Pass - The Standard Unix Password Manager

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
are you looking for a better way to manage all your passwords today we're gonna take a look at pass which is the standard UNIX password manager let's get started [Music] so managing your passwords there are a number of options out there as far as password managers probably the most popular that the general public tends to use is something like LastPass LastPass is a very popular service it's got a web interface if that site is ever compromised everybody that uses LastPass would be completely hosed so I personally wouldn't use LastPass but LastPass seems to be pretty secure they don't really have any major compromises that I know of I could be wrong about that key pass is a very popular like desktop client and also has mobile clients as well but KeePass is really interesting because it stores all your passwords and a local file on your machine and encrypted file the problem is all your passwords are in that single encrypted file if you ever lose the key to it you're kind of hosed and keep past what happens if key pass goes away one day how do you open that file well the good thing is key pass is open source and there are other programs that use the key pass encryption decryption method so you could use those programs I guess to get back into that file but still what about a password manager that adheres to the UNIX philosophy is there such a thing out there well Pass has been around for many many years pass is very popular among Linux enthusiasts especially those that prefer to do things in the command line pass the standard UNIX password manager so it's very simple follows the UNIX philosophy with pass every single password you enter into pass is saved as a file a single file that is GPG encrypted that's kind of neat all your passwords are saved in their own in this directory dot password dash store you can edit the password store using your typical shell commands so pass is really really interesting there's a number of extensions to pass depending on what kind of desktop environment what kind of web browser you use pass actually has a ton of extensions so it's very extensible we're gonna get into some of that too but first let's get into installing paths I won't bore you with a lot of the technical details but let's see it in action let's get started with pass we'll start with the installation now I'm gonna do this in a VM I created this VM just for this video this VM it's R : excu tile it's a fresh install so pass it's not already installed on the system why am i showing you this in a vm and set up my host machine well I may show you some stuff on my host machine here in a minute but a lot of the basic stuff I really can't show you on my host machine because it might share the GPG key with you on camera you guys don't need to see my GP G key obviously it also may show you some of my passwords for various websites that I have passwords to I can't share that with you obviously on camera so we created this VM we're gonna set up pass I'm going to create some fake accounts at websites that I don't visit and just for purposes of this tutorial so obviously the first thing we need to do is install pass so I would just pull up a terminal and whatever Linux distribution you're on and then I'm on an arch based system so I use Peck man to install everything so sudo Peck man - capital s pass you're on Anna Bunty Aur a Debian based distribution you would need to sudo apt install pass or use DNF and fedora or whatever package manager on whatever distribution install the package pass hit enter it's gonna require a root password anytime you install the remove software you do have to enter a root password and then confirm with yes or no and boom just like that it's very small program let me clear the screen here the next thing most people would do just naturally after installing a program is to try to run it so let's try to run pass we're gonna get an error password store is empty try pass an it well the terminal says try passing it so naturally the next thing you're gonna do is type passing it right that must be what you do well not exactly you're gonna get an error about that because that is not the proper way to run that command the actual way to run that command is passed an yet and then in quotes it doesn't matter double quote single quotes you're GPG key which we're not going to have a legit GPA so how do we get a GPG well assuming the Ganu PG package is installed already on your system you need to run the following command g PG space - - pull - generate - key run that command now it's going to ask you some options on exactly what kind of g PG encryption your what kind of g PG key you want just go with the defaults for now so if you want to read more about g PG i would suggest reading the arch wiki page on it i'm just gonna go with all the defaults hit enter three times then why for yes to confirm all this it's gonna ask for a real name and needs to be at least five or six letters long so I'm gonna go typically I go with user name at host name for my computer I'll go with DT you know at V box in this case email address I'm not gonna type my real email address I'll just DT at deep box for now for that comment I'm not gonna enter a comment we can skip some of this and then it's gonna ask you do you want to change anything you already entered or oh for okay Q to quit over okay and now please enter the passphrase to protect your new key I hope I remember this later it's not not a password I ever use we're just gonna make something up on camera we got our g PG key alright so where is the g PG key well in the terminal output you got this line right here at g PG colon key and then this right here that is your key now what happens if you had closed the terminal one