Goodbye Dashlane, Hello pass: Why I Switched to the Unix Way

Dashlane has been my digital vault for years, a reliable keeper of countless passwords and sensitive notes. Its cross-device synchronization, intuitive interface, and integrated VPN are all handy features I've embraced. It was the easy button for password management, and in a world of security threats, simplicity is often the key to victory. But then I began to feel uneasy. The reliance on proprietary cloud services, occasional synchronization issues, and the “black box” feel of managing my most important data eventually led me to explore other options. My journey led me down another path, one less traveled by the average user, but one that offers a profound sense of control and simplicity: pass, the Unix password manager.

Cracks in Dashlane's armor

Dashlane, like many commercial password managers, operates on a “trust us” model. While their security protocols are undeniably robust, the very nature of centralized cloud storage of such sensitive information is eye-opening to the privacy-conscious. The data is encrypted, but the keys are managed by them. That's not to say Dashlane isn't secure. However, the principles of Least Privilege and Self Sovereignty began to resonate more strongly with me.

In addition, I occasionally encountered friction points. Synchronization between devices can be spotty at times, and it's frustrating when a needed password isn't immediately available. Bloated extras, while satisfying my needs, also annoyed me.

The Transition: A Curve Worth Learning

The transition from a polished GUI application like Dashlane to a command-line tool like pass is not a quick one. It involves learning basic GnuPG commands, understanding the fundamentals of Git, and adapting to different workflows. However, the initial investment in learning paid off handsomely in the long run. The process forced me to understand the basic mechanics of encryption and data management, and gave me a deeper appreciation for security principles.

For those considering the switch, here is a simplified overview of the `pass' workflow:

1. Install pass and GnuPG: easily accomplished through the distribution's package manager.

    sudo apt install gnupg
    sudo apt install pass
   

   

2. Generate the GnuPG key: This will be your master key for encrypting and decrypting passwords.

   To initialize GPG and create a new key pair:

    gpg --full-generate-key
   

   

   While generating the gpg key, you can set key type, key size, and key expiration. GPG offers options like RSA, DSA, or ECC (Elliptic Curve), but RSA is the most common.

   ECC provides the same or even stronger cryptographic strength with significantly smaller key lengths compared to RSA.

   Similarly, key size determines how difficult it is to break your key using brute force. You can set key expiration so that it would expire after certain days, weeks, months or years.

3. Initialize pass: pass init <your-gpg-id>. This will set up your password storage area.

    # replace personal with your gpg-id 
    # As shown in the next screenshot, you can get list of gpg-id with the command
    # The GPG key ID is the part after rsa4096/
    gpg --list-secret-keys --keyid-format=long
   
    pass init personal
   

4. Add new password: pass generate path/to/service/password 20 (generates a 20-character password).

    pass generate mail/primary
   
    # To generate password of length 15
    pass generate mail/secondary 15
   

   

5. Sync (optional but recommended): Initialize the password repository as a Git repository and push it to a private remote.

    cd ~/.password-store
   
    git init 
    git remote add origin git@github.com:yourusername/private-pass-store.git
    git add .
    git commit -m "sync password store"
    git push -u origin master
   

6. Install qtpass(optional): qtpass is a gui based application for users who prefer a graphical interface. Install it with:

    sudo apt install -y qtpass
   

   

Beyond Passwords: Switching mindsets

My switch to pass was not just a switch to a password manager, but a shift to a more **Unix-centric mindset. It's about preferring simple, powerful tools that do one thing well and can be combined to accomplish complex tasks. It's about owning your data and knowing how to protect it.

While pass may not be for everyone, especially those who prefer a graphical interface with minimal settings, it is a truly liberating experience for anyone who values transparency, control and the elegance of command lines. Goodbye Dashlane, hello pass - it's been a pleasure managing my digital life the Unix way.