The Standard Unix Password Manager: Pass

Searching for the password manager holy grail

Too many "forgot your password" screens finally beat me. It turns out that relying on your brain to remember all those intricate combinations of letters, numbers, and symbols is a bit like trying to juggle flaming torches – entertaining at first but inevitably leading to a fiery disaster. After one too many lockouts and a growing collection of passwords, I surrendered. I've waved the white flag and embraced the marvels of technology – the almighty password manager.

In the password managers' digital ocean, finding the perfect tool can be challenging. And for someone like me, settling for the standard solutions is as likely as convincing a cat to take up swimming – it's just not happening. Call me picky, call me demanding, but I firmly believe that the product should bend over backwards to cater to my needs, not the other way around.

What I'm about to unravel here is different from your typical password manager as you know it. This is for the digital aficionados and the encryption enthusiasts but not for the average Johny. In case you don't know, Johny can't encrypt. Read Johny's story here.

Alright, buckle up because we're about to embark on a journey into the realms of computers. Brace yourself for Public Key Cryptography and Version Control. Now, if you were expecting a dazzling graphical user interface to hold your hand through this adventure, I regret to inform you that we're taking a detour through the good old shell. If the mere mention of these concepts is causing your stress levels to skyrocket, take a moment. Step outside, hug a tree, let the breeze whisper sweet nothings to you, and skip this article.

For those of you still hanging on for the ride, let me tell you how this password manager saga kicked off. Since I am a black belt in professional Google searching, my first instinct was to Google my way out. I discovered lots of password managers, including paid and free solutions such as Bitwarden, 1Password, KeePass, and LastPass, to name a few. Don't get me wrong; these password managers came dressed to impress with their well-structured apps and slick user interfaces. But call me a minimalist or just crazy; this is overkill for a password manager app. I needed something more minimal, and not to mention less likely to overwhelm me with options. Because, let's face it, who needs a password manager that makes coffee? Not this guy. My needs lay elsewhere.

So, here's the breakdown of what I expect from my password manager:

1. First and foremost, my ideal password manager should be simple and efficient.

2. It's not just about remembering passwords; it's about safeguarding a vault of secrets. I'm talking emails, PINs, passwords, Bitcoin wallet passphrases – you name it. If it's secretive and text-based, the password manager should work with it.

3. My perfect password manager should be offline and self-hosted yet capable of syncing across platforms, including mobile devices.

4. The password manager should be a chef generating passwords. As the client, I want to be able to control the password type (phrase or string), length, and the inclusion of symbols, letters, or numbers. Passwords must be unique based on secure pseudo-random generators offering good entropy.

5. Mistakes happen, especially in the world of passwords. Accidentally delete or update a password? No biggie. A password manager needs a fail-safe to roll back when mistakes are made or when you need to check on your previous passwords. Hence, a rock-solid version control system for passwords is required.

6. I demand order in the chaos of my passwords. Grouping passwords into categories is a must. Besides that, editing, renaming and moving passwords around is out of the question.

7. Security is non-negotiable. My password manager should be the Fort Knox of digital fortresses, adopting top-notch encryption standards backed by concrete cryptography primitives. No compromises, no shortcuts.

8. A password manager should gracefully handle an "infinite" number of passwords because, let's be honest, who counts after a certain point?

9. Last but not least, if a password manager is free, that's the cherry on top. Because in the grand scheme of things, free stuff just feels better, like finding money in your pocket you forgot about – it's a win-win.

Alright, it's time to dive into the juicy bits of this password manager extravaganza. Picture this as the grand unveiling of the holy grail of password managers – none other than pass the acclaimed "standard Unix password manager." If you're not feeling the excitement yet, trust me, you're about to.

pass is a FOSS ( Free Open Source Software ) project, proudly adopting the Unix philosophy. Picture a digital universe where all your passwords reside in a directory, with subdirectories and files creating a symphony of organised chaos. Each subdirectory is a category, while the files represent the sacred scrolls of your passwords. You might observe below a sample vault structure.

The real game-changer is the power of native Unix commands. You have tools such as "cp" and "mv" at your fingertips to help you move everything around. Ingesting new passwords? A simple pass insert <pass path> will do the trick. Need to tweak a password? No problem, just summon pass edit <path>. And for the dramatic exits – a smooth pass rm <path> to obliterate a password that's overstayed its welcome.

"But how on Earth is this Fort Knox-level secure?" Fear not, my vigilant friend, because pass takes security seriously. Each file in your vault is encrypted with an AES key following symmetric cryptography patterns. This AES key isn't just any key; it's the offspring of your Public and Private Key pair. Each time you want to access your vault, you will be prompted to provide the passphrase guarding your Private key. Once you input the correct passphrase, the AES key is generated to decrypt your passwords.

Now, I won't venture too far into the deep crypto waters because this article's not your cryptography 101 class. Just know this – pass has security covered tighter than a programmer's deadline.

If you don't have any Key pairs in place and want to try pass, you can generate your Public and Private Keys using GPG. For more info, refer to their official website.

Now, let's shift gears and talk about enhancing our password manager with versioning and cross-platform syncing.

The tool for this task is Git, the Rolls-Royce of version control systems. With pass neatly organising passwords into a directory, syncing them across different platforms becomes a breeze.

In the first place, Git grants access to the complete history of your vault, allowing you to revisit multiple versions of your passwords. Imagine having a time machine for your digital secrets. Secondly, the power to rewrite history is at your fingertips – a mere pass git revert, and you can undo the latest change as if it never happened.

Beyond the nostalgia trip and undo magic, Git provides synchronisation across various platforms. With a straightforward git clone <repo location/online address> command, you can replicate your vault on multiple devices. Import your key pair, and you're good to go. Now, some might question the compatibility with mobile platforms. Speaking from the Android side of the fence – sorry, iOS users, I can't tell for your world – there's a nifty gem known as "Android Password Store." This Android client lets you clone your Git repository, import your Private Key, and access your vault on the go.

But wait a minute, someone might raise an eyebrow, thinking, "Hold on, aren't your passwords now exposed since you are using a public Git Repo for syncing your vault?" Well, good luck cracking a 2048-bit RSA key to decrypt my passwords. But still, if you want that extra layer of security, you can stash your vault in a private Git repo. However, it is essential to understand that we're not relying on obscurity for security. So, whether your passwords are tucked away or out in the open, remember that security is about using strong cryptographic primitives, not hiding.

If you want to try pass, you might visit its website here for installation steps. For the Android client, you might visit this Github repository and download the latest Snapshot build. I recommend not using the official release since it uses a third-party app to manage your key pair. This makes the process more complicated. The newer Snapshot build accommodates this functionality within the app, which is more convenient. I hope the app's more recent version will be released soon.

In conclusion, pass has emerged as my personal holy grail in the realm of password managers. It effortlessly aligns with all my criteria and caters to my distinct preferences. Granted, it might not be everyone's cup of tea, but for fellow tech enthusiasts, it's undoubtedly worth a shot. Admittedly, mobile support is still in its early phase, but I'm optimistic about a more mature product in the future. I hope you found this article both enjoyable and enlightening.