We put Passbolt password manager to the test for plan value, compatibility, features, and security. See why The Password Manager rated Passbolt 4.2/5.
By: Gunnar KallstromHead of information systems and cybersecurity research
Updated August 4, 2023
Passbolt: A Quick Overview
Bottom line: 1Passbolt’s commitment to security, self-hosting flexibility, and open-source nature make it a compelling choice for privacy-conscious people and organizations. However, it may not be the ideal solution for those seeking mobile app support or full-fledged customer support in a commercial password manager.
Who should choose Passbolt? It best suits individuals, small to medium-sized businesses (SMBs), or tech-savvy teams seeking a self-hosted, secure, and cost-effective password manager.
Passbolt’s Editor Rating
Overall: (4.2)
Passbolt earns its rating with great two-factor authentication (2FA), a robust free version, and (almost) universal availability. Its only big stumble is in form filling and a lack of desktop versions (which should be coming soon).
People praised Passbolt’s end-to-end encryption and self-hosting, which gave them complete control over their password data, reducing reliance on third-party services. However, some people without technical expertise found the process of self-hosting Passbolt challenging.
Passbolt standout features
Support
Email
Phone
Lightweight Directory Access Protocol (LDAP) synchronized user directory
Slack
Audit logs
Mobile apps
Best for
Larger businesses or companies looking to scale
Promotion
Free community version
What Are the Pros and Cons of Passbolt?
Passbolt has several attractive options that make it a good choice for individuals and businesses alike. But it’s not the best choice for everyone. Here are the details of its pros and cons:
Pros
Free and open-source community version: Depending on the size of your business and the features you need, the free version may be all you need.
Great support: Passbolt has various support options, including email or phone support, LDAP synchronized user directory, Slack integration, audit logs, and mobile apps.
2FA for all versions: Multi Factor Authentication (MFA) is available even for the free Passbolt Community Edition (CE) users.
Cons
No form filling: If you’re looking for a product that can automatically fill in forms, Passbolt comes up short.
Self-hosting means more responsibility: Ensuring proper server security, updates, and maintenance falls on you, which may pose challenges for those without technical expertise.
Who Should Choose Passbolt?
Step1.Individuals: Those looking for an open-source password manager with strong security features will be well served by Passbolt.
Step2.Mid to enterprise-level businesses: Passbolt will appeal to those who prioritize complete control over their company’s password data and value the advantages of its open-source software.
Passbolt Plans and Pricing
Overall: (4.5)
One of the most significant advantages of Passbolt is its free and open-source version, allowing you to self-host the password manager without any subscription fees. The free version is suitable for individuals and small teams. But larger organizations may find the lack of dedicated support and advanced features limiting and may need to move up to the paid product. Thankfully, it scales super well for growing businesses.
It’s also worth noting that since Passbolt is based in Europe, all prices are in euros. If you are outside the EU, you’ll be subject to shifting exchange rates.
Community version
Business version
Enterprise version
Price
Free
€ 45 per month (around $50 USD)
Contact for a quote
Best for
New users
SMBs
Enterprise-level businesses
Free trial
N/A
14-day
14-day
Platform compatibility
Chrome, Firefox, Edge, Brave, iOS, Android
Chrome, Firefox, Edge, Brave, iOS, Android
Chrome, Firefox, Edge, Brave, iOS, Android
Autofill capability
Yes
Yes
Yes
Guest accounts
No
No
No
Number of passwords
Unlimited
Unlimited
Unlimited
Password sharing
Yes
Yes
Yes
2FA
Yes
Yes
Yes
Account recovery
Yes
Yes
Yes
Support types
24/7 email support, phone support, LDAP synchronized user directory, Slack integration, audit logs, and mobile apps
24/7 email support, phone support, LDAP synchronized user directory, Slack integration, audit logs, and mobile apps
24/7 email support, phone support, LDAP synchronized user directory, Slack integration, audit logs, and mobile apps
Encryption
OpenPGP
OpenPGP
OpenPGP
Reporting capabilities
No
No
No
Single sign-on (SSO)
No
Yes
Yes
Passbolt Platform Compatibility
Overall: (4.0)
The latest version of Passbolt runs via browser or mobile device and is compatible with:
Step1.Browsers (Chrome, Firefox, Edge, Brave)
Step2.iOS
Step3.Android
Passbolt is accessed using a browser or mobile through apps on mobile devices. While most major browsers are supported to ensure access to the most potential customers, there’s still a conspicuous absence on this list — Safari. While both Chrome and Firefox can be installed on a Mac, it’s still odd it supports Brave instead of a browser that comes preinstalled on every Apple computer.
The team is working on a desktop version of its software, which should hit the market this year.
Passbolt UX
Overall: (4.0)
Well designed and easy to use, but could easily feel overwhelming to the inexperienced.
Passbolt’s UX is intuitive and easy to navigate, especially for people familiar with other password managers. It provides a straightforward approach to managing passwords and individuals within a team.
However, this focus on teams and sharing is something of a drawback for the individual who is unlikely to use such features and ends up cluttering the UX a bit. This could easily overwhelm new users just getting into password management and could send them looking elsewhere.
Passbolt Form Filling
Overall: (3.0)
Automatic logins work great, but form filling is completely absent from the party.
