Passbolt - Why I Can't Recommend This Password Manager

Рет қаралды 19,446

Күн бұрын

Passbolt is an open source password manager designed for team collaboration. Securely generate, store, manage and monitor your team credentials.
Here are the main reasons I can't recommend Passbolt:
1. Users Can See TOO Much For No Reason
2. Browser Extension REQUIRED
3. Signing Out and Back In Can Be A Pain
3a. Changing your PassBolt Password is ONLY for your local browser
4. SO. MANY. EMAILS.
Passbolt does have a great mobile experience if that's all you need, though.
Passbolt also offers 2FA pretty easily including Yubico
Yubico 2FA Keys:
www.yubico.com/product/yubike...
BitWarden/VaultWarden Install Video:
• How to Install BitWard...
Blog post: dbtechreviews.com/2023/04/pas...
Timestamps:
0:00 intro
2:53 Issue 1. Passbolt users can see too much
4:00 Issue 2. Browser extension required
4:36 Issue 3. Signing in can be a nightmare
5:31 Issue 3a. Changing account passwords isn't global
6:08 Passbolt has a great mobile experience
6:37 Passbolt mobile app is a great experience
7:34 Email. So. Much. Email.
8:44 Some additional notes
9:06 Who is Passbolt for?
10:11 Wrap up
/=========================================/
Get early, ad-free access to new content by becoming a channel member, a Patron or signing up for the members' only website!
✅ / dbtech
✅ dbtech.fans/
✅ / @dbtechyt
/=========================================/
The hardware in my recording studio is:
✔ Custom PC w/ Ryzen 2600, 32GB RAM, RTX 2070, Assorted Storage
✔ Panasonic LUMIX G7 4K Digital Camera: amzn.to/3IGEOcb
✔ SAMSUNG 34-Inch SJ55W Ultrawide Monitor: amzn.to/395g9BZ
✔ LG 27UK650-W 27” UHD IPS Display with HDR 10: amzn.to/398pg4S
✔ WALI Premium Dual Monitor Stand: amzn.to/398AiqM
✔ Neewer Lights: amzn.to/3nZcoSX
✔ Light Power Supply:amzn.to/3Konpqf
✔ 55" Gaming Desk: amzn.to/3AkgHgw
✔ Sabrent USB-C Hub: amzn.to/3qFcwbV
✔ Das Keyboard 4 Professional: amzn.to/3G9rPxM
✔ Fuqido Big and Tall Gaming Chair: amzn.to/3IGegrq
/=========================================/
The hardware in my current home servers:
✔ Synology DS1621xs+ (provided by Synology): amzn.to/2ZwTMgl
✔ 6x8TB Seagate Exos Enterprise HDDs (provided by Synology): amzn.to/3auLdcb
✔ 16GB DDR4 ECC RAM (provided by Synology): amzn.to/3do7avd
✔ 2TB NVMe Caching Drive (provided by Sabrent): amzn.to/3dwPCxj
✔ TerraMaster F5-221 (provided by TerraMaster): amzn.to/3IfH2QD
✔ 5x6TB WD Red Plus NAS: amzn.to/3LnbPvC
✔ 8GB DDR3: amzn.to/3kfLTX3
✔ TerraMaster F4-423 (provided by TerraMaster): amzn.to/3kjUms5
✔ 2x8TB Seagate Barracuda Compute: amzn.to/3xBAO95
✔ 16GB TEAMGROUP Elite DDR4: amzn.to/3MzzFV9
✔ 512GB Silicon Power NVMe Caching Drive: amzn.to/3MzkBae
All amzn.to links are affiliate links.
/=========================================/
✨Find all my social accounts here:
✅ dbte.ch/
✨Ways to support DB Tech:
✅ / dbtech
✅ www.paypal.me/DBTechReviews
✅ ko-fi.com/dbtech
✅ Cashapp: cash.app/$dbtechyt
✅ Venmo: venmo.com/dbtechyt
✨Come chat in Discord:
✅ dbte.ch/discord
✨Join this channel to get access to perks:
✅ / @dbtechyt
✨Hardware (Affiliate Links):
✅ TinyPilot KVM: dbte.ch/tpkvm
✅ LattePanda Delta 432: dbte.ch/dfrobot
✅ Lotmaxx SC-10 Shark: dbte.ch/sc10shark
✅ EchoGear 10U Rack: dbte.ch/echogear10u

