keepass for personal use, but this looks great for corporate environments
@djcb4190 Жыл бұрын
Thant s a good idea. I seriously need to write down each password instead of remembering them
@ilusions4 Жыл бұрын
vaultwarden
@MrManonoFly Жыл бұрын
Enpass is better if you need one Vault per user PassBolt is nice if multiple users need access for one vault, but with different premissions
@PixelHamster Жыл бұрын
enpass is paid, closed source and has been buggy on linux for years :P I only use it cuz i've a lifetime licence from back when it was 5 bucks
@VR-Nomad Жыл бұрын
Is BitWarden still a great password manager?
@An.Individual Жыл бұрын
I would say the best
@bennihtm Жыл бұрын
It's the only one I know of that has been independently audited multiple times and never had any data leaks
@clb92 Жыл бұрын
I like it. You can host your own Vaultwarden server too, if you'd like.
@junaisetp Жыл бұрын
Is it possible to protect files like PDF /Excel using passbolt ?
@bob_kazamakis Жыл бұрын
I don’t see why they use an external provider for SSL when certificate manager would have just been another line in their cloudformation script. On top of that, same for cloudfront…
@michaelortega804 Жыл бұрын
lol all good until you have to grab your phone in order to enter 2FA, it should be included on the CE. Anyways ill stick with Vaultwarden.
@gillesva51 Жыл бұрын
I think most people in here are missing the use-case for this. Great functionalities in passbolt honestly. You can admin the access control to passwords for a team eg IT, sales, production etc very easily. This is for businesses. What's wrong with having to pay for that.. I for one thank you John, as this is exactly what the startup I just started working in needed.
@Iwantapplez109 Жыл бұрын
Yeah it's great until AWS servers have an oops, and then hashes get leaked. That and MFA is paywalled (i mean come on, this is like an EA game, get a half-assed product and get the rest as paid DLC). imo KeePassXC is the way to go. It's free, completely local, you're in control of everything, and if you need syncing, you can use syncthing, or just copy the database file over to your other device. And if you're *really* paranoid, you can always use a keyfile or hardware key to encrypt your database.
@bdot02 Жыл бұрын
We used passbolt but migrated to passwork because it just had more of the stuff we need.
@stephanrogers8947 Жыл бұрын
Your tone of voice and demeanor make this hard stuff seem simple......but WHY would someone want to go through ALL this just to configure this?
@chibiichen Жыл бұрын
How much does it cost using Amazon?
@MrNolimitech Жыл бұрын
Apps are Free, but the Instance is 30$/month $0.046/h = $1.104/day = +30$/month
@chibiichen Жыл бұрын
@MrNolimitech seems too much for just hosting a password manager. Is there a way to get it cheaper?
@evilgibson Жыл бұрын
have been using self hosted KeePass database on Google drive for the past 10 years. have avoided all the "safe" online password sites and their oopsie-daisies data exposures. I'm good with my solution (which has 2FA built in for those that are going to bring up it's only password)
@P4V3LS Жыл бұрын
This is so freakin scary. I am always worried my pass word file database and app is making connections to the internet.
@dura2k Жыл бұрын
So, it's open source, but all the good functions which would be better than other services are paid? Even freaking folders and MFA? So keepass if you using it for your own or bitwarden for multiple user is still the better option for hosting tbh (and even has a open-source community rust server implementation). And it's 360€ for a year? That's insane... Not an alternative.
@Troiler Жыл бұрын
This is rude.. you''re not showing or explaining the pricing it'll take to rent the ec2 instances..
@BoostedNW Жыл бұрын
Passbolt vs Bitwarden(vaultwarden) ?
@drgr33nUK Жыл бұрын
Did I see you just log into AWS as root! Tut tut :) I use GNU Pass for my personal password manager.
@khalidelgazzar Жыл бұрын
13:04 locating Elon Musk's car 😅
@ChairmanHehe Жыл бұрын
why not bitwarden?
@stavros222 Жыл бұрын
plot twist: it really found elon musk's car location
@England91 Жыл бұрын
I'm glad I wasn't the only one that noticed Elon was mentioned in the setup screen
@MD4564 Жыл бұрын
Nice, but it's not your own infrastructure, it's still cloud.
@custard131 Жыл бұрын
thats kinda scary how casually you overwrote your existing primary ssh key
@Freeak6 Жыл бұрын
He is in a virtual environment. One he probably created for the video, so, it's fine.
@custard131 Жыл бұрын
@@Freeak6 ye i get that but didnt even hesitate :p not from doing that but ive felt the pain of locking myself out of my servers before and its not fun :(
@devKazuto Жыл бұрын
Passbolt sucked so much when I had to use it. Never again. "stay logged in" never worked and I got logged out after 5 minutes and it got no app during the time. Bitwarden is so much better in my opinion.
@wizzbitgxs Жыл бұрын
I kinda wonder why a hacker would recommend your passwords to be stored in a cloud service? that would really be the last resort where i would put my passwords to be honest. Bitwarden has 2fa out of the box. also opensource and can also locally be installed that all and for zero costs .
