[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password Manager opinions and recommendations

likcoras <likcoras@riseup.net> writes:

> I think pass (https://www.passwordstore.org/) meets most of your
> requirements. It's a glorified shell script that calls gpg under the
> hood to create passwords that are stored locally (under
> ~/.password-store).

I concur with the recommendation for Password Store, in this case.
(that link again, <URL:https://www.passwordstore.org/>).
Someone who has been manually handling their password database should be
right at home with the Password Store system.

> - It does not have a network component.

Password Store uses Git to store the entries, and Git natively allows
distribution of the repository via SSH or HTTPS (and others, of course).

> - You can transfer individual password files, decrypt them yourself
> with gpg, etc.

This is very important! Our password data is too crucial to be locked
into a custom data format needing a specific tool. Password Store avoids
this by using only standard, general-purpose tools.

> - Very straightforward to decrypt with a simple shell script.
> - Uses pwgen to generate passwords, if requested. You can customize
> generation a bit (no special characters, etc.)

For more useful passphrases I can recommend Diceware or ‘xkcdpass’
<URL:https://pypi.python.org/pypi/xkcdpass>. That's a separate tool
though, Password Store does not yet integrate with it.

> - It does not handle automatic password updates.

True. This could be implemented in a custom client though.

Which raises another advantage of Password Store: it is a description of
a password manager *without* specifying the client. There are many
clients that work with this system, as can be seen at the website.


So I use the ‘pass’ command-line client on some machines, QtPass desktop
client on others, and the Android app (available from the F-Droid app
store <URL:https://f-droid.org/repository/browse/?fdid=com.zeapo.pwdstore>)
to carry them with me.

 \          “Isn't it enough to see that a garden is beautiful without |
  `\      having to believe that there are fairies at the bottom of it |
_o__)                                             too?” —Douglas Adams |
Ben Finney

Reply to: