If you use an online cloud-based password manager (E.G., #LastPass, #1Password, #Bitwarden, #Dashlane, etc.) how concerned are you about supply chain attacks?
Ⓥ
(he/him) @chiraag@mastodon.online@atoponce I use Password Store for a few reasons:
1. I *know* that all encryption happens locally.
2. I *know* that every decryption requires 2FA or access to our desktop (all mobile access requires my Yubikey for decryption).
3. What is uploaded is extremely clear (because I can just go to my private Gitlab repo and see which files are there and how they are stored).
Nothing else provides this level of transparency.
passwordstore.orgPass: The Standard Unix Password ManagerPass is the standard unix password manager, a lightweight password manager that uses GPG and Git for Linux, BSD, and Mac OS X.