Thinking about moving back to after months of

I enjoy the idea of plaintext files and pure pgp, but
- the hassle of setting up a new computer
- the hit-miss integration with Firefox on linux
- the impossible integration with Firefox on windows
- the leaking of metadata through the directory structure

I am just not sure it's worth it anymore. Security is not simply about cryptography. It's also about ease of use. If too complicated, you'll just start working around the system.

@yarmo Thank you! I have the same mess. But I started with pass (gopass). I like the idea, since it's so simple. But setting up the client on each device, getting pgp keys everywhere... I think I will move to bitwarden as well. But for small groups who need to share passwords or secrets in general, I think pass is a straight forward alternative.

@yarmo yes, try bitwarden, you won't look back. i moved to bitwarden a few years ago, after lastpass started charging me, a premium user, multiple times, then doubled the price, and i said that's enough. i registered a bitwarden hosted account first, then later installed my own server. the only issue i experienced while moving data from LP to BW was improperly converted ampersands in some password.

@themactep I am already using and paying for bitwarden as my backup password manager. I'm simply thinking about promoting it back tot "main" password manager.

Never used Lastpass, avoided that hot garbage right from the get-go.

@yarmo they were good at the beginning, like really good. agile to fix bugs, trying to improve much. then they sold the project, and the shitstorm began.

@yarmo I can highly recommended to use pass and bitwarden as a combo.

Bitwarden is perfect for web passwords but at the same time subject to browser security. So for passwords that are used frequently and can be easily recovered, perfect match.

Pass on the other hand is perfect for scripts, automation and low frequency secrets like 2FA recovery keys. Also, due to being outside of the browser context it's also ideal for high security passwords especially when using smartcards.

@yarmo I actually elaborated on the topic a while ago:

Just in case you didn't read already ^^ but above is the TL;DR :D

@sheogorath @yarmo hey guys, looking for a password manager, too, here & the joint approach sounds nice. Could you post a link to pass? Not exactly the easiest thing to google...

@srs @yarmo

It's written in Bash and uses GnuPG and git to manage passwords and logins. There are various extensions and implementations of it.

@sheogorath @srs @yarmo nice discussion. and that is a nice blog post too. i use pass and it's great for me and enough. except when sharing credentials with other people and groups. have tried to look into selfhosting (cloud is for me an absolute no-go) bitwarden for that but it's pretty involved. had big hopes for bitwarden_rs but it depends on docker for building the debian package (c'mon... wtf).

@jerger @yarmo since when it pass unmaintained? :blobfoxeyes: last commit 32 hours ago.

Gopass is as far as I know a re-implementation of pass in go with some goodies. Funnily enough, I trust pass written in bash more than gopass written in go :D

Note that gopass is incompatible to pass and the maintainers are ignorant about bug reports.
@sheogorath @yarmo

@musicmatze @sheogorath @yarmo

Can't confirm. We use both gopass and pass in a very spread and automated environment. Core functions are compatible atmo.

Our bugreports and PRs are handled very nice, discussion around was friendly and fast.

What's your problem in detail?

@yarmo 😅 I've integrated pass nicely on my workflow after... years using it... directly from terminal :blobCatAnon:​ (bash autocomplete) with no browser plugins, and :android:​ app.

👍 Yes, it might not be the most convenient in some situations, but I keep it sync with #nextcloud so new devices are not a problem

good luck with #bitwarden

#passwordstore #password #lastpass

Same here. Pass for years now, synced the proper way with git. Just krunner integration for plasma, no other extensions.

Works like a charm!

@yarmo I've been enjoying bitwarden a couple months, and I like financially supporting an open source project.

Keepass in Seafile worked well for the pas few years, but browser integration with bitwarden is just miles ahead.

They also have a CLI that could perhaps be used for automation tasks, but iirc the vault unlock process was a bit onerous...


In #KDE Plasma you can hide the directory structure by putting the folder in a Plasma Vault. You can even set different vaults with different folders and automatically unlock them according to the current Plasma Activity. Useful to also hide Firefox's profile folders.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.