The Chad Pass

This guide is not 100% perfect, and I'll probably get things wrong. Make sure to read the full guide. I'm not responsible for any damages.

Most people know about password managers, such as LastPass, Dashlane, 1Password, NordPass. Those who have been digging deeper also know about KeePassXC and BitWarden. I'll quickly break down the problems with those password managers.

The first password managers mentioned are hosted in an online cloud. They also require JavaScript to work, so who is to say the companies behind it are not going to implement keyloggers, or create a private copy of the private keys? AVOID!

There is nothing inherently wrong with KeePassXC or BitWarden. In fact, I recommend beginners to use offline password managers that are privacy-focused and very "convenient". I'm saying it in quotes, because people will have a hard time trying to understand the interface, as well as keeping the database files updated.

The giant problem with all of those managers is the "bloat" of the GUI, requiring "too much work". You, the end user, shouldn't have to deal with bloated extra features. You need something fast to manage your passwords, not a foundation of bloated backends.

You shall worry no more, my friend. I'll show you the ultimate password manager, that solved my troubles... (and even solved problems that I've never asked!)

What is pass?

Pass is shell script that follows the Unix philosophy, essentially forming a simple and easy-to-use password manager.

Getting started

99% of Linux distros have GnuPG bundled in or inside their repos. GPG is needed to store the passwords securely. You need to create a GPG keypair that will be used for this particular "database".

Run gpg --full-gen-key. Select RSA encryption and ramp it up to 4096, whatever's the strongest! Make sure the key never expires...and you don't really have to enter in real info? Just enter in a random name and continue.

You're gonna have to make up a password for this keypair. Yeah, yeah, I know - very ironic for a password manager. But in reality - it's important! You HAVE to write this physically or on paper, because if your machine gets compromised in any way, and if the keypair password is stored on the computer, all your passwords are doomed!

This piping gets thrown around, as to "generate a random string", but it generates a secure password too!
head /dev/urandom | tr -dc A-Za-z0-9 | head -c 25 ; echo ''
This keypair password will be 25 characters long, but you should always have longer passwords - assuming you're writing this on A4 sized paper.

Usage of pass

Using pass is actually straightforward. In fact I'd say even a Linux beginner will catch on as to how it works.

To literally just list all the passwords: pass.

To create a password: pass add [password_name].

To generate a password: pass generate -n [password_name] 40 (-n is without symbols; 40 is how long it should be).

To edit a password: pass edit [password_name]. The password entry can now have many lines, but don't worry! Pass only reads the first line of the entry, so make sure to keep the password at the top.

To delete a password: pass remove [password_name].

To rename a password: pass mv [password_name] [new_name].

Import from KeePassXC

There is a repo, which allows you to import from other password managers. It does the job very well, at least for KeePassXC. If you're on Arch Linux, you'll find it in the AUR as pass-import.

You need to have the KeePassXC passwords exported as a CSV file, then run pass import keepassxc [the_exported_csv_file].

Written by VickyTheChills on May 23, 2022 at 01:39:26 EEST