When comparing pass vs KeePassXC, the Slant community recommends KeePassXC for most people. In the question“What is the best cross-platform password manager?” KeePassXC is ranked 1st while pass is ranked 3rd. The most important reason people chose KeePassXC is:
Free. No hidden tracking. 100% Open Source.
Ranked in these QuestionsQuestion Ranking
Pro Works in command line
And is basically just a bunch of GPG-encrypted files stored in a folder.
Pro Free and open source
Pro Full control
You are not forced to rely on any other service provider than yourself. Like saving them on a remote server as in the case of LastPass. You don't have to extend your trust (to LastPass or any other provider).
Pro Ultra portable
As it has both Git support and encrypts passwords to GPG-encrypted text files, it is really simple to access everywhere. You can either use a self-hosted or a personal cloud hosted Git repository. It is automatically being kept up-to-date. Clients for pretty much everything and a really active community. Even if you can't run a client you will still be able to access the password by decrypting them from the Git store.
Pro Has cross platform GUI clients
It has a Qt-based GUI, an Android and iOS app, a Firefox plugin, a Golang GUI app, an interactive CUI, a dmenu script, OS X integration, and also an Emacs package.
Pro Not using a database
It doesn't use a database like, for example, KeePass and thus doesn't open all passwords at once. Just one at a time.
Pro Allows storing password history
You can version-control the encrypted files using Git, which allows you to track all changes done.
Pro Adheres to Unix philosophy
Does one thing and does it well.
Pro Uses standard components
As GPG and Git are widely used, it relies on thoroughly tested and secure functionality.
Pro Scripts for importing passwords from different services
Pro Multi user suppport
You and your team can share a repo and different subtrees can be encrypted for different sets of GPG ids.
Pro Support for extra functionality via plugins
For example the plugin "pass-extension-tail" makes it possible to only display the non-password parts of a password file, like the username or the name of the service the password is needed for, and without showing the password.
It's very easy to understand what the program does, why it's doing it, and how it's secure.
Pro Has git support
Pro It is free and open source
Free. No hidden tracking. 100% Open Source.
Pro Active development
Pro Cross platform autotype
Autotype available for all apps.
Pro Strong end-to-end Encryption
Zero-knowledge. Military-grade AES-256 & Argon 2 unbreakable encryption algorithms.
Pro New secure browser integration plugins
Official Browser plugins for Chrome, Firefox, Edge, Brave, Opera, Vivaldi and all other Chromium or Gecko based browsers.
Pro Passphrase generator
Pro Easy to use
It has a really clean looking design, unlike Keepass. Makes it really friendly to get into.
Pro Good UI
User-friendly and straightforward. Easy to use.
Pro Better than KeePassX
KeepassX discontinued in 2017.
Pro Support for time-based one-time passwords (TOTP)
Pro Stores passwords locally instead of in the cloud
Don't trust anyone.
Pro Support for adding/removing SSH keys in system key agent
Pro Import and export to different file formats
Pro Available web browser extension (keepassxc-browser)
Pro Outrageous better than some paid password managers
It has plenty tweaks which lets you feel under control of your data.
Pro Portable, Tails and Whonix come loaded with it too
The preferred choice of Qubes users as well. Long story short, it's no coincidence that every one of the Linux distros renowned for it's security and anonymity features comes standard with a massive neon, blinking arrow pointing right at this full-featured, OSS, cross-platform password manager. The Slant community even lauds it as the category's second-only to what is essentially a command-line tool with a title someone could have picked out of a random spoonful of alphabet soup. Approved for Ages 8-78!
Pro File attachments and custom attributes
Pro YubiKey challenge-response support
Pro Database reports (password health, HIBP, and statistics)
Pro KeeShare shared databases (import, export, and synchronize)
Con Not super user friendly
Might be a little too low-level (even with GUIs) for some teams of users.
Con Exposes the names of the sites
By default each file is named 'google.com.gpg' - so someone who steals your password directory would know every site you have accounts on.
Can be mitigated with plugins like Tomb, but a noteworthy caveat.
Con Not hosted = not accessible
As everything is stored locally, there's no way to access your passwords while on public computers, etc. without exposing your private key to the world. You'll have to manually enter your passwords while looking at your phone, etc.
Con Not ideal if you have to use Windows
While windows clients technically exist, this program is quite obviously aimed at UNIX-like systems. If you have to use Windows (eg. for work) then it'll be difficult to get everything set up properly.
Con No webapp for easy shared access
Con Dark theme on macOS needs some work
The tabs for multiple databases and about menus are unreadable in dark mode on macOS.
Con Qt dependency hell
Con Browser plugin doesn't always connect to KeepassXC on the first attempt
Restarting the Browser or restarting KeePassXC fixes the integration.
Enabling "Automatically reconnect to KeePassXC" option in KeepassXC Browser Extension fixes this problem permanently.