Interview of Cybernews with Sascha Pfeiffer

Spotting compromised passwords until it’s too late is rather a tough task, there are only some vague and obvious things to look out for.

Unsecured, reused, and weak passwords are one of the main cybersecurity threats that influence not only social media users but also large companies and governmental institutions. Exposed passwords are equal to identity theft, financial losses, and many more long-term consequences.

Now, society is aware of the importance of password managers. Yet, it’s rather difficult to find the most important features to look for, and it’s crucial to know what additional measures improve online security. The Managing Director of Psono password manager, Sascha Pfeiffer, agreed to share his views regarding cybersecurity with the Cybernews team.

Let’s go back to the very beginning. What did the development of Psono look like?

It was in 2015 that I decided to program Psono. No solution existed at that time that would allow a company to host a service on their servers to manage passwords with client-side encryption of all the stored secrets. I talked a lot to my friends about how it should work or what my cryptographic approach looked like and to some aspect probably bored them to death. The first public version was released in 2017 and then extended over time. First with extensions, files, apps for iOS and Android. All that just as a side project, basically my complete free time, weekends, and holidays went into the product. In 2020, I decided that I wanted to pursue this and founded esaqa GmbH which was a tough choice to make at that time. COVID was at its peak and toilet paper was rare… But the choice paid off and we gained quite a few customers even without any real marketing, just people who used our community edition before were purchasing our enterprise product. The election of the new German government with the commitment to users having the right to encryption was a huge relief. Before it looked like the German state could require software vendors to implement backdoors which is now completely off the table.

Can you introduce us to your password manager? What are its key features?

Psono allows you to store and share passwords securely with co-workers and family members. There are a couple of points that make Psono stand out. First, you can host things on your servers. This decentral approach makes it extremely resilient against attacks in comparison to vendors that host things centrally for their clients where a single vulnerability will expose all passwords of all clients. Psono’s stack is open source and as such can be audited for vulnerabilities and backdoors. As a German vendor, we provide user privacy committed alternatives to other solutions. All passwords and other secrets are encrypted before they ever leave the user’s device and can only be decrypted by the user. All entries can be shared with other users and an extensive permission concept with groups allows extremely flexible configurations making it a perfect choice for companies.

What was the vision behind making Psono open source? Can you tell us more about the ins and outs of open source security software?

Being open source is part of our security model. You should not trust any software that you cannot audit. This is especially true for one of your most crucial pieces of software, a password manager. There is of course an intrinsic love for open-source software. When I think back to how I felt when my first Ubuntu booted on my Laptop, I am becoming quite nostalgic. So, we all stand on the shoulders of giants and without open-source software, we all would live in the IT stone age. Being open-source also has other advantages as it provides access to some marketing channels that are exclusively available to open-source vendors.