Add to Chrome
Add to Edge
Add to Firefox
Add to Opera
Add to Brave
Add to SafariWhen comparing pass vs PassPilot.com, the Slant community recommends pass for most people. In the question“What are the best offline password managers?” pass is ranked 9th while PassPilot.com is ranked 37th. The most important reason people chose pass is:
As it has both Git support and encrypts passwords to GPG-encrypted text files, it is really simple to access everywhere. You can either use a self-hosted or a personal cloud hosted Git repository. It is automatically being kept up-to-date. Clients for pretty much everything and a really active community. Even if you can't run a client you will still be able to access the password by decrypting them from the Git store.
Specs
Question Ranking
Pros
Pro Ultra portable
As it has both Git support and encrypts passwords to GPG-encrypted text files, it is really simple to access everywhere. You can either use a self-hosted or a personal cloud hosted Git repository. It is automatically being kept up-to-date. Clients for pretty much everything and a really active community. Even if you can't run a client you will still be able to access the password by decrypting them from the Git store.
Pro Free and open source
Pro Works in command line
And is basically just a bunch of GPG-encrypted files stored in a folder.
Pro Full control
You are not forced to rely on any other service provider than yourself. Like saving them on a remote server as in the case of LastPass. You don't have to extend your trust (to LastPass or any other provider).
Pro Has cross platform GUI clients
It has a Qt-based GUI, an Android and iOS app, a Firefox plugin, a Golang GUI app, an interactive CUI, a dmenu script, OS X integration, and also an Emacs package.
Pro Not using a database
It doesn't use a database like, for example, KeePass and thus doesn't open all passwords at once. Just one at a time.
Pro Scripts for importing passwords from different services
Pro Has git support
Pro Allows storing password history
You can version-control the encrypted files using Git, which allows you to track all changes done.
Pro Adheres to Unix philosophy
Does one thing and does it well.
Pro Uses standard components
As GPG and Git are widely used, it relies on thoroughly tested and secure functionality.
Pro Multi user suppport
You and your team can share a repo and different subtrees can be encrypted for different sets of GPG ids.
Pro Support for extra functionality via plugins
For example the plugin "pass-extension-tail" makes it possible to only display the non-password parts of a password file, like the username or the name of the service the password is needed for, and without showing the password.
Pro Minimal
It's very easy to understand what the program does, why it's doing it, and how it's secure.
Pro Free
100% free, with no ads of course.
Pro Source code of the application is publicly available
Anyone with good knowledge of JavaScript can review the code (nothing is compiled).
Pro Two language versions
Available in English and Polish.
Pro Two color schemes
Pro Contains strong password generator
Pro Off the grid
Probably the best feature of this application is that you can save everything to a single file and use the application offline (every offline feature is available including adding new records), no limits, no ads, for free, forever! Keep it on a flash drive, local drive or any cloud storage of your choice.
Pro Client side encryption
No one will ever know your password which is also never sent anywhere (encryption takes place in your browser). You are double protected as encrypted vault is sent over encrypted SSL connection.
Pro Strong client side AES encryption (256bits)
Using the Stanford Javascript Crypto Library (SJCL).
Cons
Con Not super user friendly
Might be a little too low-level (even with GUIs) for some teams of users.
Con Exposes the names of the sites
By default each file is named 'google.com.gpg' - so someone who steals your password directory would know every site you have accounts on.
Can be mitigated with plugins like Tomb, but a noteworthy caveat.
Con Not hosted = not accessible
As everything is stored locally, there's no way to access your passwords while on public computers, etc. without exposing your private key to the world. You'll have to manually enter your passwords while looking at your phone, etc.
Con Not ideal if you have to use Windows
While windows clients technically exist, this program is quite obviously aimed at UNIX-like systems. If you have to use Windows (eg. for work) then it'll be difficult to get everything set up properly.
Con No webapp for easy shared access
Con No browser integration (no autofill)
