Techlore Talks Why This Password Manager Requires a Private Key (Passbolt Interview)
11 snips
Feb 14, 2026 Remy Bertot, co-founder of Passbolt and software engineer focused on open-source team password solutions, explains why Passbolt uses a random private key and how granular permissions limit credential leaks. He talks about self-hosting for regulated orgs, phishing-resistant crypto signatures, passkey tradeoffs, and practical choices for team-focused password management.
AI Snips
Chapters
Transcript
Episode notes
Private Key Over Password-Derived Keys
- Passbolt uses a randomly generated private key rather than deriving the encryption key from a user-chosen password.
- This avoids phishing and brute-force risks inherent in user-generated keys, at the cost of some usability and recovery friction.
Use A Password Manager To Prevent Basic Attacks
- Use a password manager to stop password reuse and reduce risk from phishing and credential stuffing.
- Let the manager generate strong random passwords and block fills when the URL doesn't match the stored entry.
Three Deployment Models For Different Needs
- Passbolt offers Community (self-hosted), Pro (paid plugins), and Cloud (hosted by Passbolt) editions.
- Paid tiers add admin productivity features like policies, LDAP sync, and key escrow for enterprise needs.