Okay. So in my last post I completely neglected to talk about the features of
gopass and what really made me choose it. I can’t believe I just forgot to talk about what the post was supposed to be about. Derp. So I’m going to make that up with this post.
Why I use gopass
In the last post I really only talked about the fact that I didn’t like some company potentially having access to my data. While that is the main reason I decided to switch from Bitwarden, it’s not the only reason. I like the simplicity of being able to quickly find and copy my passwords from the command line. Now, I don’t do that too often because I use the browser extensions, it’s still quick and handy when I need it.
I also like how quick it is to edit and generate new passwords. In the command line, if I want to edit a password I’ll type something like:
trashcat@bulbasaur:[~]: gopass edit entertainment/libre.fm
and it will open the file in Vim and I can quickly make changes to the file like adding the login name and URL.
gopass also has a nice search feature built in just in case I have multiple logins in the same category or something.
│Found secrets - Please select an entry │
│<↑/↓> to change the selection, <→> to show, <←> to copy, <s> to sync, <e> to edit, <ESC> to quit │
Another feature I really like is it’s auto complete. If I start typing a command like
gopass show fin I can then press tab and it will auto complete to
gopass show finance and if I press tab again, it’ll start going through my different finance accounts until I find the one I want and press Enter. After pressing Enter it’ll show me all the info stored in the file for whatever login I selected.
Copying to Clipboard
If I send a command using the
-c argument, it will copy the first line of the file which should always be the password. So if, for example, I type
gopass -c social/twitter.com it will copy my Twitter password to my clipboard and automatically clear in after 45 seconds.
trashcat@bulbasaur:[~]: gopass -c social/twitter.com
✔ Copied social/twitter.com to clipboard. Will clear in 45 seconds.
Search for Exact Match
It also tries to guess which account you meant if you don’t type it 100% correctly. Which is very helpful for me because of the file structure that I have set up. The way I currently have my Reddit file set up is
social/reddit.com/<username>. (I really need to change this, but I digress). If I were to just type
gopass -c reddit gopass would return something like the following
trashcat@bulbasaur:[~]: gopass -c reddit
Entry 'reddit' not found. Starting search...
Found exact match in 'social/reddit.com/<username>'
✔ Copied social/reddit.com/<username> to clipboard. Will clear in 45 seconds.
I really enjoy that feature because I don’t always remember what I called the file and this way I don’t have to.
So this is a feature that I’m not entirely sure if I want to use yet or not. I kind of like the idea of having my passwords and my OTP tokens in the same spot, but what I don’t like is that I already have all my OTP tokens in andOTP and it seems annoying to change it. Now, this isn’t a shortcoming of
gopass but more of me just being lazy or stubborn. I’m also not in love with the Android Password Store app and I wish someone would make a better app. So for now I’ll probably stick with andOTP for my 2FA needs and just use gopass/Android Password Store for my passwords. Maybe if the app gets better in the future I’ll switch stuff over but for now I’ll stick with what I got.
It’s also a little bit annoying to add the OTP stuff. You have to get the otpauth:// URL and website’s don’t always make that easy to find. I have set up one account with gopass’s OTP support just as a test and I had to use something like zbar to use my computer’s webcam to scan the QR code given by the site. Too much of a hassle for me.
But nevertheless, it’s still a nice feature.
This is a feature that some people may hate, but I love. I’m lazy. I don’t always want to type all the commands to send my passwords to the git repo that I store them in. Luckily gopass has an auto-sync setting in the
.conf file that will automatically perform a
git pull and
git push whenever a file is changed. Now I don’t have to worry about making sure my new password will be available on my other devices.
Another cool feature is the password audit. I actually really like this tool. It can check your passwords and tell you if they are too short, are in the dictionary, or if they are slightly changed but still a word (ex. N3tfl1x).
trashcat@bulbasaur:[~]: gopass audit
gopass also has the ability to check if any of your passwords have been leaked in any data breaches using the Have I Been Pwnd api.
trashcat@bulbasaur:[~]: gopass audit hibp --api
This command is checking all your secrets against the haveibeenpwned.com API.
This will send five bytes of each passwords SHA1 hash to an untrusted server!
You will be asked to unlock all your secrets!
Do you want to continue? [y/N/q]: y
Computing SHA1 hashes of all your secrets ...
67 of 67 secrets computed [###########################################] 100.00%
Checking pre-computed SHA1 hashes against the HIBP API ...
Good news - No matches found!
So far these are the features I use the most. There are some other features, such as Multiple Stores, and Password Sharing, but so far I only use the features listed above. So far I’ve been happy with
gopass. I’ve had a few GPG related issues but I’ve seem to have ironed them out.
I also plan on getting my YubiKey to play nicely with
pass. I’ve gotten it running but ideally I’d like it to be quicker. I might just stick with the pass phrase for now. We will see.
But that’s why I’ve chosen
gopass as my password manager. I’m happy with how simple it is. I’m happy with how secure it is. I’m happy with how much control I have over it. It does what I need it to do and that’s all I can really ask for.