1. 55
  1. 15

    There are various command-line concoctions such as password-store which stores PGP-encrypted files in a Git repo, but that doesn’t improve my situation over 1Password. I would still have to manually look up passwords and copy them to the clipboard. These command-line packages also lack mobile apps and syncing.

    That’s not completely true. I use pass with syncing via a private Git repository, there’s a Firefox plugin with autofill support, good mobile clients for both Android and iOS. The best password management system I’ve used (I’ve been a user of 1Password for about 3 years before that). Being able to do git log to see password history for a website is awesome. Bonus point: OTP plugin works like a charm.

    1. 2

      The major problem with pass is that the mobile clients don’t supported encrypted git remotes, which is a huge problem: anyone with read access to the remote repo can see what your accounts are.

      1. 4

        So put the remote on a system you physically control ;)

        1. -3

          Given that git is distributed and makes it very easy to push from any client to any remote, it’s a pretty safe assumption that one day you’ll accidentally push to another remote where you realize shortly after doing so that this was A Bad Plan.

          1. 14

            … it’s pretty hard to accidentally push to a remote you never set up…

    2. 5

      1Password now have a CLI, which is somewhat cumbersome to use, but does run on Linux, *BSD, etc. It still requires a net connection to access the hosted, encrypted data. I wrote a wrapper for it – see 1pass – which caches content locally, encrypted by PGP. I find this gives me the best of 1Password and pass (though 1Password is obviously not an open source product).

      1. 1

        I also have 1password, but the non-cloud version and I still have no viable solution to have my vaults on Linux. You to sync the files over a file sync service and open the vault as a web app…

        I seriously start to be pissed off by AgileBits that said several times in the process of creating a Linux app (in 2015…).

        It’s sad to have nothing viable on a platform which users often care for the security of their accounts…

      2. 4

        I’m curious to see what the general consensus on Bitwarden is. I can’t find many articles about it outside of its own announcements. It looks like they have a bug bounty program? I’m a bit dubious of the fact that there’s just one developer.

        1. 3

          I’ve been using Bitwarden for about a year now and it has been great. Works on all platforms and it’s open source—and people are actually contributing. The code looks reasonably clean, well organized, and the author is quick to respond and fix any problems.

          While it’s not quite at feature-parity with 1Password, it’s well beyond an MVP password manager, and new features are added regularly.

          Overall, I recommend it.

        2. 2

          Can this support vault sharing / “teams”? Really need a self hosted way to handle that