MCH2022

Gopass: a password manager in your terminal
2022-07-23, 18:00–21:00, Gear ⚙️

Gopass is a password manager based on PGP or age, that allows you to easily manage your passwords but also your team's passwords in a way that's fully transparent, easy to backup, easy to monitor and easy to use. It supports hardware tokens such as Yubikeys, it allows you to setup versioning using git easily and supports multiple "stores" from different remotes.
It integrates very nicely with a command line based approach and dmenu plus xdotools make it a breeze to use (unless you prefer to rely on the dedicated browser extension).


Gopass is a password manager based on PGP (or age), that allows you to easily manage your passwords but also your team's passwords in a way that's fully transparent, easy to backup, easy to monitor and easy to use. It supports hardware tokens such as Yubikeys, it allows you to setup versioning using git easily and supports multiple "stores" from different remotes.
It integrates very nicely with a command line based approach and dmenu plus xdotools make it a breeze to use (unless you prefer to rely on the dedicated browser extension).

In this workshop, we will walk through the "password issue", the hope for a better future and see what are our best options nowadays.

Finally, we will go through the setup of the password manager of your choice, I highly recommend choosing Gopass, learn about good practices with passwords and (if you brought yours) setup your password store using a hardware token if possible.

Bring you own laptop and a USB stick (for proper backup and recovery purposes). Notice that running Linux is the best way to fully benefit from Gopass, but MacOS and Windows are also (somewhat) supported. Please, if you have one (even already in use for something else), bring your Yubikey 4+ with you, since you can easily increase your password store's security using it.

You can also come if you'd like to enhance your existing password store setup, or if you need help migrating your existing password store over to Gopass.

Yolan is an applied cryptographer delving into (and dwelling on) cryptography, crypto coding, distributed systems and other fun things. He has notably spoken at Black Hat USA, BSidesLV, Cryptovillage, GopherConEU, Northsec and DEF CON, on topics including automation in cryptography, public keys vulnerabilities, elliptic curve crypto, post-quantum crypto, functional encryption, and more! He also presented at FDTC the first known practical fault attack against the EdDSA signature scheme.
Yolan tweets as @anomalroil.

This speaker also appears in: