razzi.abuissa.net

Razzi's guide to pass

pass is the password manager I use.

I primarily use it on the command line, so it requires that familiarity, but it’s featureful and configurable if you can use it.

Most imporantly, it puts you in control of your data, by storing all passwords as encrypted files in a git repository.

Basic usage

The simplest use case is to create a password like so:

$ pass generate -c somesite.com
[master e3fa1fb] Add generated password for somesite.com.
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 somesite.com.gpg
Copied somesite.com to clipboard. Will clear in 45 seconds.

This copies it to your clipboard, which you can then paste into a password input.

Then when you want to retrieve it:

$ pass -c somesite.com
Copied somesite.com to clipboard. Will clear in 45 seconds.

However I use a pw function I wrote, which automatically gets or creates the password and copies it by default, and then syncs git.

So I just do this:

$ pw somesite.com

Including usernames in passwords

Pass has a multiline feature which they intend for you to use by adding multiple lines to the password file.

Rather than using this, I put the username as part of the filename:

$ pw razzi@libera.chat
Copied razzi@libera.chat to clipboard. Will clear in 45 seconds.

That way I can see at a glance what my username for a given service is. Technically this leaks metadata (my username) but I don’t mind this, and I keep my password as a private repository.

Using pass with one-time passcodes

I use pass with pass-otp. You can install it on debian like so:

$ apt install pass-extension-otp

This saves me having to configure an authenticator app on my phone. Most importantly, it puts me in control of these codes; if I were to lose my phone, I’m not confident that I could recover my 2FA codes, but since I install my password manager on all my devices, I could restore it from any of my devices.

User beware: this is pretty much exactly what https://xkcd.com/2677 is warning about.

To process the QR code, I use zbarimg:

$ sudo apt install zbar-tools
$ zbarimg --raw -q ~/Downloads/2fa-qrcode.png | pass otp insert somesite.com

Now I can generate the codes like so:

$ pass otp -c somesite.com
Copied OTP code for somesite.com to clipboard. Will clear in 45 seconds.