@mikeleio007_xd9 Жыл бұрын
The thumbnail wants to kill me
@3398halofreak Жыл бұрын
Why are non of these tutorials on actual in-home clients there all I ya here my rdns like show us a real world scenario where we have a ubuntu computer kicking around and we want to to run on it and be accessable.
@ElSarcastro Жыл бұрын
Just make sure to mute your amazon doorbells or you will lose your passwords
@pr1nzp1 Жыл бұрын
Ohama means family, right?
@goodboy8833 Жыл бұрын
Is this promotional video.
@wilcosec Жыл бұрын
Nah, Bitwarden for me.
@aeonel Жыл бұрын
Bitwarden ruls.
@venkatasurajjami5653 Жыл бұрын
Make a video on evilginx2
@jasonrochau Жыл бұрын
The master password is legit
@asddsa6465 Жыл бұрын
i store on blockchain
@Catge Жыл бұрын
Probably just self hosting bitwarden is better. Open source, audited, and good community.
@KevinArellano Жыл бұрын
Isn't it the same concept though?
@axer552 Жыл бұрын
@NeverGiveUpYo Жыл бұрын
I was never a fan of password managers..
@navarrov Жыл бұрын
Very cool. I still prefer LastPass simply because it has my 500+ passwords and is sync’d on all my devices. They have been compromised a few times though, so that’s one con. I’ve been considering bitwarden, but I’m pretty happy with LP.
@FaZekiller-qe3uf Жыл бұрын
You can export passwords as a csv and import it to another password manager.
@redtrillix2 Жыл бұрын
even with all the breaches they have?
@josemicod2 Жыл бұрын
I use my mind, fuck passwords services
@mattplaygamez Жыл бұрын
Looks great but Costs 34 dollars a month. So be carefull
@SolitaryElite Жыл бұрын
thank you for letting me know, ill be trying to hack your aws now xd
@SolitaryElite Жыл бұрын
@Hoxtonyeah that was a joke but I have a reset password poisoning exploit for aws so I could probably do that if he doesn't have 2fa🙃
@England91 Жыл бұрын
@@SolitaryElite from what I've seen the comments the 2FA is in the paid service not the free service
@liveunderflow5511 Жыл бұрын
John Shere your csv file for educational purpose
@rdxdt Жыл бұрын
I store all my passwords in my keepassxc offline i trust no one.
@zeroordie453 Жыл бұрын
Bitwarden all day.
@stupidmariogamer6952 Жыл бұрын
is he leanring us how to hack?
@stupidmariogamer6952 Жыл бұрын
@Hoxton i mean any video
@canahmetbe Жыл бұрын
Aferin
@zShipStreeTz Жыл бұрын
any pros over using vaultwarden🤔
@garyruiz2491 Жыл бұрын
Any 1Password Fans? 👇🏼Like
@Hdio99 Жыл бұрын
this guy is all about money, once asked help because I was robed , nor even responded and I contacted him by email, after I unsubscribed him and lost track , today I see this video, and for this because they sponsored him he makes an huge promotional video...I dont trust the good faith of this guy...just saying...maybe he is a good guy, not to me but who cares right!!!
@josemicod2 Жыл бұрын
Call the Police idiot, he doesnt make that type of services, its ridiculous.
@majoryoshi Жыл бұрын
i’m gonna assume briefly that this comment is legit, most people aren’t gonna help some stranger on the internet get money after being robbed. not easy to even confirm it to begin with, much less figure out how much you should get. you’re not entitled to getting money after being robbed. for the video being sponsored we don’t know much about the contract and that’s common, but we can likely infer that the contract said something about making a video about setting it up. when there’s money changing hands, you need to learn to take what’s being said with a grain of salt, and even then the FTC prevents sponsored videos from being forced to say something they don’t believe. this goes for every creator online, not just john
@Hdio99 Жыл бұрын
@@josemicod2 well I did, its not the point, I asked help for understanding how was it done, so if he is so eager to make videos about security if you are here just to promote and get money out of youtube and not even do human things I call him out on that!! simple, but in a normal maner without calling names like you did, fan boy...maybe the idiot is other...maybe you have it so often in your mouth maybe
@Hdio99 Жыл бұрын
@@majoryoshi well I understand what you say, the point is I was reaching him not to get the money back for that I made contact with the police, of course he has no power to go after, but because I was in shock and I wanted to know/understand how was it done, it was from a BINANCE app someone hacker entered my pc and entered the security of BINANCE APP like butter avoiding second A2F security...etc...so you are assuming to much I believe
@josemicod2 Жыл бұрын
@@Hdio99 nobody work for free, only scammers
@Yasin33 Жыл бұрын
First
@SidTheGreat420 Жыл бұрын
No one asked
@KratosConPelo Жыл бұрын
Literally nobody cares
@push42 Жыл бұрын
"open source", why is 2FA behind paywall? trash
@sebastian93921 Жыл бұрын
KeepassXC for me
The BN Family
Рет қаралды 19 МЛН
DevOps Journey
Рет қаралды 10 М.