Passbolt simplifies automatic logins by securely storing and managing login credentials, making it convenient to autofill login information on websites. I found that it worked well once everything was set up and my passwords had been imported and I seldom ran into issues.
However, the form-filling functionality doesn’t exist. No address forms, no payment options, nothing. If that’s something you consider necessary for a password manager, this is a big deal breaker.
Passbolt Security
Overall: (4.5)
Great features, but can require some upkeep.
Passbolt uses OpenGPG encryption to protect your passwords. It has undergone several security audits like Service Organization Control (SOC2) Type II. Passbolt does not include any tracker and uses end-to-end encryption to protect your account from credential stuffing. Additionally, the open-source nature of Passbolt allows for community audits, which enhances transparency and security.
However, self-hosted solutions come with responsibilities; ensuring proper server security, updates, and maintenance falls on you, which may pose challenges for those without technical expertise. This probably won’t be a problem for a business with a dedicated IT department, but it could be a hassle for the everyday user.
Passbolt Two-Factor Authentication
Overall: (5.0)
Lots of great options make 2FA Passbolt’s strongest point.
Passbolt offers MFA for all CE users. You can set up MFA using various methods, including Duo, TOTP (Google Authenticator, Authy), and YubiKey (with Yubico Cloud).
But Passbolt offers some of the best 2FA/MFA support of any password manager I’ve reviewed. It’s leaps ahead of most of the competition.
Recent Improvements to Passbolt
Passbolt is committed to continuous improvement and providing the best security available. It has recently released version 3.9.0 which includes:
Step1.SSO in Alpha for all Pro users
Step2.MFA for all CE users
Compare Passbolt Alternatives
Passbolt is a strong contender for password management, but competitors including Dashlane, Keeper, RoboForm, LastPass, and NordPass could be a better fit.
Consider NordPass if: You want the same packages for your family and business.
Starting price: $2.49 per month
Platform compatibility: Windows, macOS, Linux, Android, iOS, and popular browsers, such as Chrome, Firefox, Edge, Brave, Opera, and Safari
Security: XChaCha20 encryption algorithm and a zero-knowledge policy
Secure data sharing solution
Safe sharing of login details
Real-time breach monitoring
Data breach scanner
FAQs About Passbolt
What are the cons to Passbolt?
The biggest disadvantage of Passbolt is the lack of support for cards, notes, addresses, pins, and more. Only password credentials can be stored in Passbolt. Adding such a feature would be a great improvement to the app.
Can Passbolt be trusted with my information?
Passbolt is considered stable and has undergone several security audits, like SOC2 Type II. It is used by thousands of companies that trust it for storing their passwords. Passbolt does not include any tracker and uses end-to-end encryption to protect your account from credential stuffing. Even if an attacker manages to trick you into providing your passphrase, they won’t be able to access your account.
Can I use Passbolt for free?
Yes, Passbolt CE is 100% open source and free to use. You can download it from its website and even install it on your server.
Is it worth paying for Passbolt?
It depends on your needs. CE is free and open source, but if you need additional features like email or phone support, LDAP synchronized user directory, Slack integration, audit logs, and mobile apps, you may consider the fully hosted enterprise plans.
Where does Passbolt store my passwords?
Passbolt uses OpenGPG, a standard that provides a combination of strong public key and symmetric cryptography. While all of the information is stored on servers, Passbolt can never see your passwords in plain text — to the company, it will always be encrypted.
What Is Passbolt the Company?
Passbolt is an open-source password manager project initiated and developed by a community of contributors rather than a formal company.
The history of Passbolt as an open-source project traces back to its first public release in 2015. It was created to address the need for a self-hosted and auditable password manager, especially for teams and organizations prioritizing data privacy and security. The development of Passbolt has been driven by a group of dedicated developers and contributors who believe in open-source principles.
Our rating process involves a thorough and detailed study of the various features stacked against the competition. I looked at the multiple facets and features provided by Passbolt compared to other significant industry players through direct testing to ensure an accurate rating. I’ve also applied my experience using Passbolt to provide a user’s perspective.
I signed up for a plan with Passbolt to test:
Plan value: Most password managers offer various subscription plans from free to around $20 per month. While free plans may be sufficient for some, those that need more functionality may prefer paid plans.
Platform compatibility: You likely access your online accounts from multiple devices, including desktops, laptops, tablets, phones, as well as through different web browsers. Your password manager should be compatible with various devices, operating systems and browsers, and sync seamlessly between them all.
UX: This is how you interface with all the features and functions of your new password manager — if it’s bad, you’ll be less likely to use the service. While this is a highly subjective category and some will disagree, it’s important to provide an overview based on my experience.
Form filling: A password manager doesn’t have to include form-filling, but it’s somewhat standard and the ease with which it performs that function can be the deciding factor in which password manager you ultimately choose.
Security: Since a password manager is first and foremost a security tool, it should come with all of the most up-to-date standard security features. This includes the highest level of available encryption (256-bit AES with PBKDF2-HMAC-SHA512); 2FA, such as biometric logins or multi-factor authentication, and a password generator.
Two-factor authentication (2FA): Used all over the internet to protect your accounts, this is quickly becoming a standard security practice. 2FA is a great way to secure more sensitive accounts to ensure they’re not breached.
Kallstrom is a Cyber Team Lead for a DOD contracting company in Huntsville, Alabama, and has also worked as a computer network defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.
He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.
Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.
Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).