on to something else who cleared the screen how would you get your GPG key well you need this command here let me clear the screen for example clear the screen where my GPG key go now I need to get it well you g PG - - list - secret - keys - - tid tid - format space and then all caps long and that generates some information here but what you really need is this right here this information on this line right behind the slasher that is also your GPG key what I'm going to do is I'm going to go ahead and copy that and my wallpaper is changing by default all our code Linux as variety said to change the wallpaper every few minutes that's kind of annoying I didn't know it was going to do that here in this VM I created alright so now that we have the GPG key let's run pass on it again remember passing it though we need to give it the GPG key in quotes hit enter it created our password store passwords store initialized for our GPG key so now when you run the pass command you do have a password store there's nothing listed in it because we haven't actually saved any real passwords yet how would you do that well you do that using the following commands pass space insert space and then whatever website you visit on a regular basis that you need a password saved for what do you go to all the time maybe something like Facebook I don't go to Facebook all the time but you guys might so pass insert Facebook just hit enter it's gonna ask you for your Facebook password alright so we just entered our password for Facebook now when I run the pass command and say I have password store and then underneath it facebook.com right and we could just do that for anything so pass insert Twitter I had a Twitter account you know we could go ahead and save your Twitter passwords right and now when we run pass we have you know facebook.com twitter.com now let's talk a little bit about the encryption for this so we saved the passwords for facebook.com and twitter.com they're saved to their own txt file basically where they saved well they're saved in the password store so let's CD into dot password - store by doing LS you see I have facebook.com GPG twitter.com which means there are of course encrypted so if I wanted to open one of them in a plain text editor like them say facebook.com GPG obviously I can't read this right it's encrypted I can't get my Facebook password just from reading that file we have to decrypt it now I will show you how to do this file using GPG in case you ever need to actually do this GPG space - D for decrypt and then the name of the GPG file you want to decrypt you hit enter you have to enter your passphrase for pass the secret pass phrase that we created I hope I remember again it's not a password I would typically use you hit enter and if you enter the right password now the terminal output will spit out my super secure password for facebook.com which was DT yet don't use DT has a password and I would do something a little longer it needs to include some capital letters some lowercase letters some numerals and probably a special character or to just pick anything question mark exclamation point whatever you want to throw in there alright so I cleared the the terminal output here cleared the screen a little bit so we can see what's going on now that I've entered my GPG key your computer will remember it for a while all i need to do is just pass and then the name of whatever key I'm looking for facebook.com in this case just tab complete and it enters my password here in the terminal right it just spits it the output out as DT or I could pass and I did twitter.com as well that is how you retrieve a password obviously you can only retrieve the password if you remember the key passphrase you entered when you first initialized pass of course that's not true right what happens if you forget your pass phrase you know the master passphrase well we just showed you how to decrypt something with the GPG anyway because those text files are here they're encrypted but you can decrypt them you should be good now let me close this VM and I am going to show you pass in action on my host machine now retrieving your passwords in a terminal most people don't want to do that all the time that's not really what I want to do I like living in the terminal if I'm already in the terminal yes it makes sense just to retrieve that password in the terminal but what are you using passwords for most of the time you're using them for websites right and I don't want to I'm in the browser what's my password for this site let me open up a terminal you know get my password copy it then go back to the browser no I want something a little bit easier well again Pass has a bunch of plugins if I scroll down the page here you see extensions for pass compatible clients for pass one of them is pass menu which is a basically a demon you script that interacts with pass it you don't have to actually install it either pass menu it's now part of pass you also have clients for Android I haven't actually tried this but Android passwords store I don't know if that's actually in the official Google Play Store but I know you can install it with something like f-droid looks like there's iOS apps again I don't own an iPhone I can't confirm that we definitely have plugins though for your browsers Firefox and Chrome both have plugins the Firefox plug-in is called pass FF I've already got past FF installed here in Firefox let me show you how that looks so let me go to my desktop here and with daemon you I'll launch Firefox I'm going to open a new tab here one of the websites I go to all the time not all the time but I'm a member of the Free Software Foundation maybe I want to go hang out on their forum so you know read something well now that I have pass FF the Firefox plugin for s FF you know it recognizes