Passwords are really the weak point in many instances, people are poor at remembering passwords that are hard to crack. XKCD exemplifies this…

A sensible solution is to use a password manager, a piece of software the generates long, random passwords and encrypts them using OpenPGP (or a variant thereof) so that you only need to remember your gnupg password to access all of your passwords. Several options exist such as the GUI orientated KeePass, but being CLI orientated I opted for the simpler pass which rather handily has an Android Application.

pass and gnupg will almost definitely be in your distributions package repository, install it with…

snippet.bash

emerge -av app-admin/pass app-crypt/gpg www-plugins/browserpass

snippet.bash

pacman -Syu pass gpg browserpass-firefox 

Install the password and OpenKeychain applications from the F-Droid Store (or from Google Play if you have not enabled installation of applications from outside of there).

Two options

• passff
• browserpass

Install browserpass

You can install Chrome plugins under Opera so it is possible to install browserpass after you have installed the install-chrome-extensions add-on.

To use browserpass-extension you need to have the browserpass-native installed as it provides the interface between the browser extensions and pass on your system.

snippet.bash

# Gentoo
emerge -av www-plugins/browserpass
# Arch
pacman -Syu browserpass

If you are using Arch Linux then all you need to do is install browerpass-firefox (or browserpass-chromium)

snippet.bash

pacman -Syu browserpass-firefox

Other systems you have some work to do, I use Gentoo and the instructions for configuring your browser didn't make sense since the listed files after installing the www-plugins/browserpass package didn't include any Makefile against which make could be run, far less under the noted /usr/lib/browserpass/ directory. What it does show though is that JSON files are installed for Mozilla, Chromium and Chrome and a binary at /usr/libexec/browserpass-native…

snippet.bash

# equery f browserpass
 * Searching for browserpass ...
 * Contents of www-plugins/browserpass-3.0.10:
/etc
/etc/chromium
/etc/chromium/native-messaging-hosts
/etc/chromium/native-messaging-hosts/com.github.browserpass.native.json
/etc/opt
/etc/opt/chrome
/etc/opt/chrome/native-messaging-hosts
/etc/opt/chrome/native-messaging-hosts/com.github.browserpass.native.json
/usr
/usr/lib
/usr/lib/mozilla
/usr/lib/mozilla/native-messaging-hosts
/usr/lib/mozilla/native-messaging-hosts/com.github.browserpass.native.json
/usr/lib64
/usr/lib64/mozilla
/usr/lib64/mozilla/native-messaging-hosts
/usr/lib64/mozilla/native-messaging-hosts/com.github.browserpass.native.json
/usr/libexec
/usr/libexec/browserpass-native

…which is encouraging as it looks like its configured out of the box for some of the browsers it supports. I have Chromium (bin) installed and whilst I don't use it I do use Opera and installed the browserpass-extension and it “Just Works(TM)”.

This is, purportedly, pretty straight-forward, you simply re-initialise pass with the gpg-id you wish to use, it will renecrypt all existing passwords that are not currently encrypted with that key for you…

snippet.bash

pass init [ --path=sub-folder, -p sub-folder ] new-gpg-id

• Pass: The Standard Unix Password Manager
• `man pass`
• password management - how to update GPG private key that Pass uses