When comparing Cockatoo vs pass, the Slant community recommends pass for most people. In the question“What is the best cross-platform password manager?” pass is ranked 3rd while Cockatoo is ranked 43rd. The most important reason people chose pass is:
As it has both Git support and encrypts passwords to GPG-encrypted text files, it is really simple to access everywhere. You can either use a self-hosted or a personal cloud hosted Git repository. It is automatically being kept up-to-date. Clients for pretty much everything and a really active community. Even if you can't run a client you will still be able to access the password by decrypting them from the Git store.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Simple password modifiers
Just two optional prefixes to adapt password to each site's complexity requirements
Pro Graphical input method as an option
Gestures allow to remember more with a way less effort
Pro Cross-platform solution
Available as an autonomous web-app + as an add-on for Chrome, Opera and Firefox (desktop and mobile)
Pro Free, open-source
Fully transparent code, which everybody can inspect thoroughly
Pro Industry-accepted hash function
It's based on the famous KDF "scrypt"
Pro No clouds, no vaults
All passwords can be cryptographically derived from a single secret gesture (or a master-password)
Pro Ultra portable
As it has both Git support and encrypts passwords to GPG-encrypted text files, it is really simple to access everywhere. You can either use a self-hosted or a personal cloud hosted Git repository. It is automatically being kept up-to-date. Clients for pretty much everything and a really active community. Even if you can't run a client you will still be able to access the password by decrypting them from the Git store.
Pro Free and open source
Pro Works in command line
And is basically just a bunch of GPG-encrypted files stored in a folder.
Pro Full control
You are not forced to rely on any other service provider than yourself. Like saving them on a remote server as in the case of LastPass. You don't have to extend your trust (to LastPass or any other provider).
Pro Has cross platform GUI clients
It has a Qt-based GUI, an Android and iOS app, a Firefox plugin, a Golang GUI app, an interactive CUI, a dmenu script, OS X integration, and also an Emacs package.
Pro Not using a database
It doesn't use a database like, for example, KeePass and thus doesn't open all passwords at once. Just one at a time.
Pro Scripts for importing passwords from different services
Pro Has git support
Pro Allows storing password history
You can version-control the encrypted files using Git, which allows you to track all changes done.
Pro Adheres to Unix philosophy
Does one thing and does it well.
Pro Uses standard components
As GPG and Git are widely used, it relies on thoroughly tested and secure functionality.
Pro Multi user suppport
You and your team can share a repo and different subtrees can be encrypted for different sets of GPG ids.
Pro Support for extra functionality via plugins
For example the plugin "pass-extension-tail" makes it possible to only display the non-password parts of a password file, like the username or the name of the service the password is needed for, and without showing the password.
Pro Minimal
It's very easy to understand what the program does, why it's doing it, and how it's secure.
Cons
Con Not super user friendly
Might be a little too low-level (even with GUIs) for some teams of users.
Con Exposes the names of the sites
By default each file is named 'google.com.gpg' - so someone who steals your password directory would know every site you have accounts on.
Can be mitigated with plugins like Tomb, but a noteworthy caveat.
Con Not hosted = not accessible
As everything is stored locally, there's no way to access your passwords while on public computers, etc. without exposing your private key to the world. You'll have to manually enter your passwords while looking at your phone, etc.
Con Not ideal if you have to use Windows
While windows clients technically exist, this program is quite obviously aimed at UNIX-like systems. If you have to use Windows (eg. for work) then it'll be difficult to get everything set up properly.