- what if some site has weird password requirements and the derived password doesn’t work
- what if a site gets hacked and you need to rotate one password.
If you have to store data per-site anyway because of those cases, may as well just store passwords. You can (and should) still generate extremely high entropy passwords.
Additionally, you can store other data for example one could have scans of important documents that are stored in Pass which means they are GPG encrypted and backed by a git repository so they are versioned and shared across multiple machines.
There is still no just-download clients for pass on mobile which I think is why it's not a good option
Why would you want to store arbitrary individual passwords instead of deriving them with on demand from the service name/domain and a common secret?
If you are doing that,
- what if some site has weird password requirements and the derived password doesn’t work
- what if a site gets hacked and you need to rotate one password.
If you have to store data per-site anyway because of those cases, may as well just store passwords. You can (and should) still generate extremely high entropy passwords.
Additionally, you can store other data for example one could have scans of important documents that are stored in Pass which means they are GPG encrypted and backed by a git repository so they are versioned and shared across multiple machines.
Because the former works with any site and circumstance and the latter does not.
If you are using age instead of GPG for encryption purposes, I've found this to be useful: https://github.com/FiloSottile/passage