I have been using LastPass as my password manager for quite some time and I was very happy with it. In the matter of fact I was so happy with it that I recommended it to anybody and everybody, even if they didn’t asked me about it. So what changed my mind about LastPass?
It is true that LastPass provides you with high level of convenience with managing your passwords. They have add-ons for different browsers, applications for mobile phones etc. and, in opinion of many, have high level of security. Some of those things can be positive and some may be negative, depending on your point of view. Since I have been considering taking control over my passwords again I started to searching for a new solution, and there it was: pass
(www.passwordstore.org).
Pass is simple command line utility for managing your passwords. It uses gpg as a backend and all of the passwords are stored in the separate, gpg encrypted files, so if you ever wanted to decrypt your files on a machine without pass
utility installed you can always use:
gpg -d path/to/file.gpg
and decrypt it and all you need for that is your private gpg key used to encrypt it. You can even encrypt files with multiple keys which can be useful if you need to share some of your passwords with someone.
Among other features pass
can also copy your password directly to your clipboard by using:
pass -c category/name-of-the-site
command and thus remove the possibility for someone to look over your shoulder and find out your password that way. Although, I have to notice that this feature does not work in Wayland since it uses X utility called xclip
. If you know some Wayland alternatives for xclip
please drop me a line ;-)
And what about syncing? Well, plain and simple, to sync my passwords across all of my devices I use private ownCloud instance that syncs them to devices that need access to those files.