111

Android "Password Store" client for pass discontinued (github.com)

submitted 2 days ago by pnutzh4x0r@lemmy.ndlug.org to c/opensource@lemmy.ml

27 comments fedilink hide all child comments

Over the past 3 years the pace of development in APS has steadily fallen off as maintainers including myself have moved on to other things. I no longer have time and motivation to dedicate to this project, and in the absence of significant external contributions there is no-one else I can offer the project's stewardship to.

To that effect, I will be archiving the repository on Monday, October 14th 2024 at 7AM GST. In the situation that a serious and viable fork emerges, I will help them as much as I can with the transition. The criteria for what counts as "serious and viable" is entirely vibes-driven for now, and may become more specific in the future. In case I determine that a fork does not live up to my made up standard, they will have to come up with a slightly more creative name than "Android Password Store" and watch low 4 figures of cash wither away in OpenCollective's bank account.

top 27 comments

sorted by: hot top controversial new old

[-] christ0st@lemm.ee 3 points 10 hours ago

I was using this app until I created a new gpg key and OpenKeychain did not work because of this https://github.com/open-keychain/open-keychain/issues/2886. I then installed password store inside tmux and I am using it as if I am using it from my PC. That works pretty well.

[-] unrushed233@lemmings.world 1 points 9 hours ago

Can CLI applications inside Termux interact with the Android clipboard?

[-] alper_celik@lemmy.world 37 points 2 days ago

Good thing i switched to selfhosted vaultwarden setup.

Sees bitwarden drama, Noooo😭

[-] emrsmsrli@lemmy.world 3 points 1 day ago

vaultwarden is perfectly fine. we just need to fund 3rd party clients for platforms. on android we already have keyguard, albeit it being only source available

[-] alper_celik@lemmy.world 1 points 13 hours ago

Yeah vaultwarden even has its own web interface so my passwords probably not going to locked behind priopority apps. İ think i will keep using it for a while at least.

[-] unrushed233@lemmings.world 2 points 20 hours ago

albeit it being only source available

Isn't that exactly why we need to leave the official Bitwarden client for something else?

[-] emrsmsrli@lemmy.world 3 points 10 hours ago

yup, my point was we need fully open source clients for all platforms

[-] Showroom7561@lemmy.ca 6 points 2 days ago

Yeah, with all the stuff going on with password managers, I wonder if there's a truly future-proof setup that can be self-hosted and will never have these issues.

I was a Keepass user many years ago, but I'm not confident that a Keepass-like system would work well with some very computer-illiterate family members. Bitwarden is hard enough to teach them, and it's one of the easy ones!

[-] pnutzh4x0r@lemmy.ndlug.org 23 points 2 days ago

This one hurts... as I use this as my password manager on mobile :{

[-] rymdlord@feddit.nu 3 points 9 hours ago

Can recommend KeypassDX you can download it from fdroid. It is compatible with KeepassXC

Anti Commercial AI thingy

CC BY-NC-SA 4.0

[-] ksynwa@lemmygrad.ml 4 points 2 days ago

what are you gonna do now? i might switch to keepassxc but i don't wanna learn new stuff.

[-] pnutzh4x0r@lemmy.ndlug.org 6 points 2 days ago

I'm not sure. As long as it keeps working, I'll probably keep using it until a viable alternative appears. I use my laptop more than my phone, so I don't actually need passwords on my phone as often.

[-] GolfNovemberUniform@lemmy.ml -1 points 2 days ago

Honestly we need to invent something better than password managers.

[-] unrushed233@lemmings.world 1 points 20 hours ago

We have USB/NFC hardware security tokens, as well as OS-integrated passkeys

[-] scott@lem.free.as 6 points 1 day ago

Webauthn already exists.

[-] ShortN0te@lemmy.ml 3 points 1 day ago

You still need to store those secrets. You would probably refer to a keychain but in the end it is still a password/secret manager.

And the current implementation is not really better, services like paypal still do not allow you to use a passkey on the desktop.

[-] toastal@lemmy.ml 2 points 1 day ago

This is more often 2FA & a password is still needed

[-] phase@lemmy.8th.world 1 points 1 day ago

Any self-hosted software to recommend?

[-] 2xsaiko@discuss.tchncs.de 1 points 1 day ago

Kanidm

[-] phase@lemmy.8th.world 2 points 1 day ago

Thx. Will check!

[-] ShortN0te@lemmy.ml 3 points 2 days ago* (last edited 2 days ago)

Best we have and probably will ever have on the current web. Not sure what the problem is with password managers?

[+] GolfNovemberUniform@lemmy.ml -6 points 2 days ago

Personally I would never trust an app to save and manage my passwords. There are a lot of risks with it. But I still think writing down passwords on a piece of paper and storing it in a physical safe when needed is the best approach so ik nobody will understand.

[-] ShortN0te@lemmy.ml 5 points 1 day ago

Differences in the thread model. And of course convince. How to you backup your paper regulary? How do you transfer it? What if you need to access a pasdword when you are not home?

Most ppl will just reuse or use very weak passwords when they have to write every password they have to enter.

[-] GolfNovemberUniform@lemmy.ml -4 points 1 day ago

Differences in the thread model.

Well yea people with the "I don't care. I just press the button and it always works" model do exist.

Most ppl will just reuse or use very weak passwords when they have to write every password they have to enter.

But browser cookies exist?

[-] ShortN0te@lemmy.ml 8 points 1 day ago

I know a lot of services that log you out regularly. Or need a password when you change settings or whatever.

Well yea people with the "I don't care. I just press the button and it always works" model do exist.

WTF no. Password managers are reasonable secure. That is no i don't care behavior.

And when you are worried about password managers you should not use cookies. Stealing a cookie is much more simple than stealing and encrypting your password safe.

[-] GolfNovemberUniform@lemmy.ml 1 points 1 day ago

I know a lot of services that log you out regularly. Or need a password when you change settings or whatever.

Ok that's true.

Stealing a cookie is much more simple than stealing and encrypting your password safe.

I didn't mean stealing. I meant losing passwords due to a system malfunction or losing the password for the manager. In that case you lose all your passwords in one moment. That's scary. Also the manager can become proprietary and leak the data to governments. Though in that case it's all about your trust to the manager.

[-] ShortN0te@lemmy.ml 2 points 1 day ago

That is why you use an open source manager. KeePassXC for example is not owned by a for-profit company.

Losing the container due to corruption disk failure etc can be easily managed with backups.

Losing the password. Yes this is a real valid scenario. I personally have no problem with that i manage fine for years without having to write it out on paper to backup it. A solution would be to actually write that password out somewhere and hide it/ put it into a safe. An attack then needs to attack both, depending if you use disk encryption it is easy to get access to the password safe or not. There are other things to consider, like you could try to hide it in a very long string of characters like 20 pages of random characters, even if you forget it you will be able to find it cause it is very likely that you remember a few characters.