Thinking about moving back to #bitwarden after months of #pass

I enjoy the idea of plaintext files and pure pgp, but
- the hassle of setting up a new computer
- the hit-miss integration with Firefox on linux
- the impossible integration with Firefox on windows
- the leaking of metadata through the directory structure

I am just not sure it's worth it anymore. Security is not simply about cryptography. It's also about ease of use. If too complicated, you'll just start working around the system.

@yarmo I can highly recommended to use pass and bitwarden as a combo.

Bitwarden is perfect for web passwords but at the same time subject to browser security. So for passwords that are used frequently and can be easily recovered, perfect match.

Pass on the other hand is perfect for scripts, automation and low frequency secrets like 2FA recovery keys. Also, due to being outside of the browser context it's also ideal for high security passwords especially when using smartcards.

Follow

@sheogorath @yarmo hey guys, looking for a password manager, too, here & the joint approach sounds nice. Could you post a link to pass? Not exactly the easiest thing to google...

@srs @yarmo passwordstore.org

It's written in Bash and uses GnuPG and git to manage passwords and logins. There are various extensions and implementations of it.

@sheogorath @srs @yarmo nice discussion. and that is a nice blog post too. i use pass and it's great for me and enough. except when sharing credentials with other people and groups. have tried to look into selfhosting (cloud is for me an absolute no-go) bitwarden for that but it's pretty involved. had big hopes for bitwarden_rs but it depends on docker for building the debian package (c'mon... wtf).

Sign in to participate in the conversation
Mastodon

a Schelling point for those who seek one