When we look at security tools, real security is always at odds with usability. Bitwarden has a nice balance between security and usability. As with all tools, the end user knowledge plays closely with how well the tool is implemented.
everything you have said is a postive thing and shouldnt be considered as negative, sounds like they make it very dificult for anyone not authorised to access you account very dificult.
Greetings from the UK....Love your videos and content...Keep up the great work. I tried Passbolt too and another factor I found was that it requires ipv6 to function properly even if your not going to connect via ipv6. I turn off ipv6 as a standard as I don't need it so it just caused issues as the web interface wants to bind to it. Maybe there is a way round it but I spent hours and never got it to work. Again thanks again for your fantastic channel 😊
Just to clarify because "password" and "passphrase" were used interchangeably here which may explain some of the confusion. It is the pgp key that gets generated for the user at the point of setting up that is actually used for encryption and decryption of the passwords. This is why there is the browser plugin which you referred to. The pgp key itself is encrypted with the "passphrase" (like SSH keys). Hence if you were to decrypt the key and set a new passphrase on it on another device you would have two different passphrases across the two devices. The underlying key is the same. Ive been using passbolt for years and love it. I frankly find the strict security reassuring even if some of it may feel inconvenient.
none is absolute secure, but just because the extension (that handles encryption/decryption offline IN the user device) I can "trust" in Passbolt, is true decentralization. instead of having a database with a common or managed encryption key. we use Passbolt in our company and I can be sure if we have some DB leak, all passwords will be safe. if some user its exposed in some way or his password/s are leaked, the blast radius is smaller.
Thanks DB Tech and really enjoy your channel. Have been using self-hosted, cloud based Passbolt for a while now and for me there are no equals. Gives us the most control and the fact that each browser requires encrytion key and is device specific adds an extra layer of security for us. We use self-hosted Kasm VDIs so encryption keys are always nearby should we need to recover or add a device. Its pure Linux and I really love it!
I was playing around with passbolt the past few weeks. Its not for me I would prefer to keep using vaultwarden + a backup that connected into my Keepass i that Auto uploads once a week to my Gdrive. that way if my home server dies or something else happens, I have a 1:1 copy. I know i can export on phone from vaultwarden but its also nice having anther copy. I think passbolt has some growing pains still as I did a 2ed install of it to toy some more and I could never get it setup again in a new VM/LXC
@@DBTechYT rules of 3-2-1 but I go overkill LXC for vault LXC for keepass Gdrive backup of both database Offsite at my moms place for both then a usb drive that is always on my keys that is excryped with Rclone and then that zip is passwored. been thur 1 fire where I lost data in a self hosted pass so I overbackup these days
Yesterday I searched here for passbolt dbtech because I can't make it work on my server, because you upload this video now? Good even if was because you have bad news to me.
you explained wrongly how that "threat" is working in bitwarden... it's not triggered if you enable autofill, but if you enable a specific option, which is not enabled by default, and even not recomended
I'm using vaultwarden (self hosted of course) and have auto fill turned off. This allows be able to examine the site to see if i can auto fill or not. I know this isn't ideal but until they fix the problem 🤷♂ I thought of changing as you did but like the feature and security (2AF, etc.) of vaultwarden. I set my docker container as persistent storage, so should be able to update it easily enough when the fix comes out.
I tried to just get passbolt running in docker and never could. Glad I didn't spend more time on it. Vaultwarden is what I started with (self-hosting) and will probably be what I always use. If RoboForm ever goes open-source and allows for self-hosted, I would jump on trying that.
It was a little finicky as a newbie, like always i have problems with https. However the instructions where so good i never gave up. It been reliable so far. Been running 4 months and its fun to see big and exciting updates. Which has been easy but not as easy as it could be to update… Idk much about anything else except keepassxc locally. So bitwarden might be much better? But i like passbolt, but its still in BETA! It will be better with time
I see your points. I've been using PassBolt for some time with only a few personal and professional accounts. Seems to work as well enough for us. With just a bit of fiddling I was able to get it up and running. Also integrates quite well with Trafik. Seems pretty solid to me but I am not just your average self-hoster. In regards to being on a customer site and needing a password, the mobile app is great for this purpose. I would not be installing a browser extension on someone else's system and logging into my password management account. One thing I have to say is, back up your Database! I and an employee couldn't figure out why the mobile app kept crashing on us until I got back and looked at the database logs. It had crashed. Not a Passbolt issue really, just databases being databases. Luckily we had a back up from the day before and were up and running again in less than two minutes. The one thing that I really wish they would implement is TOTP support in the password records. That would make it so much more usable for a team. The ability to share password records with a team is very important when dealing with customer sites. When the support accounts require MFA this is not yet a tool that can be used.
id love to see them have the option to be able to use multiple YubiKeys in case one gets lost for example. I myself also use Vaultwarden and would see if it is going to be a Switch or to be used as a Backup of some sort.
