Passbolt Review (Plus How To Install And Get Started)

In this review I will be sharing my first impressions of open source password manager Passbolt.

Is it easy to install and use, what are the key features and is it a viable alternative to paid alternatives like 1Password, NordPass and LastPass?

What is Passbolt?

Passbolt is free, open source, PHP based software that enables users to share login credentials, notes and other sensitive information securely.

Passbolt is available in 3 flavours: Community, Business and Enterprise. Business and Enterprise are paid tiers so, in the FOSS spirit; we will be taking a look at the free version: Community.

Here are the key features that Passbolt Community includes:

• Password management & sharing
• Private and shared folders
• Users and groups management
• Secret key authentication (2FA)
• Additional factor authentication (3-step verification)
• Browser extensions & CLI
• Open API
• Role Based Access Control
• Password expiry
• Community support

Is Passbolt easy to install?

Passbolt provides detailed installation guides for a wide range of destination Operating Systems. Installation for most platforms involves using command line, so basic technical knowledge will make the process more comfortable.

It’s recommended to have a ‘naked’ server (i.e VPS with just the OS and no other software on it) on which to install Passbolt to limit attack vectors.

If you understand the risks and want to install Passbolt alongside other software, you can do so by following the ‘From source’ installation guide.

I found installation to be straight forward – copying and pasting the commands from the guide was frictionless.

During the installation process, you’re given an option to make the application accessible via the server IP address, domain or subdomain; allowing you to tie Passbolt to your business domain.

After the initial installation, I accessed Passbolt via the IP address of the server without any issues. After a quick health check is made, I could complete the configuration.

If you’ve set up hosted software previously, the process will feel very familiar. Configuration merely involved setting the URL of the application, database connection details and SMTP details.

If you need to change the details later, you can modify the configuration file /etc/passbolt/passbolt.php

Is Passbolt user-friendly?

I was met with a clean and easy to understand interface and I was able to add a new password quickly and easily.

The process of creating and storing a password could not be more simple: fill in the form and, after clicking ‘create’, my new password was stored.

Managing passwords is very simple. The dashboard provides a centralised hub for accessing and managing both passwords and users.

At the time of writing, Passbolt’s ‘Get started’ page has direct links to install their browser extension to the most popular browsers, with Safari support currently in development.

Clicking the logo of your browser takes you directly to the relevant extension install page, from which you can install Passbolt in a few clicks:

With the extension installed into your browser, enter your Passbolt account details to link with your server and you are ready to use your passwords.

The browser extension allows you to select saved and shared credentials for each login field.

The option to Browse credentials makes it simple to access password protected areas using different accounts.

The search tool makes it easy to quickly find users based on their names and credentials.

You can share passwords with existing users or teams from the password management area of the browser extension. If a user or team does not exist, you can create them under the ’users tab’.

After you have created a user, they will receive an email invitation to their new Passbolt account.

Passbolt Mobile Application

Passbolt offers a mobile app for iOS and Android from which you can securely manage and share login credentials while on the go. 

In contrast to how easy it was to install Passbolt on a VPS; Initial setup for the mobile app was more complex than anticipated, and things did not work right away. 

After some digging on the Community Forum, I discovered that using the mobile app requires that: 

1. You connect to Passbolt over https 

2. Your server has its SSL certificate, intermediate certificate and private key installed 

3. Your device time and date is configured correctly 

It would be good to see more detailed server requirements such as those listed above in the mobile app support documentation.

Once up and running; I found the app very easy to use on both iOS and Android. Finding, using, sharing and creating passwords was simple and straightforward.

Security Features

Passbolt employs end-to-end encryption to ensure that password data remains safe in transit and at rest. Because the software is open source, security experts can review the application code to identify and address any potential vulnerabilities.

Admin and users are given an encrypted security key (2FA mentioned above) which they will need to use whenever they login into Passbolt.

Conclusion

Passbolt is a comprehensive solution for small organisations who are looking to take more control of their password and sensitive data management. It offers useful features, a user-friendly dashboard and advanced security as standard.

With it being FOSS, I recommend giving Passbolt your consideration to see how it meets your security needs.