I've used this for a long time, and along with its Git integration (pushing/pulling to/from a repository on my own server, accessed over SSH) and a GPG key stored on a Yubikey Neo, I've got basically seamless sync between two laptops, a desktop and an Android phone, without using any third-party service.<p>The "Password Store" app on Android is compatible with `pass` and supports Git and NFC for using the Yubikey Neo to decrypt the passwords.
I recommend using Pass or Keepass, because we can see the source code. But like all these password managers, you need to synchronize your password vault.<p>If you do not want to synchronize your vault among all your devices, but still want to have a unique password per site, try LessPass[1]. LessPass is a stateless open source password manager.<p>Disclaimer I am the creator of LessPass<p>[1] <a href="https://lesspass.com/" rel="nofollow">https://lesspass.com/</a>
Pass is pretty awesome, but nowadays I've switched to gopass: <a href="https://github.com/justwatchcom/gopass" rel="nofollow">https://github.com/justwatchcom/gopass</a> - much better support for teams, structured secrets, binary secrets and quite a few other improvements. Oh, and it's (mostly) drop-in compatible.
I use pass and love it. It provides a lot of flexibility. To fix the "website metadata is leaked in filenames" issue, I use another project by Jason, ctmg[0]. I changed the pass directory to be one directory deeper, encrypted it and just do `ctmg open` when I boot to open my password list (similar to unlocking a keypassX store) then use pass as normal. On shutdown, the opened folder is re-encrypted automatically. You could also set a ctmg close on a timer if you don't want the list to be available during your entire session after open.<p>Other things I do:<p>* store all the files as .toml files so I can rip specific keys with a custom script.<p>* Have a directory for web so `pass web` will give me all websites. Have a script to fill username pass for each.<p>* Have a directory for contacts. Then wrote a script to generate vCard files by crawling and pulling keys, base64 profile images and all.<p>* use syncthing to keep all devices up to date.<p>It's pretty slick workflow IMHO<p>[0] <a href="https://git.zx2c4.com/ctmg/about/" rel="nofollow">https://git.zx2c4.com/ctmg/about/</a>
Note that pass was developed (and is maintained) by Jason Donenfeld (zx2c4), the same person who developed Wireguard, the new VPN protocol.<p>Not that my opinion is worth a whole lot, but this is the password manager I would choose to use if I wasn't using 1Password. Where many other password managers use convoluted constructions with (e.g.) AES and PBKDF2, this is very straightforward GPG.
I don't like the fact someone with access to my hard-drive can figure out all the services I'm using just by looking at the filenames.<p>It's convenient yes, but I prefer one encrypted file that contains it all.
With all the discussion about 1password and its decision to "more or less" move to the web and a subscription based model, I had a TODO to look at what the open source community had; especially regarding browser plug-ins, mobile apps, etc. I don't understand why a simple problem like password management, needs a subscription and a private company to create software for the problem.<p>This post seems to have saved me the trouble of Googling myself. I am installing on the Mac and iOS as we speak.
I love Pass, but the problem I've had is that I always feel like I have to spend a bunch of time setting it up when I'm on Windows.<p>I understand it's the standard <i>UNIX</i> password manager, so I suppose I don't have a ton of room to complain, and most of my computers are Mac or Linux, so it's not a huge deal, but I think it increases the barrier of entry a ton of people.<p>That said, I think Pass is awesome, and having my passwords stored in Github makes me really happy.
Using this and something like rofi-pass:<p><a href="https://github.com/carnager/rofi-pass/" rel="nofollow">https://github.com/carnager/rofi-pass/</a><p>Gets me really close to the holy grail of password managers. Browser integration is possible too with PassFF:<p><a href="https://github.com/passff/passff" rel="nofollow">https://github.com/passff/passff</a>
How does this compare to other popular solutions? Specifically, KeepassX / Keepass2 which are the most common solutions I've seen most Unix / Linux users employ. Can we objectively state which one is a better solution?
