Passbolt official press releases

Passbolt open source password manager now available on chrome web store

Esch, Luxembourg, November 25, 2016.

Passbolt version 1.3.0 marks the beginning of the solution on the Google Chrome browser. Passbolt is a free and open source password manager designed for collaboration and based on OpenPGP, that was previously only available on Firefox.

The adoption of Chrome as a platform was only natural considering the clear user plebiscite. According to a survey dating from September 2016, 86% of the respondents expressed the wish to see a prompt support from Google browser. These users can now download the passbolt extension on the chrome web store. Users previously using Firefox who would like to switch to Chrome can do so via the already available account recovery functionality.

A browser plugin is necessary for security reasons, mostly in order to guarantee the integrity of the javascript cryptographic library. Indeed, much like Firefox, Chrome extensions are cryptographically signed and subject to a review to check against malicious code. A major benefit of such plugin architecture reside in the separation of the execution environment: the webpage cannot interact with the data stored in the plugin. Such isolation can therefore act as an additional safety mechanism in the case of a compromised passbolt server serving malicious javascript, or an opponent performing a man in the middle attack to modify the javascript on the wire.

The next steps for the solution are the finalisation of the group feature specifications in collaboration with the community and organisation of an independent security audit. In order to support this initiative, the passbolt team has applied to the Secure Open Source Mozilla program. The passbolt team will also be present at the Fosdem in february 2017 in Brussels to gather additional feedback from the users and discuss the future of the solution.

Passbolt open source password manager selected by Luxembourg public agency for innovation

Esch, Luxembourg, October 3, 2016.

Passbolt has been selected by Luxinnovation, the public agency for innovation in Luxembourg, to be part of the Fit for Start acceleration program.

Passbolt is an open source password manager that aims to improve the information security of small and medium organisations. Passbolt promotes the use of strong and unique passwords. It also facilitates collaboration by allowing sharing credentials amongst team members.

Passbolt is extensible, it is composed of a JSON API, a web client and a command line application. Because the encryption is based on the OpenPGP standard, the solution also integrates well with existing email clients (such as Thunderbird Enigmail or Apple Mail) or native GPG command line tools.

Passbolt is also one of the rare web-based solutions that can be self hosted behind a firewall. In the post-Safe Harbor era, data sovereignty is a major preoccupation in Europe and passbolt offers a unique proposition to organizations cautious of the shifting legal context.

Passbolt was originally founded and developed in Goa, India. The core team is now shifting its activities to Luxembourg to focus on the European market. Passbolt is mainly self funded and raised €20,000 from early investors. On top of the €50,000 grant associated with the Fit for Start program, an additional €100,000 is offered by the Ministry of the Economy to start-ups that have both successfully graduated from Fit for Start and managed to raise at least €50,000 of private equity.

Short term plans includes the release of a Chrome Plugin and the development of a Saas offer. Medium to long term plans include an independent 3rd party security audit, the development of mobile applications, as well as new features selected by the early adopters.

Passbolt, a password manager for teams, released under open source licence

Goa, India, May 16, 2016.

Passbolt is an open source password manager that aims to improve the information security of small and medium organisations. This new software helps enforce the use of strong and unique passwords. Passbolt was designed to be easy to use and facilitate collaboration, such as sharing credentials amongst team members.

Sharing passwords is not desirable but is often unavoidable. For example, when a system does not allow for the creation of unique user accounts (e.g. a social media account, a router admin password or shared wifi password). Other times such collaboration is only temporary. For example, the administrator will create the credentials and send them along to the end user, with a note prompting to reset the password.

Passbolt is composed of a JSON API, a web client and a command line application. Passwords are never seen in clear by the server, they are encrypted in the client and sent to the server over HTTPS. Because the encryption is based on the OpenPGP standard, the solution also integrates well with existing email clients, such as Enigmail or GPG tools. The Restful API will allow building an ecosystem of desktop and mobile clients, as well as integration with other authentication and user management systems.

Unlike some other web-based password managers, passbolt requires a browser add-on to work, in order to guarantee the integrity of the cryptographic libraries. Passbolt is also one of the rare solutions that can be self hosted behind a firewall. Since passbolt is free and open source it is also a more affordable option for the large majority of organisations that still do not use a password manager.

Long term plans include the development of mobile applications and the features selected by the end users.