If you can't add two hardware tokens it isn't for me. Are you sure you can't? Haven't installed or tried it yet myself.... may give it a go but if I can't add my backup Yubikey as an option I'll try another solution, shame.
I don't think i have ever been able to see other users passwords on my passbolt and I mean like that they exist even at all? only other users passwords I see are the one shared with me and I have had it for a while. My passwords sync across all devices and the mobile experience is good though the mobile auto fill is trash. I'm not sure why my experience was so much different then yours. I do agree the key required every time you log in is a issue, i wish could be disabled if you wanted and the fact that you cannot reset your password if you forget it (master password that is) your accounts just toast! that's pretty bad I get it but still bad.
The simple fact that grouping and field referencing aren't present (at least weren't available in the community version) makes me go naaaah... I'm sticking with KeePassXC with a cloud available file.
Passbolt backup and recovery, It is a nightmare, each user has to keep his private key. Not useful for family neither for an organization. Fully agree with you!!!
play.google.com/store/apps/details?id=com.x8bit.bitwarden this is what I have connected to my VaultWarden server and it has been working great for more than 2 years.
@@ariyanshaikh4907 I honeslty RARELY login to the app on my phone. I don't care how it looks. I care that it works every time I need it to. You can use whatever you want. I just know what works for me
Number the 3rd is FALSE, you only need to do this if you want to get to it from a different browser (on the same machine or another) ...yes, security is the enemy of convenience.
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
When we look at security tools, real security is always at odds with usability. Bitwarden has a nice balance between security and usability. As with all tools, the end user knowledge plays closely with how well the tool is implemented.
I tried passbolt and didn't last more than 5 min before destroyed it and went back to bitwarden.
I probably would have done the same, but I needed content, so here we are LOL :)
@@DBTechYT 😂
everything you have said is a postive thing and shouldnt be considered as negative, sounds like they make it very dificult for anyone not authorised to access you account very dificult.
Greetings from the UK....Love your videos and content...Keep up the great work. I tried Passbolt too and another factor I found was that it requires ipv6 to function properly even if your not going to connect via ipv6. I turn off ipv6 as a standard as I don't need it so it just caused issues as the web interface wants to bind to it. Maybe there is a way round it but I spent hours and never got it to work. Again thanks again for your fantastic channel 😊
Just to clarify because "password" and "passphrase" were used interchangeably here which may explain some of the confusion. It is the pgp key that gets generated for the user at the point of setting up that is actually used for encryption and decryption of the passwords. This is why there is the browser plugin which you referred to. The pgp key itself is encrypted with the "passphrase" (like SSH keys). Hence if you were to decrypt the key and set a new passphrase on it on another device you would have two different passphrases across the two devices. The underlying key is the same. Ive been using passbolt for years and love it. I frankly find the strict security reassuring even if some of it may feel inconvenient.
none is absolute secure, but just because the extension (that handles encryption/decryption offline IN the user device) I can "trust" in Passbolt, is true decentralization. instead of having a database with a common or managed encryption key. we use Passbolt in our company and I can be sure if we have some DB leak, all passwords will be safe. if some user its exposed in some way or his password/s are leaked, the blast radius is smaller.
Was debating giving this a chance. Thanks for doing the work for me there 😂
Thanks DB Tech and really enjoy your channel. Have been using self-hosted, cloud based Passbolt for a while now and for me there are no equals. Gives us the most control and the fact that each browser requires encrytion key and is device specific adds an extra layer of security for us. We use self-hosted Kasm VDIs so encryption keys are always nearby should we need to recover or add a device. Its pure Linux and I really love it!
With RBAC you can now control what users see, so they can't see other users anymore if you set it up correctly.
Which open source password manager can you suggest for teams?
I was playing around with passbolt the past few weeks. Its not for me I would prefer to keep using vaultwarden + a backup that connected into my Keepass i that Auto uploads once a week to my Gdrive. that way if my home server dies or something else happens, I have a 1:1 copy. I know i can export on phone from vaultwarden but its also nice having anther copy.
I think passbolt has some growing pains still as I did a 2ed install of it to toy some more and I could never get it setup again in a new VM/LXC
Thanks for watching and sharing how you handle your setup :)
@@DBTechYT rules of 3-2-1 but I go overkill
LXC for vault
LXC for keepass
Gdrive backup of both database
Offsite at my moms place for both
then a usb drive that is always on my keys that is excryped with Rclone and then that zip is passwored.
been thur 1 fire where I lost data in a self hosted pass so I overbackup these days
Yesterday I searched here for passbolt dbtech because I can't make it work on my server, because you upload this video now? Good even if was because you have bad news to me.
you explained wrongly how that "threat" is working in bitwarden... it's not triggered if you enable autofill, but if you enable a specific option, which is not enabled by default, and even not recomended
This is why there's a blog post linked in the description of the video with more information including links to the original article.
