Luxembourg-based startup Passbolt has created a password manager to address a common problem we all face, from individuals to small and large companies: how to deal with multiple passwords without risking a breach of privacy? With 30,000 current active users and the goal of reaching 100,000 by the end of 2019, Passbolt intends to win over IT teams to become the standard in password management. We met with Kevin Muller, CEO, to chat about Passbolt and cybersecurity as a whole.
Photo: Cédric Alfonsi, Kevin Muller and Rémi Bertot, Passbolt’s cofounders / Credits © Anna Katina / Silicon Luxembourg / Anna Katina
Can you explain to our readers the cybersecurity issues linked to password management?
It is commonly known nowadays that to efficiently protect our computers, we need to come up with complicated passwords: over 12 characters long, and combining figures and letters.
That being said, cracking passwords is still one of the main methods of hackers! And, most importantly, having a complicated password is sometimes not sufficient, especially if it needs to be shared among colleagues. That’s the real risk.
A majority of companies still work with shared passwords, either because unique passwords are too expensive or not possible. Those joint passwords are then listed on an excel sheet in an open file. That is the worst practice to implement!
On our platform, employees choose with whom they want to share their passwords, grant them access and trace when and who effectively used the information.
What’s the story behind Passbolt?
A few years ago, we were running a web agency in New Delhi with over 60 employees. Each time we had a new project coming in, we needed the access codes to connect to our clients’ servers. We quickly started to face some real issues. Imagine that those passwords were sent to us via emails or skype, and then redistributed among our team via emails again! This process was time-consuming and a major risk in terms of security.
We then decided to develop an open source software, for our internal purposes only, to safely manage all the passwords within our team. After a few months, many of our clients asked to use this software as it was clearly answering a practical problem they were also facing.
In 2016, Passbolt was ready to be commercialized as a free and open source software for all. Our goal is to have this free software downloaded on millions of computers in the coming years!
Since April 2018, we also offer a paid service, Passbolt Pro, with more functionalities.
“Over the course of 48 hours, hackers from the YWH’s community tried to hack our system. Good news: they all failed!”
How does your product work?
Our solution is geared toward IT teams that need to use shared passwords and want to protect themselves. Our product is appreciated by tech experts who understand open source, know how to integrate a software in their infrastructure and require high flexibility. That’s the strength of Passbolt! The software can be either used through our cloud or on location! That was key for us since the beginning.
You need to understand that data protection is paramount for anyone, but companies have to trust a software company like ours to ensure that their data is safely secured.
Our choice of open source was dictated by our strong belief that privacy by design is essential when we deal with cybersecurity. We therefore propose two options to host the software (in house or on our cloud) to ensure the easiest application.
One important point for us lies in the fact that we do not use any trackers within our clients’ software. Most of our competitors use trackers for marketing purposes to better identify the needs of their clients. We have chosen not to pursue this route, once again to gain our clients’ full trust.
We’ve discussed customer protection, but how do you ensure that your product is protected against cyberattacks?
We take the security of our product incredibly seriously and want to deliver the safest solution possible.
Since the beginning of this adventure, even before GDPR, our data only went on European clouds. We also have a robust cryptographic algorithm to protect our data. Even in the highly unlikely case that we experience a breach, hackers could not use the data because we use asymmetric encryption.
For the first time last year, we participated in the Bug Bounty program, hosted by Yes We Hack (YWH) and sponsored by Qwant. Over the course of 48 hours, hackers from the YWH’s community tried to hack our system. Good news: they all failed!
No one can ever claim that their software is 100% safe, and we don’t either, but we are doing everything we can to ensure our clients’ the best protection possible. Part of our budget is therefore dedicated to Bug Bounty, and we will repeat this exercise every year.
“Data gives power to its owners!”
Finally, what’s your view on the question of European Sovereignty?
We need European sovereignty to create our own system to counterattack cyberterrorism. This is vital to have more and more actors in this battle.
In the upcoming years, the war will take place in the digital world and only the ones with lots of data will win. We still have major leaks and this cannot happen anymore. Data gives power to its owners!
We need to give back sovereignty to our clients to strengthen Europe. That is essential.
