This is a great article, it gives plenty of code examples and explains everything really nicely.
I'm new to Go but it seems like a really well thought out language that doesn't just cram features in there for the hell of it.
I suppose it just depends what you look for in a password manager. I tried lots of solutions from Last Pass, KeepassX to pass but i prefer the scriptability and portability of a command line based password manager and i'm not overly bothered about mobile and browser.
That's definitely a way of using it, another is to just manually type it in as you see it and clear the terminal buffer afterwards. If you do use your clipboard it does require a certain amount of due diligence in making sure you empty it afterwards if you're concerned about that as a security risk. It would be easy enough to create a simple script that could copy it to your clipboard and then clear the clipboard after a time delay.
It would be possible to construct an attack using Flash to access a users clipboard form a web browser.
I know a lot of people like to have browser plugins for password managers but i always feel uncomfortable using them because i don't understand enough about the technology to trust that it wont be vulnerable.
It would be easy enough to create a simple script that could copy it to
your clipboard and then clear the clipboard after a time delay.
pass [0] (see comment above [1]) claims to do that:
show [ --clip, -c ] pass-name
Decrypt and print a password named pass-name. If --clip or -c is specified,
do not print the password but instead copy the first line to the clipboard
using xclip(1) and then restore the clip‐board after 45 (or
PASSWORD_STORE_CLIP_TIME) seconds.
Clipboard integration probably isn't something i would look to add to passbox myself, but if someone can find a way to get it to work nicely cross platform and submit a PR then i would likely merge it.
Good shout, I've added it to the 'Similar Projects' section of the readme.
I had a play with 'pass' before but i wasn't keen on the way it splits the entries up into separate files which was one of the drivers for putting passbox together.
Is there a way to share passwords with passbox? pass lets you encrypt different files with different keys so it could potentially be used within an organization with varying levels of permission. Another advantage is that each password is just an encrypted file that could be read with just GPG if pass isn't installed.
Not really, i wanted this to just be a personal password manager and sharing passwords is mostly out of scope in that respect. Although there's nothing stopping you having multiple 'passbox.gpg' files of different names with different keys by manipulating the PASSBOX_LOCATION env variable within aliases or something like that.
You can still decrypt the file with just GPG if you wanted and modify the file in plain text. Passbox just acts as a layer on top of that to interrogate the encrypted GPG file.
I've been working for my current company who specializes in HR software for about 6 years now and from what i see both introspectively and from our clients, most communication issues are a result of a poor corporate structure and/or culture. Having a HR person/psychologist will likely only address the symptoms rather than the problem itself.
But i do totally see where you're coming from. I did a bit of side-study into psychology and it seems like business execs could benefit hugely from involving dedicated Psychologists into business decision making (including HR).
I usually find architecture problems to be the hardest to solve. The hardest one I've had to deal with is taking a legacy web application ~3 million lines of code and giving it some form of architecture so the product can have a sustainable future. Some of the issues included inline CSS styles, Core logic written in linear Classic ASP, ASP Web Forms written in a linear fashion and so on. As you can guess, what made it hard was trying to solve these issues without breaking anything, this is an obvious example of why automated testing and code quality are so important.