I've been using password managers for while now, but I've recently discovered pass-rotate: <a href="https://github.com/SirCmpwn/pass-rotate" rel="nofollow">https://github.com/SirCmpwn/pass-rotate</a><p>It's basically a rotation manager ! Very powerful and lets you properly change your passwords regularly on many websites (like the proprietary Dashlane Password Changer or Lastpass' similar feature).
I wrote a similar password manager (without knowing that pass already exists): <a href="https://github.com/snoack/mypass" rel="nofollow">https://github.com/snoack/mypass</a><p>But I ended up storing everything into one single encrypted file, rather than having one file per password. Though I see the point about the UNIX philosophy (i.e. "everything is a file"), but that way you'd leak information, i.e. what the passwords stored are for.<p>Anyway, I'd appreciate any feedback on mypass.
I've seen pass mentioned like a million times but I didn't realize there were so many third party extensions for it, the comments here are pretty helpful. Thanks for the submission!
Related: hunter2[0], a password manager which uses a smartcard to manage the keys for each password, and supports multiple users.<p>[0] <a href="https://chiselapp.com/user/rkeene/repository/hunter2/" rel="nofollow">https://chiselapp.com/user/rkeene/repository/hunter2/</a>
I started with pass and switched to gopass because it automatically pushes new passwords to your remote git repository.<p>I use a fish script to hook it up to <a href="https://github.com/junegunn/fzf" rel="nofollow">https://github.com/junegunn/fzf</a> for easy search and copying to the clipboard. <a href="https://github.com/zabil/thanksforallthefish/blob/6145e98691312361a18cfcdb6eaaf7b2f0a13fce/p.fish" rel="nofollow">https://github.com/zabil/thanksforallthefish/blob/6145e98691...</a>
I've been using pass for a long time now. I have over 200 passwords stored.<p>I like it because you can use it to store sensitive info along with metadata, not just single field passwords. It's also super easy to access the info on the command line with ways to auto-copy passwords to your clipboard (which expires after 45 seconds).<p>I did a write up on it a while back at <a href="https://nickjanetakis.com/blog/managing-your-passwords-on-the-command-line-in-linux-with-pass" rel="nofollow">https://nickjanetakis.com/blog/managing-your-passwords-on-th...</a>.
I use pass on all my devices. IOS, chromebook and cli. I freaking love it! passforios is still on testflight but so good. Only a few issues with passforios:<p>- It forgets my github password everytime i upgrade
- I honestly don't like the fact that I can't turn off the pin. 4 digits with unlimited retries.
- It can't merge sometimes. I think they should be more aggressive about git rebase
I'm currently a Lastpass user. I know, trusting them to store my passwords is probably not a great idea but it works on Windows, macOS and Linux and my iPhone with no problems at all.<p>Would I like to move to something that isn't stored online? Yes, of course but I haven't found a decent solution that works everywhere.<p>Any recommendations?
I think pass is awesome if you have the workflow that supports it, but for the vast majority (myself included) it's entirely too difficult to setup and maintain. Particularly if you're using Windows regularly.
I've been using this for a while and am very happy. Especially the ability to use a private git repository for synchronization of laptop and desktop makes this convenient.
If you're using XMonad, you definitely want to use the pass addon in the xmonad-contrib package: <a href="https://hackage.haskell.org/package/xmonad-contrib-0.13/docs/XMonad-Prompt-Pass.html" rel="nofollow">https://hackage.haskell.org/package/xmonad-contrib-0.13/docs...</a><p>I would claim that there isn't a more convenient password management solution than this.
Alright guys, I tried using this as I was curious, and miserably failed.<p>Found out I needed GPG, and some encryption key or ID and whatnot. I have no clue what these things are and would like to know.<p>How can I learn about this encryption stuff like keys and RAS and whatnot? (Books n Articles)
For those interested, I've been working on something similar but for
journal entries instead of passwords. [1]<p>[1]: <a href="https://github.com/schollz/gojot" rel="nofollow">https://github.com/schollz/gojot</a>
If anyone needs a quick tutorial on pass I wrote about some it's features a while back <a href="http://tuxlabs.com/?p=450" rel="nofollow">http://tuxlabs.com/?p=450</a>
Anybody else here simply hashing their master password with the domain name of the website?<p>I think this is something the browser should offer by default.