The Search for the Best Password Manager

I’m ashamed to admit, for the longest time I used the same password for everything. You’d think with my background I’d take security more seriously, but my laziness often overtakes that concern. It has changed over the years…about 3 or 4 times. And it only changed when I was forced to. Over time, as I added more and more accounts, the potential for one account becoming compromised and ALL of my accounts becoming compromised as a result, I had to change something.

For a bit, I thought what if I just used one extremely long, complicated password for everything. But, even a near uncrackable password is rendered useless if someone gets a hold of all user data from a system and can just see what password I chose. So, I had to go with some sort of password manager. I have used Google’s default manager a bit, but, since I have long moved on from Chrome it doesn’t really help me when I’m at my PC. Plus, if I truly want to be as secure as I can possibly be, I want to avoid storing all my passwords with one single company. If that company (like with was happened to 1Pass) gets compromised, all my passwords are still useless. There are some password managers out there that say they don’t store your info online and/or all data is encrypted, but, just like Google removed “Don’t Be Evil” from their code of conduct and Firefox removed their promise to never sell your data, companies change and ultimately can’t be trusted. If I truly wanted a secure solution, I had to use a completely offline solution.

The Problem

An offline solution works well for either my PC or my phone, how do I sync my passwords between the two? I COULD store all my passwords into an encrypted file and copy it between the two devices whenever I update it, but that’s a lot of work. The more friction I create in the process, the less likely I am to use it. That’s when I found Linux has a built in solution.

Password Store

Pass is a standard Unix password manager and runs entirely through the terminal. It uses GPG encryption, I can set up folders and structure it however I want, and it’s completely offline. Setting it up was relatively easy and my experience using has been great. I can easily create new password entries and automatically generate a password for them and immediately copy that password to my clipboard upon creation, I can search through my password list, make use of my shell’s autocomplete function so I don’t have to type out the entire password name, and I just need to remember my master password just like any other password manager.

But, how do I sync this to my phone? Thankfully, I was able to find a Password Store app for Android that was available through the 3rd-party F-droid store. I can store all my password files in a git repo and easily sync any changes between the two. The app also supports autofill from the keyboard, though I often have to manually search for the right password as the one it automatically picks from list is the wrong one more often than not. But, it’s a small hassle I’m willing to deal with.

Conclusion

Ultimately, this solution is nowhere near as easy to use as a complete UI solution a company could provide for you. A complete solution often autofills your data for you. When I go to login somewhere, I have to swap to my terminal, type in the password name, enter my master password, and then I can copy the login details for whatever site/service I’m trying to access. Yes, it does sometimes get annoying, but, I ultimately prefer not having to rely on another service and most likely incur yet another subscription charge. Plus, for something like a password manager, I prefer the navigating the terminal rather than a slow, buggy UI.

If this is not the solution you want and you want my honest recommendation for what else to use, just use whatever Google or Apple gives you. And if you still don’t want that, then go with BitWarden or ProtonPass.