[fwx]

How does this compare to other popular solutions? Specifically, KeepassX / Keepass2 which are the most common solutions I've seen most Unix / Linux users employ. Can we objectively state which one is a better solution?

[marcv81]

Objective difference: KeePass encrypts the names of the websites where you have accounts. I would not want to live without this feature.

[DavideNL]

https://github.com/roddhjav/pass-tomb

[scbrg]

A few differences:

- There's no builtin GUI

- Each entry is its own file

- You control the storage format (meaning it's easy to store any kind of information, not just passwords)

- It relies on GPG, so you need to set that up first

[laurent123456]

> - You control the storage format (meaning it's easy to store any kind of information, not just passwords)

In Keepass, there's a textarea associated with each password entry, which can be used to store extra data like security questions, etc.

[dbdr]

> You need to handle X integration yourself by piping to xclip, or similar (or just cut and pasting from terminal)

pass -c (or --clip) does that for you.

[Sir_Cmpwn]

>- You need to handle X integration yourself by piping to xclip, or similar (or just cut and pasting from terminal)

Wrong, pass provides the -c flag which puts it in your clipboard and clears it after a timeout.

[scbrg]

So it does, yes. I forgot about that, since I needed to write my own wrapper to paste both username and password (stored on separate lines) anyway. Thank you for the correction, I'll update my post.

[hdhzy]

There is also QtPass (GUI around pass), and various browser extensions (e.g. BrowserPass).

Of course one has to set it up, it's not an integrated solution. But GPG provides interesting features like storing encryption keys on hardware devices. Some devices like Yubikeys can have touch-to-use enabled. So each use of a secret requires a touch (after PIN but that's once a session). Perfect combination of convenience and security for me.

[kronos29296]

KeepassXC now supports YUBIkey now.

[hdhzy]

Well "supports" is a very broad term given that yubikey supports multiple applets (OpenPGP, PIV, U2F, static passwords etc.).

Do you mean this:

> YubiKey challenge-response support for strengthening your database encryption key

From https://keepassxc.org/blog/2017-06-26-2.2.0-released/

Then it's not clear for me how this works exactly.

[jm2dev]

Pass encrypted passwords are kept in your computer, which I find safer than web based solutions. Optionally you can use git to share passwords between computers but you still need the gpg2 keys from the original repo.

[nerdponx]

Huh? Keepass is just an encrypted XML file. No GPG or remote storage required.

[aeorgnoieang]

You can setup a password store with Pass to use multiple keys – much better than sharing keys among multiple devices.