I have fsf.org saved as a password you see the P behind the forms here if I click it it'll say hey you have a pass for fsf.org do I want to actually fill out these forms and if I just click that of course I have to enter my super secure passphrase for my host machine which is quite a bit more secure than what I did in the VM so let me type this and assuming that's right now if I tell it to autofill it'll autofill by the way that's not my real username I changed it for purposes of this so but it will autofill this so you could either go to the tab up here click that or right here in the forms click that or they have a key binding in Firefox for pass FF control why I believe control wide pulls this down you don't actually have to use the mouse to navigate with it so that is pretty cool so you don't never need to open a terminal now the other thing you could do i of course use d menu so we mentioned past menu was an extension you don't have to install it it's included in the pass program by default I have passed menu set to run with a key binding super Shift key on my keyboard I believe yeah and this runs pass menu you see I've created two entries and pass on my machine at fsf.org and mastodons technology I saved my passwords for those two sites I just did that this morning I just installed past this morning actually I thought it was so interesting though I felt the need I really needed to make this video so what happens if I enter you know I highlight Mastodon technology and hit enter nothing well you think nothing but let's do this in the terminal so we get some output I'm going to zoom in a little bit so you can see what's going on let's run pass menu here in the terminal so you can see the output and now of course D menu launched at the top again I'm gonna select Mastodon two dot technology I'm gonna hit enter and in the terminal we get output copied Mastodon dot technology to the clipboard will clear in 45 seconds what does that mean it means my password for Mastodon technology is now in my clipboard for 45 seconds now I could go to a web site and just paste that password how cool is that of course I didn't need to do that in the terminal again super shift P is what I had this set to so if I needed my password for a fsf.org right now I just hit enter it's copied to the clipboard I can go back to my browser and just boom paste it right in the web site so that is just some of the basics with pass how to get started with pass really simple to use actually I think most people are kind of scared of pass at first because it seems scary for one thing it's command-line for one thing it uses GPG encryption but if you know just a few basic commands or if you forget the commands the arch wiki page for GPG it's got you covered so you know if I run past here this is my host machine you know nothing I'm not sharing any super-secret stuff with you here you guys probably already know I'm a member of the Free Software Foundation and all of you guys know I used Mastodon so knowing that I visit those sites doesn't give you any information you don't have usernames or passwords although right now I could you know pass you know FSF if I wanted to and get my password but it would return that password here camera if I did it because I had just entered my key phrase a while ago those of you that love typical graphical environments like genome KDE you live in a graphical web browsers of course like Firefox and Chrome you have the firefox and chrome plugins you really don't need to do much in the command line with pass if you don't want to those of you that love the command line obviously pass makes a lot of sense so obviously if you love D menu Pass makes a lot of sense obviously since every password is saved to its own file if you decrypt those files you know you could just they're plain text once you decrypt them you could edit them and something like VM or Nano or whatever so you can do a lot of really cool stuff with pass it's a little more flexible I think than other alternatives like key pass although I think key pass is great too I've installed key pass before and played with it it's a fine program but pass I think because it's a little simpler such a small program as well and it does kind of adhere to the UNIX philosophy I think long term I think I'm gonna start using pass for those of you that want to dive a little more deeper into pass of course I'm gonna link to the home page for pass in the show description but of course as always just read the man page man pass and the man page is kind of large let me zoom out here so you can kind of read the text a little bit better but it is a little lengthy man page not too lengthy you page down about ten times and you'll get to the end but it's pretty good documentation you should be able to figure it out and before I go this show was made possible by Ansem chris the other chris douglas dylan Jackley or phillip Rob Robert Tony and Willi they are the producers of the show my highest tiered patrons over on patreon without these guys this video about passed would not have been possible I want to sincerely thank each and every one of those guys also brought to you by that that long list of names you see there on the screen those are the supporters of the channel they support my work over on patreon I want to sincerely thank each and every one of those guys as well if you'd like to support the channel please consider doing so you'll find me at distro tube over on patreon alright guys peace [Music]
Info
Channel: DistroTube
Views: 43,629
Rating: 4.9398084 out of 5
Keywords: pass, password, manager, unix, philosophy, gpg, keys, Linux, terminal, plugins, Firefox, Chrome, dmenu
Id: hlRQTj1D9LA
Channel Id: undefined
Length: 18min 25sec (1105 seconds)
Published: Tue May 28 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.