PASS: a Password Manager & Two Factor Authentication (OTP) with no Cell Phone

preview_player
Показать описание
Usually I just remember my passwords, but the program pass is very nice for storing many passwords, calling them in scripts, inserting them from a dmenu prompt and more. Crucially, with the pass-otp module, it can also do Two Factor Authentication (2FA/TFA) AKA One Time Passwords (OTP) where you use a 6-digit-password that changes every half a minute or so. Usually, normies use a cell phone for this, but you can actually just have pass do it on your computer. I actually have a dmenu prompt that gives me a list of all my OTPs to insert, and it automatically generates the six-digit password.
Pass will be in your distro's package repository, but here's the site.
pass-otp is probably also in your repository, but here is the Github:
Note that I also use the program zbarimg to convert a QR code into text that we can feed into pass-otp. It will be in your distro's package repo too.

Pass uses GPG to encrypt and decrypt your passwords, so I also talk about making a GPG key pair. You can have your GPG unlock automatically on login with pam-gnupg:

OR affiliate links to things l use:
  1. Luke Smith
  2. pass
  3. password
  4. storage
  5. manager
  6. lastpass
Рекомендации по теме
I think I 0:10:05

I think I finally found a new password manager!

I Tested 7 0:05:48

I Tested 7 Password Managers: the BEST of 2024 is…

I Switched Password 0:10:13

I Switched Password Managers (finally)

This is perhaps 0:11:10

This is perhaps my favorite password manager for the terminal

PASS: a Password 0:10:45

PASS: a Password Manager & Two Factor Authentication (OTP) with no Cell Phone

Proton Pass Review 0:05:54

Proton Pass Review 2024 | How good is this new password manager?

STOP Using Your 0:08:27

STOP Using Your Password Manager NOW!

BitWarden vs. Proton 0:09:23

BitWarden vs. Proton Pass: BEST Password Manager?

Fix Dead Island 0:23:07

Fix Dead Island 2 Not Launching/Opening/Starting From Xbox App/Microsoft Store PC(Game Pass Users)

Should You Use 0:09:36

Should You Use Proton Pass Password Manager?

Thoughts on Proton's 0:08:57

Thoughts on Proton's New Password Manager! (I'm Mixed...)

Password Managers: KeePassXC 0:06:59

Password Managers: KeePassXC VS Bitwarden

How to Use 0:22:10

How to Use Pass Which Is a Command Line Password Manager

Proton Pass Tutorial 0:14:14

Proton Pass Tutorial | Is it Worth Switching Your Password Manager?

Proton Pass vs 0:08:23

Proton Pass vs 1Password — NEW vs EXPERIENCED password manager

Pass - The 0:18:26

Pass - The Standard Unix Password Manager

How to Use 0:10:02

How to Use Proton Pass Password Manager | Review and Tutorial (2024)

CLI Password Management 0:05:23

CLI Password Management with pass, gpg and dmenu

Is Proton Pass 0:06:54

Is Proton Pass the BEST New Password Manager?

NordPass Review and 0:16:42

NordPass Review and Setup Tutorial - best free password manager?

I Might Pass 0:00:27

I Might Pass on My Favorite Password Manager

How Secure Is 0:10:57

How Secure Is Your Password Manager?

How To Switch 0:14:05

How To Switch Password Managers in 2023 + LEAVE LASTPASS!

✅ Best Free 0:00:44

✅ Best Free Password Manager 🔐 Proton Pass

Комментарии
Автор

You didn't mention that it can generate random passwords that are orders of magnitude more secure than what someone could just make up. I use all generated passwords. I'm so secure that I even generated my GPG key pair password and now I am locked out of everything. Trust no one, not even yourself.

Klayperson
Автор

OMG it’s been so long since an upload I was getting withdrawals for not consooming

MrJoseklon
Автор

Oh no, Luke is uploading videos constantly, he became a normie

carlobagnoli
Автор

I recommend integrating git into pass. You will always be able to go back and view old passwords, and it makes it easy to clone and share with other machines. Once it's set up, pass will automatically create a commit for each password you insert. And as someone else mentioned, there is a generate pass word option which is very nice. Once last thing, you can use -c to copy to your clipboard and it will disappear in the amount of time you set in your .rc file: `export PASSWORD_STORE_CLIP_TIME=145` (seconds)

al-dulb
Автор

I was literally getting into Pass yesterday and today you upload this

IMMA HAVE TO GO GET MY TIN FOIL SUIT

repomansez
Автор

Pass also has a bunch of frontends for your browser / desktop which may be of interest. Passff is the Firefox extension and pass menu is a desktop agnostic dmenu implementation

jeetadityachatterjee
Автор

Such a great tool. Thank you for showing it to us Luke

sussusamogus
Автор

0:14 "devoid of junk"?
Unaboomer trying hard to not say the B-word

nerdbot
Автор

Good to see you’ve went back to your old thumbnail style

nimbusinu
Автор

Yes, yes, yes! I was waiting so long for a video about some password manager. Now if you only recommend some backup program…

aleksanderkrauze
Автор

Just a few extra notes on pass and pass-otp:
Pass-otp can retrieve your otp code from anywhere in the password file, so you do not need to keep the otp in a separate file. I put my otp code in the same file as my password.

You can make your own extensions for pass, they are basically just shell scripts that go into the ".extensions" dir. I have a few, such as an extension to get the "nth" character of a password.

emperorpicard
Автор

THANK YOU-- great video--- I needed this.. everybody else gets longwinded and goes through a bunch of crap I don't need.. you get right to it and say simply what it is which I

davidwayne
Автор

been using pass for the pass year or so. lovely little thing

AlexAegisOfficial
Автор

My first password manager and probably the last I will ever use. So useful and simple of a program. Some additional stuff it can do:

'pass generate mynewpass [X]' generates a password of length X instead of asking for inserting one. Default length is 20, I think. Use -n flag to generate an alphanumeric password.

It has integration with git. It autogenerates commits when things change in the password store, and 'pass git' works like 'git' for the password store repo from anywhere. I only ever need to use 'pas git push' and 'pass git pull'.

The flag -c puts the password in your clipboard instead of printing it. Useful for pass on mobile phone through termux, for example.

If the name of the password to add contains a slash it will put it in a folder. Might be useful for organization purposes, but makes longer names.

FyahBurn
Автор

Hey, Luke! pass-otp is nice, but inherently flawed. It's not secure way to use 2FA, because it's basically all eggs in the same basket, which defeats whole purpose. Same problem with pam-gnupg.

And also quick side note: you can use pinentry-curses to unlock gpg without GUI.

kareyoke
Автор

I watch Luke because of the strong opinionated content.... so refreshing from the wishy washy content out their that says something like "if you like you can try this but if not all good nothing bad will happen"
Best opening from Luke "In this video I'm going to talk about the only password manager that ever matters..."
🥺

adjbutler
Автор

OpenKeychain with PasswordStore uses pass and can synchronize across multiple devices using git. Worth checking out if you have an Android device (make sure to install using F-Droid and not the Play Store)

Bastian-Remi
Автор

Yes, this looks so cool but 2FA has to be kept on a different different device, otherwise it’s not “2 factor”. That’s why you shouldn’t use Authy on your PC, the concept is that if somebody manages to steal your PC, he also has to steal your phone. In this way, the layer of security is much higher. As long as you store passwords with it, I’m fine with that, cause apps like Bitwarden or keepass do the same thing. But that OTP feature is really insecure and counterproductive

tommasochiti
Автор

better be worth it, watched 2 etoro ads for this

rae
Автор

if you are bloated with accounts keepass is a better alternative

anxo_