I'm using vaultwarden (self hosted of course) and have auto fill turned off. This allows be able to examine the site to see if i can auto fill or not. I know this isn't ideal but until they fix the problem 🤷♂ I thought of changing as you did but like the feature and security (2AF, etc.) of vaultwarden. I set my docker container as persistent storage, so should be able to update it easily enough when the fix comes out.
Thank you for all your content. Years of following you helped me a lot buildind my home server...
I tried to just get passbolt running in docker and never could. Glad I didn't spend more time on it. Vaultwarden is what I started with (self-hosting) and will probably be what I always use. If RoboForm ever goes open-source and allows for self-hosted, I would jump on trying that.
Really? took me under 10min first try and I was shocked how easy it was to set it up.
I agree. It was easy to set up. I just didn't like the way most of it worked after it was set up.
It was a little finicky as a newbie, like always i have problems with https. However the instructions where so good i never gave up. It been reliable so far. Been running 4 months and its fun to see big and exciting updates. Which has been easy but not as easy as it could be to update…
Idk much about anything else except keepassxc locally. So bitwarden might be much better? But i like passbolt, but its still in BETA! It will be better with time
so which one do you recommend then? open source and that can be used to share credentials?
Very interesting video, thanks
Hey DB, could you do a video about dockerized Unity3D?
Is it the Bitwarden browser plugin or the docker image with the vulnerability?
It's the auto-fill option that is/was an issue
@@DBTechYT So the browser plugin then? I don't know this setting that you are speaking of.
what about buttlecup password manager or proton pass?
I've got no experience with either of them. I only really looked into Passbolt because I had a few different people request it
I see your points.
I've been using PassBolt for some time with only a few personal and professional accounts. Seems to work as well enough for us. With just a bit of fiddling I was able to get it up and running. Also integrates quite well with Trafik. Seems pretty solid to me but I am not just your average self-hoster. In regards to being on a customer site and needing a password, the mobile app is great for this purpose. I would not be installing a browser extension on someone else's system and logging into my password management account.
One thing I have to say is, back up your Database! I and an employee couldn't figure out why the mobile app kept crashing on us until I got back and looked at the database logs. It had crashed. Not a Passbolt issue really, just databases being databases. Luckily we had a back up from the day before and were up and running again in less than two minutes.
The one thing that I really wish they would implement is TOTP support in the password records. That would make it so much more usable for a team. The ability to share password records with a team is very important when dealing with customer sites. When the support accounts require MFA this is not yet a tool that can be used.
id love to see them have the option to be able to use multiple YubiKeys in case one gets lost for example. I myself also use Vaultwarden and would see if it is going to be a Switch or to be used as a Backup of some sort.
If you can't add two hardware tokens it isn't for me. Are you sure you can't? Haven't installed or tried it yet myself.... may give it a go but if I can't add my backup Yubikey as an option I'll try another solution, shame.
I don't think i have ever been able to see other users passwords on my passbolt and I mean like that they exist even at all? only other users passwords I see are the one shared with me and I have had it for a while. My passwords sync across all devices and the mobile experience is good though the mobile auto fill is trash. I'm not sure why my experience was so much different then yours. I do agree the key required every time you log in is a issue, i wish could be disabled if you wanted and the fact that you cannot reset your password if you forget it (master password that is) your accounts just toast! that's pretty bad I get it but still bad.
The simple fact that grouping and field referencing aren't present (at least weren't available in the community version) makes me go naaaah...
I'm sticking with KeePassXC with a cloud available file.
Passbolt backup and recovery, It is a nightmare, each user has to keep his private key. Not useful for family neither for an organization. Fully agree with you!!!
Passbolt sounds and is better than Vaultwarden and for my next trick im am unsubing due to you do not know what you are talking about.
All the best
This beats $50 a year for last pass or whatever, you can’t beat free.
Or you could self-host VaultWarden and have a better user experience and still have a free solution.
@@DBTechYT They don’t have an app in the AppStore.
play.google.com/store/apps/details?id=com.x8bit.bitwarden this is what I have connected to my VaultWarden server and it has been working great for more than 2 years.
@@DBTechYT The Passbolt phone app looks a lot more professional.
@@ariyanshaikh4907 I honeslty RARELY login to the app on my phone. I don't care how it looks. I care that it works every time I need it to. You can use whatever you want. I just know what works for me
Number the 3rd is FALSE, you only need to do this if you want to get to it from a different browser (on the same machine or another) ...yes, security is the enemy of convenience.
Well lemme not waste my time. Thanks.