Password management

Don’t re-use passwords; that would be stupid. Don’t try to remember many passwords; that would be hard. Use a password manager, which remembers many passwords for you. Now you only need one password, for the password manager.

Is it not clear how that would work? Here, read a helpful intro to password managers from Mozilla.

See? The solution is easy because we’re in the future and there are many options, free ones even, to synchronise passwords across your computing platforms… The main difficulty is choosing which option, because there are annoyingly many.

Also how to sync passwords. Some people regard syncing passwords over the internet as a bug not a feature, because it is more secure than keeping all your passwords on one computer and using that for everything. Maybe if I were a secret agent I woudl keep one computers with special ultra-secret passwords on it alone, and also hope that the computer never broke or was stolen or lost. But I am a normal person operating in the 21st century. I need to use many different computers and OSes to get through the day, and 1/3 of my things are broken most of the time. I am prepared to pay a cost in security to use a password manger that syncs across the computers, so that I actually use it.

Built-in password management in your OS.

Works fine but syncing across devices usually involves entrusting yourself to their cloud infrastructure, and usually doesn’t work across platforms, e.g from Windows to Linux to macOS to android and back. So if you are stuck to just e.g. Windows or whatever this might be advisable. This doesn’t work for me.


Enpass is similar to bitwarden. It seems to support every known platform, browser, desktop and mobile, plus is open source (note sure about the mobile apps). It shares password, if at all, by file syncing. The upsell is on mobile apps which only handle a small number of password per default.

It is also the solution endorsed by my employer.


I had not heard of Bitwarden but it looks interesting. It seems to support every known platform, browser, desktop and mobile, plus is open source and hosting is available cheaply. It also provides encrypted file sync in which regard it resembles keybase and has many team-sharing options.

Here is a review of unscrutinised bias.

sudo snap install bitwarden
brew install --cask bitwarden
# etc


1password: (Mac/Windows/iOS/Android) Closed source, so who knows if it works? It’s Canadian, which is an awful jurisdiction. Shiny. Has smartarse features such as not disclosing your secrets under duress in the airport, a.k.a. “Travel mode”, a.k.a rubber hose for normal people. Has a CLI.


dashlane: seems to be more or less the same as 1password, but French (?). I am not expert enough to know if this is jurisdictionally more, or less, suspect than the American and Canadian options. However the software looks functional and good and so forth.


lastpass runs on every platform, browsers, phones, Linux, Windows, Mac. The product is closed-source and inscrutable and they have headquarters in the USA, so they have limited ability to resist pressure from casual data harvesting from the American spook apparatus. Also I don’t really trust this company, since their other high-profile product, Xmarks, is so horrible. They claim to be host-safe, though, and this may be true. Their security process seems flaky.


pass (aka zx2c4 pass) is the unixiest thing here; it GPG-encrypts everything in text files. There are plugins for its friendly open format for various browsers.

Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.

pass makes managing these individual password files extremely easy. All passwords live in ~/.password-store, and pass provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It’s capable of temporarily putting passwords on your clipboard and tracking password changes using git.

It’s disconcertingly freeform, but allows for integration, if you don’t mind using various less-scrutinized bits of code. Also it leaves various metadata (website URLs) in plain sight, which may or may not be what you expect from a confidential data manager.


Keepass (.NET) a.k.a. keepassx (Qt), is a cult open source in-principle cross-platform ecology of database standards and contending implementaitons thereof. Pronounced “Key-pass” or “Keep-ass” depending on whether it compiles successfully. Free, but makes up for it by being clunky and confusing, which is bad for something like password management. Also it was never so very cross-platform, and the ports to different platforms are balkanised and confusing. Doesn’t seem to have scheme for smoothly syncing passwords across devices, so you’ll have 50 different password files that you have in various stages of updateness, unless you happen to only ever use one computer to log in to things because you are a time traveller from 1994.

Within a single platform you can still have multiple different front- and backends to the keepass databse. One gets the feeling that although the various Keepass forks are somewhat interoperable, they kind of hate each other.

You can choose from, e.g.

  • keepassc terminal-based keepass client written in python, which means you can access it cross-platform on your desktop but good luck with integrating into your phone

  • Lester Hightower’s kpcli is command line interface to work with KeePass 1.x or 2.x database files, written in Perl Seems, FWIW, to have a thoughtful interface philosophy, and feels like pass, above.

  • rust-keepass rewrites keepass in rust, which is a language designed to be more secure and useful for things like password managers. More secure still would be if it ran on all your devices so that you actually used it, or if it was actively developed.

  • macpass is a Mac keepass. But is it the uncontroversially best mac version, or are there fork wars? Guess.

  • etc


Mozilla’s Lockbox is a recent entrant. Syncs between mobile and desktop Firefox browsers. Open source. Open SDK. Sadly it doesn’t have strong import/export abilities, which makes it hard for me to actually try.


There are now many others.

  • encryptr, the spideroak one. Open source, runs everywhere as a javascript app
  • keeper also offers a Linux client for their encrypted cloud password whodangle
  • roboform is the oldest one here I think, (1999!), and does Linux and everything else.
  • password safe (open source) has Bruce Schneier branding. It has many ports to every conceivable platform. It doesn’t seem to have a strategy for synchronising between devices, which they regard as a feature, but that may be a problem if you have both a phone and a laptop.
  • passopolis is an open source client/server browser-extension-based password thing.

Generating passwords