Пікірлер: 41

@louisbullock8615 Жыл бұрын

Greetings from the UK....Love your videos and content...Keep up the great work. I tried Passbolt too and another factor I found was that it requires ipv6 to function properly even if your not going to connect via ipv6. I turn off ipv6 as a standard as I don't need it so it just caused issues as the web interface wants to bind to it. Maybe there is a way round it but I spent hours and never got it to work. Again thanks again for your fantastic channel 😊

@truthontech 11 ай бұрын

Thanks DB Tech and really enjoy your channel. Have been using self-hosted, cloud based Passbolt for a while now and for me there are no equals. Gives us the most control and the fact that each browser requires encrytion key and is device specific adds an extra layer of security for us. We use self-hosted Kasm VDIs so encryption keys are always nearby should we need to recover or add a device. Its pure Linux and I really love it!

@scottibyte Жыл бұрын

When we look at security tools, real security is always at odds with usability. Bitwarden has a nice balance between security and usability. As with all tools, the end user knowledge plays closely with how well the tool is implemented.

@KR1ML0N Жыл бұрын

I tried passbolt and didn't last more than 5 min before destroyed it and went back to bitwarden.

@DBTechYT Жыл бұрын

I probably would have done the same, but I needed content, so here we are LOL :)

@s.sandeep Жыл бұрын

@@DBTechYT 😂

@Marcelo1406pipo Жыл бұрын

Which open source password manager can you suggest for teams?

@DryUrEyesMate 11 ай бұрын

everything you have said is a postive thing and shouldnt be considered as negative, sounds like they make it very dificult for anyone not authorised to access you account very dificult.

@Robertjaymercer Жыл бұрын

Thank you for all your content. Years of following you helped me a lot buildind my home server...

@VolcanicDisruption Жыл бұрын

Hey DB, could you do a video about dockerized Unity3D?

@gatval Ай бұрын

Passbolt backup and recovery, It is a nightmare, each user has to keep his private key. Not useful for family neither for an organization. Fully agree with you!!!

@lucasr4204 Жыл бұрын

Very interesting video, thanks

@HATipsByLarry Жыл бұрын

I'm using vaultwarden (self hosted of course) and have auto fill turned off. This allows be able to examine the site to see if i can auto fill or not. I know this isn't ideal but until they fix the problem 🤷‍♂ I thought of changing as you did but like the feature and security (2AF, etc.) of vaultwarden. I set my docker container as persistent storage, so should be able to update it easily enough when the fix comes out.

@programster_uk Ай бұрын

Just to clarify because "password" and "passphrase" were used interchangeably here which may explain some of the confusion. It is the pgp key that gets generated for the user at the point of setting up that is actually used for encryption and decryption of the passwords. This is why there is the browser plugin which you referred to. The pgp key itself is encrypted with the "passphrase" (like SSH keys). Hence if you were to decrypt the key and set a new passphrase on it on another device you would have two different passphrases across the two devices. The underlying key is the same. Ive been using passbolt for years and love it. I frankly find the strict security reassuring even if some of it may feel inconvenient.

@user-oz8xp3tm6c 4 ай бұрын

With RBAC you can now control what users see, so they can't see other users anymore if you set it up correctly.

@JR-uy2nd Жыл бұрын

Yesterday I searched here for passbolt dbtech because I can't make it work on my server, because you upload this video now? Good even if was because you have bad news to me.

@ahumadosdelcarmen 10 ай бұрын

so which one do you recommend then? open source and that can be used to share credentials?

