[pass] Password age report
emilecantin at gmail.com
Wed Aug 31 17:53:25 CEST 2016
I currently sign my git commits, but signing the original files would be
even better, I guess. It always felt weird for me that I was able to write
to the store without my secret key.
Le mer. 31 août 2016 à 11:48, Brian Candler <b.candler at pobox.com> a écrit :
> On 31/08/2016 16:43, Emile Cantin wrote:
> In light of the recent Dropbox leak, I wanted to know how old my password
> was, and perhaps if I had any other old passwords that would be due for a
> rotation. I don't think I can rely on the last modification date on the
> files, as a fresh clone of my repo would have today's date, even if the
> file was last modified in my repo in 2012. I looked into how to do this
> with Git, but it's pretty ungainly:
> Keepass has an "expiration date" field which you can set when generating a
> password, and it appears in a different color in the list when expired.
> I think password age is a relevant metric for a password manager, but pass
> doesn't currently offer any visibility into this.
> What do you think?
> This is (another) reason why it would be good if pass were to sign its GPG
> files. The signature includes a timestamp.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Password-Store