The format is plain text. You can git control your password repo. You can organize into directories, etc.
It has an extension architecture; you can have it generate otps, for example. You can have specific passwords unlock with more than 1 key, if you want to do eg. family or business sharing.
There are mobile apps, browser plugins. None as smoothly polished as 1pw, but good ENOUGH. There are (imperfect) tools for migrating, but you can write your own scripts.
So far (using it for 48 hours) the worst part was setting up a gpg key.
I was reading through the comments wondering why so many technically capable people are paying for a password store service when passwordstore works nicely in the space and gives you some comfort in knowing how it works.
I highly recommend pass.
My set up is as follows:
- setup the key, share the private key to other devices who are going to use the same pass store;
- use syncthing to sync my passwords between devices (you can use github - but I just find it works nicely with syncthing;
- all passwords and other content are just gpg encrypted text files;
- use the pass cli utility to read the passwords;
- first line of the text file is the password so the apps and cli will read that into the clipboard (with a time limit to expire if you are on your phone;
- for android phones/tablets I use 'openkeychain' to manage the key and 'password store' as the app to read the encrypted text files and copy the passwords;
There are other browser extensions etc. I just don't find a need to use them though.
It has worked well for me over the years while I have seen the passwords market go more towards a subscription model over time.
My wife uses the same system, I just set it up for her and then it is seamless for her as well.
I also use and love pass on desktop, even with syncthing and browserpass, all perfectly working. But I am using yubikey to hold my key and that makes it not a good match for mobile setup. Also last time I tried, the mobile apps mentioned were not so easy to use, so I gave up on that front.
I really wish they'd offer other encryption backends than gpg. GPG is pretty long in the tooth. I never have problems with pass, all my problems are with gpg.
At the moment, it's that it has very inconsistent support in MacOS. Most of my machines are Linux, after I got the issues worked out on those it works reliably. OSX I use infrequently enough for it to be worth a ton of time troubleshooting. And so it only works rarely, like I think after a reboot. I think eventually I'll figure it out. The error I get is "no secret key". Even though when I run 'gpg' and then make sure my key is there, it still doesn't work when I run the pass commands.
But I'd rather use a backend that doesn't require as... weird... integration into the OS as GPG does. Between pinentry and having to store the passphrase, gpg just doesn't offer the same sort of out-of-the-box functionality as something less... heavy.
For me it’s more about trust. I’d rather trust a company with decades of experience this area than a bunch of random developers that published different unvetted apps on various app stores.
And technically, Syncthing doesn’t really seem viable on mobile last time I looked (and also has the problem of 3rd party apps instead of official ones).
How different we think. I'd much rather put my trust in select people, such as Jason Donenfeld (creator of pass, Wireguard &c) with impeccable track records, than random companies that are always one quick change of management away from selling all your data off to the highest bidder.
I was rather alluring to the different mobile apps which all seems to often be developed by various unknown developers (some closed source) instead of the core developers of the main project.
I too would trust the core of e.g. Syncthing or pass.
Making it all work on mobile is a completely different story though. I myself can’t do without mobile access to my passwords.
The mobile platform is one I ignore. The only thing I know with any certainty about my phone is that it's running a bunch of closed source spyware, so I'm not entrusting it with anything much - and certainly not my passwords.
I have been using passwordstore for several years now and I wouldn't be able to go back another product, even if other products were free.
Note that the private git repo can be uploaded to the cloud, which allows one to access passwords on multiple computers as well as on my phone.
Also I would like to highlight qtpass client for a very user-friendly GUI interface to quickly access passwords.
In my opinion, anyone that has basic knowledge of the terminal should be able to set up passwordstore no problem. Once it is set up, one can use qtpass or other GUI clients.
I've been using it for over two years, I absolutely love it. Check out pass-otp as well as rofi-pass (if on Linux) as I think it's the best way to have password entry on any computer. It sends the keystrokes so I can paste passwords in nested virtual environments where an extension might not be installable
https://www.passwordstore.org/
The format is plain text. You can git control your password repo. You can organize into directories, etc.
It has an extension architecture; you can have it generate otps, for example. You can have specific passwords unlock with more than 1 key, if you want to do eg. family or business sharing.
There are mobile apps, browser plugins. None as smoothly polished as 1pw, but good ENOUGH. There are (imperfect) tools for migrating, but you can write your own scripts.
So far (using it for 48 hours) the worst part was setting up a gpg key.