Password managers are used to keep all your passwords safe. They store and manage all your passwords, so you don’t need to try to memorize a bunch of unique, complex passwords for all of your personal and work accounts. You only need to remember one password, the one to your password manager. They can generate complex passwords for you. You can also set your password manager to log in to sites automatically.
There are many password managers and not all password managers are created equal:
Virtual keyboards may be used in some cases to reduce the risk of keystroke logging. Keystroke logging is the act of recording key presses on a keyboard.
Pass is a simple, lightweight, command-line password manager built with the Unix philosophy in mind. It keeps passwords inside gpg2 encrypted files inside a tree residing at ~/.password-store. It maybe the only free password manager you’ll need.
If you don’t like the terminal, QtPass is a multi-platform GUI for pass.
You should also install pass-otp, a pass extension for managing one-time-password (OTP) tokens
> gpg --list-secret-keys --keyid-format LONG
~/.gnupg/pubring.kbx
---------------------------------
sec rsa3072/YOUR_KEY_ID 2022-05-17 [SC]
04FA2365C1C45DA77CC34611YOUR_KEY_ID
uid [ultimate] YourName <YourEmail>
ssb rsa3072/D8E947D170DF786E 2022-05-17 [E]
user@pc:~$ pacman -S zbar pass-otp # ZBar Bar Code Reader is an open source software suite for reading bar codes
user@pc:~$ zbarimg -q GoogleQR.png # It scans a QR code using the zbarimg command.
QR-Code:otpauth://totp/ServiceName%3userName%40gmail.com?secret=XXXXXXXXXXXXXXXXXXXXXX&issuer=ServiceName # The URL starts with otpauth://totp/, which indicates it’s related to two-factor authentication (2FA) using time-based one-time passwords (TOTP).
user@pc:~$ pass otp add googleotp # Add an OTP entry named googleotp
Enter otpauth:// URI for googleotp: otpauth://totp/ServiceName%3userName%40gmail.com?secret=XXXXXXXXXXXXXXXXXXXXXX&issuer=ServiceName # You're prompted to enter the outpauth:// URI for this entry, which matches the decoded QR code data.
Retype otpauth:// URI for googleotp: otpauth://totp/ServiceName%3userName%40gmail.com?secret=XXXXXXXXXXXXXXXXXXXXXX&issuer=ServiceName
user@pc:~$ pass otp googleotp # Retrieve the OTP for googleotp. The OTP generated by your authenticator app (such as Google Authenticator) will match the one you’ve retrieved using pass otp googleotp.
123456
> pass find amazon
Search Terms: amazon
└── Root
├── Ocio
│ └── amazon.es
bindsym $mod+Shift+y exec rofi-pass
gpg --export-secret-keys <KEY_ID> > my_private_key.asc
gpg --import my_private_key.asc
[···]
auth optional pam_gnupg.so store-only
# It specifies that the pam-gnupg module should be invoked during the authentication process. It allows gpg-agent to unlock your GnuPG keys using your login password.
session optional pam_gnupg.so
# It specifies that the pam-gnupg module should be invoked during the session setup.
default-cache-ttl 3600 # This line sets the default cache time-to-live (TTL) for cached passphrases to 3600 seconds (1 hour). Once you enter your passphrase to unlock your GPG key, it will be cached by gpg-agent for this duration before it expires and requires you to re-enter the passphrase.
max-cache-ttl 86400 # Set max-cache-ttl 86400 to expire after a day.
allow-preset-passphrase
user@pc:~$ gpg -K --with-keygrip # Run the following command to get the keygrip for the encryption subkey
sec ed25519 2024-04-09 [SC]
A4E6D6E7387899BDDDDDD8E8F0FEB0
Keygrip = 0D14202636454856616189A690F25D
uid [ultimate] Máximo Núñez Alarcón
ssb cv25519 2024-04-09 [E]
Keygrip = 01203A3A0E425658626B70898FE4E9E9F0F19B
PAM_GNUPG_KEYGRIPS=YOUR_KEYGRIP_HERE
keygrip1
keygrip2
Trouble shooting: The XDG_CONFIG_HOME environment variable plays a crucial role in determining where user-specific configuration files should be stored. Edit ~/.bashrc or ~/.zshrc and add: ~/.bashrc or ~/.zshrc. Create Configuration Directory for pam-gnupg: mkdir -p $XDG_CONFIG_HOME/pam-gnupg.
Create a private repository. Create a new repository. Repository name: pass. Visibility level: Private.
Initialize it locally: pass git init
Add the remote origin:
pass git remote add origin https://github.com/nmaximo7/pass.git
Push your pass store to the remote repository: pass git push -u –all. Username: yourUserName. Password: yourPersonalAccessToken. You need to have or create a personal access token (PAT).
Biography: Guia completa pass, lignux.com, Arch wiki, pass
Visudo. It is a command-line utility that allows editing the sudo configuration file in a fail-safe manner. You can add a line to allow your user to run any command without a password: yourusername ALL=(ALL) NOPASSWD: ALL
KeePassXC is a free cross-platform password manager.
If this is not possible, you can always take a screenshot and use a QR scanner app or zbar. ZBar is an open source software suite for reading bar codes from various sources.
# Arch
sudo pacman -S zbar # 1. Install the zbar package (Arch). sudo apt-get install zbar-tools (Ubuntu, Debian, or similar)
zbarimg $ ~/codigoqr.png # 2. Decode the QR code (You need to screenshot it and save it to your computer)
You will get something like:
QR-Code:otpauth://totp/Google%3Anmaximo7%40gmail.com?secret=THIS-IS-YOUR-TOTP-CODE&issuer=Google
# NIXOS
nix-shell -p zbar
zbarimg /home/nmaximo7/Dropbox/code.png
You will get something like:
QR-Code:otpauth://totp/Google%3Anmaximo7%40gmail.com?secret=THIS-IS-YOUR-TOTP-CODE&issuer=Google
Right-click on any entry, TOTP, Set up TOTP and copy the TOTP code (.