Open source and easy to use https://www.passwordstore.org/

timvisee · on Sept 25, 2023

I created `prs` which solves a lot of painpoints I had with pass and other clients.

It is compatible with pass and uses the very same store.

rjmunro · on Sept 25, 2023

This is a bit different. It's not a password manager app, it's more a standard for storing passwords encrypted with GPG in ~/.password-store and a reference CLI implementation. Several GUI clients exist to interact with the passwords, as well as tools to import from other password managers etc.

It sounds like a good idea, but I'm worried that a client could be at risk of a software supply chain attack - I don't think I will have the expertise to evaluate each new version.

dewey · on Sept 25, 2023

Easy to use...for computer professionals. Try introducing pass to your family, even 1Password is not easy to set up for regular people. We have a long way to go before everyone is using passoword managers. The more realistic alternative is probably passkeys.

proaralyst · on Sept 25, 2023

Note that pass by design leaks both the websites you have set up and the metadata of the history of each record. This might suit your threat model, or it might not.

zikduruqe · on Sept 25, 2023

If I'm looking in your ~/.password-store directory and see entries named Finanace/, Travel/, Streaming/, Work/... you have bigger problems.

xcdzvyn · on Sept 25, 2023

Could I ask why?

zikduruqe · on Sept 26, 2023

That means I have access to your local machine if I can view your ~/.password-store directory. I might not be able to view or decrypt the contents of every entry, but I still have access to your machine.

xcdzvyn · on Sept 26, 2023

Ah, right, I didn't consider that. Thanks.

fryktelig · on Sept 25, 2023

Wouldn't the attacker need to breach your git server first before that was leaked?

_ugfj · on Sept 25, 2023

Note https://github.com/passff/passff