Browserpass is a Chrome & Firefox extension for zx2c4's pass, a UNIX based password manager. It retrieves your decrypted passwords for the current domain and allows you to auto-fill login forms. If you have multiple logins for the current site, the extension shows you a list of usernames to choose from.
It uses a native binary written in Golang to do the interfacing with your password store. Secure communication between the binary and the browser extension is handled through native messaging.
- A recent version of Chrome, Chromium or Firefox 50+.
- Pass (on UNIX)
- Your password filename must match your username or your file must have a line starting with
login:,user:orusername:, followed by your username.
Examples
$ pass website.com/johndoe
the-password
$ pass website.com
the-password
login: johndoeStart out by downloading the latest release package for your operating system. Prebuilt binaries for 64-bit OSX & Linux and Windows are available. Arch users can install browserpass from the AUR.
All release files are signed with this PGP key. To verify the signature of a given file, use $ gpg --verify <file>.sig
- Extract the package to where you would like to have the binary.
- Run
./install.sh(.\install.ps1on Windows) to install the native messaging host. If you want a system-wide installation, run the script withsudo. For Windows, system-wide installation can be done by running.\install.ps1as Administrator and specifying "yes" at the "Install for all users?" prompt.
Installing the binary & registering it with your browser through the installation script is required to allow the browser extension to talk to the local binary application.
You can either install the Chrome extension from the Chrome Web Store or drag the chrome-browserpass.crx file from the release package into the Chrome Extensions (chrome://extensions) page.
You can install the Firefox extension from the Mozilla add-ons site. Please note that you will need Firefox 50 or higher.
Click the lock icon or use Ctrl+Shift+L to fill & submit your login info for the current site.
- Chrome allows changing the shortcut via chrome://extensions > Keyboard shortcuts.
- Firefox unfortunately does not allow changing the default shortcut.
- Firefox supports the keyboard shortcut only since version 53.
Browserpass aims to protect your passwords and computer from malicious or fraudulent websites.
- To protect against phishing, only passwords matching the origin hostname are suggested or selected without an explicit search term.
- To minimize attack surface, the website is not allowed to trigger any extension action without user invocation.
- Only data from the selected password is made available to the website.
- Given full control of the non-native component of the extension, the attacker can extract passwords stored in the configured repository, but can not obtain files elsewhere on the filesystem or reach code execution.
Check out Contributing.
MIT Licensed.