#Cybersecurity
14/06/2022
Today, passwords are still responsible for 95% of data breaches. The need for companies to protect their infrastructure from attacks is more significant than ever. But how can they benefit from comprehensive security? And why have open-source software become the cornerstone of modern development teams?
Max Zanardo, Head of Customer Relations at Passbolt, explains how to address these insecure applications and turn an open-source password manager solution into the ally of tomorrow’s teams.
Voted the best startup by the European Cybersecurity Organization in 2021, Passbolt is an open-source password management platform for team collaboration. Choosing a solution like this means realizing the bad habits we have, especially in lowering our security barriers when we think we are protected.
However, we are regularly required to create profiles on platforms for which we need to create different passwords. And it’s challenging to remember all these combinations! Moreover, the constant resetting of access keys wastes time and implies a significant loss of quality for the company.
No more sticky notes on the computer, Excel documents, or messages between colleagues; it’s time for Password Manager solutions! Despite their various access controls, these solutions are not all entirely secure. Max explains:
“Most existing password management solutions suffer from numerous security limitations, primarily related to the fact that their security model was designed many years ago in an era where the needs were different, and teams were not yet digitalized. Consequently, on one hand, the user experience leaves much to be desired in sharing and collaboration scenarios. On the other hand, from a security perspective, they cannot provide true end-to-end encryption, precise access rights segmentation, anti-phishing protection, or even data control, all of which are natively supported in Passbolt.”
As the first open-source solution, Passbolt is a Luxembourg-based platform that aims to be transparent with its customers. The platform’s source code is available on the internet, allowing interested technical services to easily learn about its operation by downloading it.
In general, it’s worth noting that for maximum security, Passbolt does not operate on a single password sharing system. Each client benefits from their browser extension enabled by end-to-end encryption of all data. Each operation takes place inside your space via your phone, server, etc. Thus, no information passes through a potentially compromised network due to an external attack.
You also have broad visibility of everyone’s roles, the types of rights granted, and the available information. Therefore, it is straightforward to create an audit report since everything is saved in the database and can be accessed at any time.
Why prioritize browser extensions?
Regarding platform management, if you have Linux servers in your premises or use a third-party cloud service, you can take care of the solution yourself, behind your own network and firewall rules. So, you can have full control over the integrity of your data.
Moreover, the tool is available on the majority of existing browsers, greatly simplifying the installation of the application and its adoption by users.
Using Passbolt is straightforward when you take a closer look.
By entering your safe through your security key, you access the platform’s interface, which contains all your resources in different folders.
You are the only one who can access each of your resources. So, if you have sensitive data, you can change access rules by creating subfolders within your existing folders. You also have the option to extend access to your colleagues, specific individuals, or groups, specifying the role you want to assign to each of these people in advance.
Furthermore, each password is individually encrypted for all users.
If you forget the password for your access key to the vault, and your account settings do not allow you to change the initial key, your user account will be deleted before being reinstalled. However, please note that in this case, you will lose all your personal data. Therefore, it’s essential to always create an access key that is easy to remember but strong enough so that no one can guess it.
As you can see, Passbolt offers many features! From standalone use of the application to direct login via your Azure account and more, this young Luxembourg-based startup has more surprises in store for you!
Interested in this solution ?
Revew the webinar (FR)