 One of the biggest things you can do in terms of internet security is to make sure that you have a unique password for every single service that you use. It needs to be a strong and complicated password. So it doesn't need to be pass one, two, three, four. Don't use passwords like that. It needs to be upper and lowercase letters, special characters, and you know, a sizable length. And of course, it needs to be unique, meaning you only use that password for that service. That way, if that service is ever hacked, they can't then guess your password for other services you use by using that same password. So that's one of the easiest ways for you to get, you know, all of your accounts hacked is to use the same password for all of your accounts. Don't do that. Everything needs to have its own unique password. And don't store it the way I know a lot of my family members store their passwords because I've seen this. They just write it down in a notepad. Keep it next to the computer, right? Don't write it down. Don't write it down and then keep that note at the computer desk that that computer is sitting on. That's very dangerous. Don't, you know, stick the note up under the keyboard or behind the monitor or wherever it is that you think it's hidden. You know, that's not really secure. So obviously use a password manager. And people often ask me what password manager I use. I've done a video on the password manager I use a while back. It's the standard Unix password manager, which is simply the pass command. I did a video on it. I want to say about three years ago past the standard Unix password manager, you can still watch that video. It's still relevant information. It's just getting up and running with pass rather quickly. Now, the reason I don't talk about the pass command that often, even though I love it, I've been using it for years and I will continue to use it. I know most people, it's not the program for them. Most people are used to using internet services to manage their passwords. They're used to using things like LastPass and Bitwarden and services like that. I don't want to use something like that, though, because to me that seems dangerous because LastPass, say you're using LastPass and they're hosting all of your passwords, right? They're storing them. Say one day somebody hacks LastPass and then is able to decrypt all those passwords. Well, then, you know, I don't want to have to deal with a headache like that, right? Because LastPass is a huge target. People are trying to get those passwords. One day somebody will compromise LastPass. It's an almost certainty, right? So I host my own password database on my computer. Nobody's trying to hack my computer because I'm not that important, right? I mean, who really wants my Mastodon password and my Reddit password and things like that, right? I'm not that big of a target for hackers, but LastPass and Bitwarden and things like that, yeah, they're a huge target. One day they will be compromised and I just don't want to be a part of that. So I just manage passwords myself. And if you guys want to see Pass in action here, let me switch to this desktop and let me open a terminal and zoom in. Clear the screen. So when you install Pass, if you're on Debian or Ubuntu, install Pass on ArchSudu Pac-Man dash capital S Pass. It's just the standard password store. I think on Solus, I think it's actually password dash stores. The name of the package. Check with your distribution on the names. On most distributions, though, it's just Pass, P-A-S-S. And what you do is you create a password store by doing Pass and yet I've already got one. And then if I do a CD into password dash store, this is actually the store it creates on the Pass and yet. And there are all of my passwords GPG encrypted. You can't actually read them, how you read them. If you wanted to read them, let me clear the screen here as you would do Pass and then name of, you know, service or whatever. So if I needed my password for, I don't know, Netflix, for example, I do Pass, Netflix, and then the output in the terminal would be the password. Now, I mentioned earlier, you do need GPG keys to decrypt these passwords. The GPG keys are stored in a hidden folder in your home directory at .gnupg. Also, when you first initialize Pass, it asks you for a master password, right? And that one needs to be something you can remember. It doesn't need to be something that you'll forget. It needs to be a password you will always remember. That's the master password. So anytime I do something like Pass YouTube to get my YouTube password, right? A little pop-up window is going to appear and it's going to ask for my master password. You enter that and then it gives you the YouTube password, for example. The cool thing with Pass is that it's very extensible. So there's a lot of extra third-party programs that people have created to work with Pass. If I scroll down, you see there's a lot of extra scripts and a lot of random clients, you know, depending on operating systems that you run. There's actually an Android app, an iOS app. I've never actually tried the mobile app, so I don't know too much about them, but I do know that Pass is built into D-Menu. And that's one of the really cool things about both Pass and D-Menu is that they work together. I actually never use command line Pass. I never go to a terminal and type Pass, name of service or whatever, because I just do everything with D-Menu. Let me show you this in action. So if I, well, let me launch it with the command is PassMenu. PassMenu is a D-Menu script that retrieves, you know, your passwords. I actually have that hotkeyed in my X-Monad configure that is PassMenu again. It's just, I've got a key binding for it. Now you will also notice that there is an X-Monad prompt for Pass, so it's similar to the D-Menu script, PassMenu, except it's built into X-Monad. It works exactly the same way. I don't have it available for me at the moment, but it would look and function exactly like D-Menu just did. It would, you know, just give you a list of your password store entries and just type one or click one and it retrieves that password. And in D-Menu and in the X-Monad prompt, how it retrieves those passwords, it copies it to the clipboard. So it'll copy it to the clipboard. It's not there permanently. You only have about 30 seconds to do something with that clipboard entry. So, you know, if I do, you know, maybe I want my password for DistroToot, which is my Mastodon instance and I hit enter right now. It's going to ask for my master passphrase. I'm not going to enter that. But what it would do is it would then copy my Mastodon password to the clipboard and I have 30 seconds to do something with that. And the reason it doesn't store it in the clipboard, you know, forever, you know, just a few seconds. It's for security reasons, obviously, because if it's just stored in your clipboard manager, you know, you step away from your computer, you know, an hour later, somebody could come by your computer and then click on your clipboard manager and there's a password, you know, sitting there. I wonder what that's to, you know, so that's for security reasons why it's on a timer. Other than with D-Menu and X-Monad prompts, those of you that use Rofi pass also has a Rofi script. So I found Rofi-Pass over on GitHub. All I did was clone this repository and in this repository, there's a script called Rofi-Pass. If you guys want to see this in action, I do have Rofi installed on my computer. So let me CD into Rofi-Pass, which is the cloned repository. And in here there is a script called Rofi-Pass. And if I run it, it's very similar to the D-Menu script, right? It just gives me a list of all my password store entries and I just search for one click in there and it will give me the password stored in the clipboard. One of the really cool things is that the password store guys also support Emacs and they actually wrote an Emacs extension. This is actually part of the password store repository is password-store.el. It's an Emacs Lisp script. So you can get your passwords from the password store inside Emacs. I don't typically use this. I have played with it and I know it works. If I did a metaX and did password-store-generate was the first entry there. What that would do is that would generate a new password entry. So I'd give it a name of an entry and then I'd enter a password to get your passwords. I believe it is password-store-url. Browse URL stored in entry. So that would be the one you would do. And of course you have password-store-remove, password-store-insert, password-store-edit, et cetera. I typically don't use pass inside Emacs. Actually I don't use pass anywhere other than in Dmenu because really because I have the Dmenu script, pass menu. That's the only way to retrieve a password. It just works everywhere. Of course Dmenu works with any desktop environment and window manager. So I've always got Dmenu at hand. In years past I have played around with some browser plug-in and I have played around with Firefox plug-ins that worked with the pass command. There is also a Chrome extension called BrowserPass. I think BrowserPass actually works in both Chrome and Firefox-based browsers. So I could probably add this to Brave, for example. And what it does is when you go to a website that you have to enter a password, for example, they've got the screenshot of GitHub. What it will do is this little pop-up will appear and it'll ask you, do you want to retrieve that password from pass? And then, of course, once it retrieves it, it's going to be similar to like pass menu and all the Rofi pass menu and everything where it stores that temporarily in a clipboard and then you, of course, can just paste it into the form. And although I've used those browser plug-ins for me now because I use the Dmenu script, Dmenu just kind of replaces all of that stuff. But again, I know this is a little nerdy. This is a weird way to manage your passwords and how do you sync from one computer to another? Of course, I store my password store on my next cloud. That way I can log in to my next cloud from any computer and then grab my password store and put it on that computer. If it's a computer that's for me, for example. The only thing is my GPG key. I've got to make sure I take my GPG key with me. I don't have access to it yet. So that's the only kind of inconvenient thing. And I know a lot of you mobile users would hate something like pass. But typically, I mean, when's the last time you entered a password for something on your phone? I never enter passwords for anything on my phone. Typically, when you enter a password on a phone, it saves it anyway. It's the only time you ever need that password. It's different like on an actual computer where I'm constantly being asked for a password. Like every time I go to certain services, it doesn't save it. I have to enter it. And even if it did save it because of how convenient pass is, I don't want it to save my password in the browser, for example. Because pass makes it so easy to quickly retrieve that password just for security reasons. I don't mind going and grabbing it and having to enter it every time I go to some of these sites. So that's just a little bit of an update on my thoughts about using pass now that I've been using it for a while. Probably the biggest reason I like it is because it's simple and they call it the Unix password store. What I really like about it is it really does follow the Unix philosophy. Now before I go, I need to thank a few special people. I need to thank the producers of this episode. Apsie Dallas Gay, Blue Mitchell, Sandor Allen, Akami Archvita, 30 Chuck, David the Other, David Dillon, Gregory Lewis, Orion, Paul, Polytech, Scott, Steven Smith, Wes and Willie, a couple of new names there. And I've probably messed up one or two. But I appreciate these guys. These are my highest tiered patrons over on Patreon without these guys. This episode you just watched would not have been possible. The show is also brought to you by each and every one of these ladies and gentlemen as well. These are all my supporters over on Patreon because without you guys, I couldn't do what I do. I don't have any corporate sponsors. I'm sponsored by you guys, the community. If you'd like to help me out, look for DistroTube over on Patreon. All right, guys. Peace.