@DBTechYT 10 ай бұрын

I use Vaultwarden

@rfkgaming Жыл бұрын

I was playing around with passbolt the past few weeks. Its not for me I would prefer to keep using vaultwarden + a backup that connected into my Keepass i that Auto uploads once a week to my Gdrive. that way if my home server dies or something else happens, I have a 1:1 copy. I know i can export on phone from vaultwarden but its also nice having anther copy. I think passbolt has some growing pains still as I did a 2ed install of it to toy some more and I could never get it setup again in a new VM/LXC

@DBTechYT Жыл бұрын

Thanks for watching and sharing how you handle your setup :)

@rfkgaming Жыл бұрын

@@DBTechYT rules of 3-2-1 but I go overkill LXC for vault LXC for keepass Gdrive backup of both database Offsite at my moms place for both then a usb drive that is always on my keys that is excryped with Rclone and then that zip is passwored. been thur 1 fire where I lost data in a self hosted pass so I overbackup these days

@wizzbangtg Жыл бұрын

I see your points. I've been using PassBolt for some time with only a few personal and professional accounts. Seems to work as well enough for us. With just a bit of fiddling I was able to get it up and running. Also integrates quite well with Trafik. Seems pretty solid to me but I am not just your average self-hoster. In regards to being on a customer site and needing a password, the mobile app is great for this purpose. I would not be installing a browser extension on someone else's system and logging into my password management account. One thing I have to say is, back up your Database! I and an employee couldn't figure out why the mobile app kept crashing on us until I got back and looked at the database logs. It had crashed. Not a Passbolt issue really, just databases being databases. Luckily we had a back up from the day before and were up and running again in less than two minutes. The one thing that I really wish they would implement is TOTP support in the password records. That would make it so much more usable for a team. The ability to share password records with a team is very important when dealing with customer sites. When the support accounts require MFA this is not yet a tool that can be used.

@fredzibulski3111 Жыл бұрын

id love to see them have the option to be able to use multiple YubiKeys in case one gets lost for example. I myself also use Vaultwarden and would see if it is going to be a Switch or to be used as a Backup of some sort.

@TequilaDave Жыл бұрын

If you can't add two hardware tokens it isn't for me. Are you sure you can't? Haven't installed or tried it yet myself.... may give it a go but if I can't add my backup Yubikey as an option I'll try another solution, shame.

@NightHawkATL Жыл бұрын

I tried to just get passbolt running in docker and never could. Glad I didn't spend more time on it. Vaultwarden is what I started with (self-hosting) and will probably be what I always use. If RoboForm ever goes open-source and allows for self-hosted, I would jump on trying that.

@ArcticPrimal Жыл бұрын

Really? took me under 10min first try and I was shocked how easy it was to set it up.

@DBTechYT Жыл бұрын

I agree. It was easy to set up. I just didn't like the way most of it worked after it was set up.

@Xfacehack 7 ай бұрын

It was a little finicky as a newbie, like always i have problems with https. However the instructions where so good i never gave up. It been reliable so far. Been running 4 months and its fun to see big and exciting updates. Which has been easy but not as easy as it could be to update… Idk much about anything else except keepassxc locally. So bitwarden might be much better? But i like passbolt, but its still in BETA! It will be better with time

@OzDeaDMeaT Жыл бұрын

Is it the Bitwarden browser plugin or the docker image with the vulnerability?

@DBTechYT Жыл бұрын

It's the auto-fill option that is/was an issue

@OzDeaDMeaT Жыл бұрын

@@DBTechYT So the browser plugin then? I don't know this setting that you are speaking of.

@robertsanchez5279 Жыл бұрын

what about buttlecup password manager or proton pass?

@DBTechYT Жыл бұрын

I've got no experience with either of them. I only really looked into Passbolt because I had a few different people request it

@squalazzo Жыл бұрын

you explained wrongly how that "threat" is working in bitwarden... it's not triggered if you enable autofill, but if you enable a specific option, which is not enabled by default, and even not recomended

@DBTechYT Жыл бұрын

This is why there's a blog post linked in the description of the video with more information including links to the original article.

@thedev2496 Жыл бұрын

The simple fact that grouping and field referencing aren't present (at least weren't available in the community version) makes me go naaaah... I'm sticking with KeePassXC with a cloud available file.

@user-ic9jm6wb7d 5 ай бұрын

Number the 3rd is FALSE, you only need to do this if you want to get to it from a different browser (on the same machine or another) ...yes, security is the enemy of convenience.