HomeAboutMailing ListList Chatter /0/0

Passwords 2FA OTP

2020-11-15 by: Unkmar
From: Unkmar 
I learned of pass and pass-otp.  Easy to use CLI that uses gpg to store and
retrieve account passwords. With pass-otp you also have an easy to use
alternative to other OTP's such as the Google Authenticator app. They are
scriptable. pass is itself a shell script.

WARNING: I have 2 warnings for anything gpg or private key base. Don't give
out or share your private key. Don't lose your private key. So, you need a
copy of it somewhere. Extra warning, Don't keep all your passwords in only
one place. In other words, Make sure you keep an updated copy of your
encrypted password store somewhere. You wouldn't want a single computer
crash to wipe out access to everything.

I saw it in this Youtube video by Luke Smith.

-- Lucius L. Hilley III

=============================================================== From: Adam Jimerson ------------------------------------------------------ I use pass as well and really like it, I would also recommend looking into pass-update (https://github.com/roddhjav/pass-update#readme) to assist with changing passwords. As for syncing my password store between multiple machines I use Syncthing (https://syncthing.net/) which is completely peer to peer and the data is encrypted in transit, although the passwords themselves are already encrypted with my GPG key. As for my phone I use this https:// github.com/android-password-store/Android-Password-Store#readme client. I've been toying with the idea of writing a plugin for pass that allows you to check your stored credentials against https://haveibeenpwned.com/ as well.

=============================================================== From: Michael Harrison ------------------------------------------------------ I kinda rolled my own with some simple scripts, that backups up my key files to both an attached USB drive and a copy to somewhere else. The symmetric encryption is not top shelf.. but pretty good and allows me to decrypt/encrypt that file elsewhere as needed without private keys on the machine. Key commands for the files I store stuff in. gpgtar --directory . --decrypt ./stuff.dat #puts files in ~/data #use fav editor to view, edit, files then when done: gpgtar --symmetric --encrypt --output stuff.dat data shred shred data/* ; rm -r -f data