![]() The benefits of using a free-form (unstructured) text file are: ![]() symbols chosen to be double-click-to-select friendly.no 3 sequential identical chars or 3 sequential ascending/descending chars.1+ chars from each of upper/lower/num/symbols.All my passwords (except a small handful) are unique, random strings generated from my own template. The shell wrapper around vim disables features which might leak information out of vim, such as the search history (.viminfo) and the swap file. The script which wraps my access to the file also keeps a local RCS revision history of all changes to the file (also encrypted). The text file itself is in a completely unstructured format, containing not just passwords but all personal details that I need to track, for everything that I deem needs to be kept private. Access is via a shell wrapper around vim on my desktop and imported via another script into keepass2android for my smartphone. I also use my own custom password safe, kept in a plain text file and secured by ccrypt. I’d love to use a company I trust with a nice convenient system, but that just isn’t the way the cookie crumbles. It’s happened sooooo many times that it actually makes sense to plan for it at this point and take evasive action. It is definitely more convenient than my system, but for my purposes and given my own technical knowledge, it’s not convenient enough to justify it from my perspective.Ĭompanies like 1password are just one acquisition away from shutting down or doing a complete 180. This is in contrast to many other systems like 1password which take ownership of storing your passwords for you. I should never be forced to migrate away from it for extrinsic reasons. Stated differently, I don’t see any reason why pass won’t continue to work indefinitely. The underlying tool composition is simple enough. And I’m confident I could scrape together the resources to build one myself. Even if the Android Password Store app went away, I could persist without it.Similarly, if pass became defunct, I would still have all of my passwords.If the current maintainers of pass decided to quit maintaining it I could probably handle maintaining pass for my own purposes.It’s not terribly convenient, but it works well enough. I use the Password Store app on Android to access my passwords on the go. See for example: (and the host of other ssh-* scripts in ~/bin). I also store my SSH keys in pass in such a way that lets me add keys to my agent with only my GPG key password. I trained my SO to use it, but I do have the advantage that she does data science for work and knows how to code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |