Passbolt 2023: A Year in Review

As we reflect on the year 2023 at Passbolt, we are filled with gratitude for the continuous growth of the community as well as the team behind passbolt. This year was marked by significant achievements and exciting new features that reinforced our commitment to providing the best collaborative password management experience. Here's a look back at the key milestones and updates that shaped our journey this year.

2023 in Numbers

We kept going strong in 2023 and the numbers speak for themselves:

• 🎂 Celebrated 6 years of existence
• 🤩 Reached 4K Stars on our main Github repo
• 🎉 Crossed 300,000 Daily Active Users, that’s 70% growth in a year
• 🌐 25,000 organizations worldwide are now using passbolt on a daily basis to protect their passwords and collaborate
• 🤝 20+ new product releases 
• 👀 166k average monthly community pageviews and 605 new contributors
• ✅ Tracking at 99.98% uptime (including scheduled maintenance)

January

January started off on a strong note with the release of 3 new items.

Helm chart

Early 2023 we introduced an easier way to install Passbolt with Helm, enhancing the deployment process on Kubernetes environments. This update was a game-changer for teams looking for scalable and efficient password management solutions.

SSO with Microsoft Azure (Pro)

After a few months of hard work, in January 2023 and as part of version 3.9.0 - Bunny, we finally released the first version of our SSO connector, functioning with Azure.

Needless to say, this much demanded feature got adopted rather quickly and to our satisfaction worked like a charm everywhere where it was deployed.

MFA Policies and Self-Registration

Our major release 3.10 brought in the highly anticipated Multi-Factor Authentication (MFA) policies and self-registration features, offering an added layer of security and convenience to our users.

February

In February we participated in the Fosdem in Brussels with a lightning talk, giving a quick overview of the product functionalities, the security model and reviewing the differences with other existing password managers. Fosdem is one of our favorite events, we’ll be back in 2024 as well.

March

Folders in the Community Edition

Our most popular feature, folders, was finally made available as part of passbolt community edition (Passbolt CE).

SSO security audit

As it is usually the case for big features, the SSO feature got fully audited by Cure53, with flying colors. As usual, the security audit report got entirely published on the passbolt website.

Action logs in syslog (Pro)

As part of v3.12.0 - Introspective, it became possible to customize passbolt to output the action logs in syslog or a file, giving administrators more control and visibility on what is happening on their instance and leverage other tools for threat and unusual activity detection.

April

Joining the FIDO Alliance

2023 was also the year Passbolt proudly joined the FIDO Alliance. This strategic move underscored our dedication to enhancing security standards and promoting a passwordless future. Our team attended two plenary sessions, in Dublin and Carlsbad in 2023. As one of the rare Open Source companies present, we're trying our best, at our humble scale of course, to hold the internet giants accountable to their promise of building a web that is safe and interoperable.

In April the team also attended the FIC (Forum International of Cybersecurity) in Lille. We are happy to announce we’ll also be back this year!

May

New major version: v4.0.0

May marked the release of a major version: v4.0.0 - Get Up, Stand Up, with the support of PHP 8.2 and the release of a brand new LDAP connector.

SSO Integration with Google

After Azure, we integrated Google as part of the supported providers for our SSO connector.

June

Windows desktop application

In June we finally released the long awaited Windows Desktop application, initially as a developer-exclusive release. The app has now evolved and is currently available directly in the Windows Store.

July

Role-Based Access Control (RBAC)

Mid-year, we introduced the first iteration of Role-Based Access Control (RBAC), a feature that drastically improved how teams manage access permissions at the UI level, ensuring both flexibility and security.

August

LDAP audit

In August, we carried out another security audit for the new LDAP connector, in collaboration with Cure53. Once again, the full audit report was made publicly available on our website.

Improved Grid

The improved grid view was another highlight, offering a more intuitive and user-friendly interface for managing passwords efficiently.

Password policies

As part of v4.2.0 - The man who sold the world, we released password policies,which allows administrators to control a range of password-related settings.

September

TOTP

In September, we added a feature for collaborative management of third-party Time-based One-Time Passwords (TOTPs), marking a significant step in improving collaboration for a wider range of credentials.

CakePHP Annual Conference

In September we also hosted, in partnership with CakeDC and Technoport, a satellite event with a streaming feed from Luxembourg for the CakePHP annual conference, the Cakefest. It was a great opportunity to celebrate with the CakePHP community and core contributors. We’re looking forward to the next cake cutting ceremony!

October

All things open

In October we attended All Things Open, in Raleigh USA. It was a great opportunity for us to connect in person with the community in North America, and with partners and other instrumental organisations such as Suse, Almalinux and the Free Software Foundation.

November

Growth Academy & OSX

We also attended the last in-person meetup of the Google Growth Academy Cybersecurity program. We were invited for the inauguration of Google's new Safety Engineering Center, and we had a blast connecting with Google's cybersecurity team and the founders of VirusTotal, as well as the other startups that were part of this acceleration program.

We also attended the Open Source Experience in Paris. We were able to connect with a lot of like-minded people from the booming European Open Source scene. It was great catching up in real life with members from Rudder, VLC, XWiki, LinuxFR, April and many more.

Suspended User

To provide administrators with more control, we introduced the suspended user feature, allowing temporary restriction of user access when needed. Read more about it in the dedicated blog article.

Generic OAuth/OIDC SSO

Further enhancing our SSO capabilities, we added support for OpenID Connect, a widely-adopted identity layer on top of OAuth 2.0 and OpenID.

Looking forward to 2024

Here are some of the features to expect in 2024:

• Custom fields and additional content types
• Audit logs and reports
• More improvements to the UI, including the support of icons and search in folders.
• Passkeys support (yeah!!)
• And more cool stuff!

Learn more about future features on the roadmap section of our website. Want to request a feature? Make a suggestion here.

As we embark on a new year, we extend our heartfelt thanks to our vibrant community. Your feedback, contributions, and support continue to be the driving force behind our innovations. We're excited for what's ahead in 2024 and beyond, as we continue to evolve Passbolt in collaboration with you all.

Stay up-to-date with passbolt. Subscribe to our newsletter, join our community forum, or find us on Twitter, Instagram, Mastodon, GitHub, Reddit, LinkedIn, and YouTube.

Here's to a year of small joys, big hugs, and a world that's a bit kinder to everyone. Cheers to peace and good vibes in the days ahead.

The Passbolt Team