The Living Thing / Notebooks :

Password management

Usefulness: 🔧
Novelty: 💡
Uncertainty: 🤪 🤪 🤪
Incompleteness: 🚧 🚧 🚧

Don’t re-use passwords; that would be stupid.

To avoid password embarrassments, read this helpful intro to password managers from Mozilla.

Now, the solution is easy because we’re in the future and there are many options to synchronise passwords across your various computing platforms…

…I’m KIDDING; it’s an acrimonious clusterfuck.

Built-in password management in your OS.

Works fine but syncing across devices usually involves trusting yourself to their cloud infrastructure, and usually doesn’t sync across platforms, e.g from Windows to Linux to macOS to smartphone and back.


Mozilla’s Lockbox is an interesting recent entrant. Syncs between mobile and desktop browsers. Open source. Open SDK. Sadly it doesn’t have strong import/export abilities, which makes it hard for me to actually try.


1password: (Mac/Windows/iOS/Android) Closed source, so who knows if it works? At least it’s Canadian, so they probably have slightly different security channels they are required to syphon your stuff into. Linux users are politely advised to get fucked. Shiny. Has smartarse features such as not disclosing your secrets under duress in the airport, a.k.a. “Travel mode”, a.k.a rubber hose for normal people Has a CLI.


dashlane: seems to be more or less the same as 1password, but French (?).


lastpass runs on every platform, browsers, phones, Linux, Windows, Mac. However the product is closed-source and inscrutable and they have headquarters in the USA, so they have limited ability to resist pressure from casual data harvesting from the American spook apparatus. Also I don’t really trust this company, since their other high-profile product, Xmarks, is so horrible. They claim to be host-safe, though, and this may be true. Their security process seems flaky.


pass (aka zx2c4 pass) is the unixiest thing here; it GPG-encrypts everything in text files. There are plugins for its friendly open format for various browsers.

Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.

pass makes managing these individual password files extremely easy. All passwords live in ~/.password-store, and pass provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It’s capable of temporarily putting passwords on your clipboard and tracking password changes using git.

It’s disconcertingly freeform, but allows for integration, if you don’t mind using various less-scrutinized bits of code. Also it leaves various metadata (website URLs) in plain sight, which may or may not be what you expect from a confidential data manager.


Keepass/keepassx is the open source in-principle cross-platform one. Pronounced “Key-pass” or “Keep-ass” depending on whether it compiles successfully. Free, but makes up for it by being clunky and confusing, which is bad for something like password management. Also it was never so very cross-platform, and the ports to different platforms are balkanised and confusing. Doesn’t seem to have scheme for smoothly syncing passwords across devices, so you’ll have 50 different password files that you have in various stages of updateness. Moreover, one gets the feeling that although the various Keepass forks are somewhat interoperable, they kind of hate each other.

You can choose from, e.g.


There are now many others.

Generating passwords