Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I found pass [0] to be extremely useful especially if one is using OpenPGP (e.g. GPG) already. For desktop there is QTPass [1] for Android Password Store [2]. There is pass-otc [3] for storing TOTP secrets. There is browser pass extension [4] for Chrome and Firefox. Coupling this with hardware token such as Yubikey one can require PIN and touch input to decode password. In the same time the password repository can be stored in private bitbucket git repository.

Personally it's a perfect combination of security and convenience. The design is incredibly simple, if all these apps fail I can just use gpg to decrypt secrets.

The only downside is that filenames are stored unencrypted in git repository so Bitbucket can see what sites do I use but can't see usernames or passwords (obviously).

[0]: https://www.fossmint.com/pass-commandline-password-manager-f...

[1]: https://qtpass.org/

[2]: https://play.google.com/store/apps/details?id=com.zeapo.pwds...

[3]: https://github.com/tadfisher/pass-otp

[4]: https://github.com/dannyvankooten/browserpass



+1 for pass. I've been using it on Linux and iOS without a flaw. Using a private git repo to automatically sync between devices. It all works flawlessly.


>The only downside is that filenames are stored unencrypted in git repository so Bitbucket can see what sites do I use but can't see usernames or passwords (obviously).

there's an extension to fix that:

https://github.com/roddhjav/pass-tomb


But then won’t compatibility with implementations of pass on other platforms suffer?


Keybase provides free encrypted git repos that even they can's access.


Can't be used on Android (Password Store app uses jgit which doesn't support remote helpers[1]; libgit2 is also not an option at the moment[1][2])

[1] https://github.com/zeapo/Android-Password-Store/issues/344

[2] https://github.com/keybase/client/issues/9458


interesting. First time I heard about pass! Maybe it's a good thing to combine this with encfs (reverse for backup only) or encrypted git from Keybase https://news.ycombinator.com/item?id=15401211


I have been using pass for months now and love it. I use a private git repo to synchronize my passwords to multiple computers of mine (Chromebook and two Macs) plus my iPhone without any major issues and it is completely free.

I was wondering if anyone has more details about setting up and using a hardware key like the Yubikey in conjunction with Pass works?

edit: removed a redundant part that parent already mentioned


> I was wondering if anyone has more details about setting up and using a hardware key like the Yubikey in conjunction with Pass works?

Find a guide on using Yubikey with gpg (such as this one [0]) and if you configure it it will work seamlessly.

Enabling touch-to-decrypt [1] can also reduce risk of decrypting stuff without you noticing.

[0]: https://www.yubico.com/support/knowledge-base/categories/art...

[1]: https://developers.yubico.com/PGP/Card_edit.html#_yubikey_4_...


Which one do you use on a Chromebook (I assume on ChromeOS)? Because I've seen only extensions that require installing regular pass so probably on a Linux machine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: