 In this video I'm going to talk about the only password manager that ever matters and that is pass and it's the best not just because it is the most minimal and therefore most extensible and also full of, I mean, you know, devoid of junk, but it can also do things like OTP, one time passwords and two factor authentication. I don't use, I don't use a cell phone for that kind of stuff. Whenever, you know, that might be a big pain using OTP. If you don't use something like pass, it's very nice. You can, anyway, I'm just going to talk about, let's talk about pass. Okay, so pass is in basically every Linux repository. I also recommend you go ahead and get pass OTP if you want to do one time passwords. I'll explain doing both of them in this video. So pass is actually, it's really just a shell script if you look at it. It's not like a compiled binary. It's a very simple program. And it uses GPG. In order to use it, you have to have a GPG key pair. So in case you haven't generated one, let's generate one. So you want to run GPG full gen key. And when you run that, it's going to, it's going to bring up some stuff. It's not super important. This isn't so important for this video, but just mostly choose the default. So I'm going to choose the default here. I'm going to say 496 bits long. I'm going to say my key doesn't expire. I'm going to say yes to that. And you give it a real name. I'm going to say my name is Billy Smith. My email address is going to be Billy at larbs.xyz. And then doesn't really matter anything else. Just say okay. And it's going to ask you to secure your password with some kind of, or secure your key pair with some kind of password. And how this is going to work is you are going to basically, the pass is going to use GPG to encrypt all of your passwords. So only people with your GPG private key pair can view those. And of course, in normal circumstances, that is only going to be you ever. Okay. Never give anyone your GPG key pair, or well, give them your public key, not your private key, right? If they have your, your public key, we can actually GPGK and it will show you, oh, here we have this public key that we can give out to people. They can encrypt mail to you or anything else to you, but that's not important for this video. Let's talk about pass. Once we have a GPG key pair, we can run pass init and then give it the email address for your GPG key pair. Now, this does not have any notice that this address Billy at larbs.xyz does not actually exist. It's not, you want to choose an email address to identify yourself, but you're not logging in like the password I put in for it has nothing to do with your email password. Okay. Now, once I've in it, I've in nitted the pass, I can now store passwords and it's very simple. I can say this pass, add, let's add a password. Let's call it email. This is going to be the password for my email. And it's going to ask you to insert that. So I'm going to give the password I use for all of my email. Okay. So I've done that. Now that password is saved specifically pass uses GPG and encrypts it in a file in your home director in, you know, in a hidden directory on your home directory. So no one can see that no one can see it unless they have your private key. But if you have pass you can run pass and then email and it will show you your password. Now, of course, you have to unlock your GPG key pair. I will go ahead and say that I usually have this unlock by default. When I log in, you can set that up. If you look up Pam GNU PG, it will do it for you automatically. But in this case, I'm going to unlock it by putting in my GPG password, which in this case is password. And it shows you the text of your the password you saved in this in your email password. Right. So let's add another one. Let's say pass add my work pass this word. I don't know. So I'm going to just put in something here. Okay. So now we have another password saved. We can look at it by running pass and work and it will show me the text that I put in for that. Okay. So remember, although all of these passwords are now easily accessible, you can easily have them come up in scripts, but they're also secure. No one can get these passwords unless they have access to your home directory. They have access to your GPG key pair and they have your GPG key pairs password. Okay. All of them are now secured under one system. Now, if you just run pass or pass LS, it will just show you a list of all the passwords you have. Additionally, you can use this command pass menu. This is nice if you want to, you can bind this to a keyboard shortcut. You can put it somewhere else so you can insert a password. It uses D menu. You need D menu installed, but you should have D menu and it will give you a list of all the different passwords you've inserted in a D menu prompt. And you can start typing one in and select that and it will copy it to the clipboard. So I can then paste it in because it's now in my clipboard. I can paste it in any kind of browser or something like that. You can also use pass menu type and in that case it will type it out. Now, you might say, what's the difference between just running pass email and then selecting in the D menu prompt? Well, that's because the D menu prompt, of course, you can use it in your browser or something like that where you're not getting standard output in case that isn't obvious. So that is a nice way to keep your passwords nice and secure. Now, as I said, they are all encrypted with GPG, meaning that you're usually, I mean, when you log in, you'll have to give your GPG password or GPG key pair password and it will unlock all of these. I use PAM GNU PG. Look that up if you want. It automatically unlocks your key pair when you log in. So I don't have to worry about that little prompt that came up every once in a while. And if you rerun it every once in a while after a certain amount of time goes by, it'll come up again and you'll have to re-unlock it. All right. So the other thing I mentioned that pass can do that's very nice. Now, and I want you to go ahead and think about it if you haven't thought about it already. This is great because you can, since it is a command line application, you can also use it in a script. So this is what I use in like MUT wizard to secure people's passwords. It uses pass and so when they log in with their, they don't have to put in their email or their email password. It's automatically secured with pass when they send an email or something. They don't need to do that. So that's the nice thing about that. All right. So the other thing that it can do is let's say you have some kind of service where you have two-factor authentication. They want, they want you to have a one-time password where you log in with your password. But then they ask for some kind of pass, like some kind of six numbers that change ever so often. You've probably had to deal with this. Now, I've, excuse me, I've actually made a little QR code here and this is for a fake OTP. Usually what happens is they'll be like, okay, scan this QR code, use it on your Google cell phone application. And then you can log into our service extra secure. We don't need Google or cell phones for that. We can actually use pass if you have pass OTP installed. So let's deal with that. So let's say you have this image here and you download it on your computer. Now, first off, you can use the program Z bar MG to take that file and you can actually look at the content of that QR code. And the content of that QR code is something that looks like this. This is what like an OTP, you know, what an OTP sort of hidden password generator thing looks like. Now, obviously, this is one I just made up because it's like a bunch of A's. Normally it'll be a bunch of random letters here and you'll have like whatever services giving it to you, whatever you're trying to log in with. Sometimes it'll have your email or something else that identifies you. But this one, of course, is fake. But anyway, how do you integrate something like that into pass? It actually is not too difficult once you have pass OTP. First off, as I said, we will use, let me actually make this bigger. What you all you have to do is install pass OTP and say pass OTP add and then we'll give it a name. We'll say, I don't know what is this going to be? This is going to be my domain registrar. So we'll say registrar OTP. Okay. Then it's going to ask for a OTP password thing or the OTP thingy. I don't even know what it's officially called. But I'm going to copy this. You're only going to start right here and go on. I'm going to copy that, put it in there, put it in there again. Bam. So that's done. Now what is that done now? If I run pass registrar OTP, it's actually just going to spit out what I just gave it. But if you run OTP and then that, whatever it is, the name of the OTP password, it's actually going to give you your six number generator thingy, or the six numbers that it generates. And you'll notice as time goes on, it will change just like any other kind of OTP application. And that's how it's supposed to work. The nice thing about this is unlike your stupid applications on phones, this again is a command line application. So you can do something like put it in a script, log in remotely. What I actually have on my main log in where I actually have all my real passwords is I have a bunch of OTP things that I pipe in the D menu and I can select one and then it inserts the text or whatever. But as you see, oh, look at that. It keeps changing. It's magical. It works. So anyway, this has been passed. It is the only password manager, I think, that is worth using. I usually just memorize my passwords. But it's especially nice for being able to do things on the command line or using OTP. Now, if you want to talk about syncing them and other stuff like that, I don't do that. There are options for it, but I won't talk about it in this video. You'll have to stay tuned or something like that. But anyway, that's it. And I'll see you guys next time.