Since I started using my #Librem5 the usage of my passwords and one time passwords changed: I'm using the L5 in docked mode, also.

This makes it unusable as a 2nd factor for logging in to e.g. source.puri.sm or sourcehut, because the 2nd factor shouldn't live on the same device that I'm logging into from.

Another problem is that I have to sync my passwords.

I started using pass and migrated passwords from Firefox and Password Safe to it using an extension called pass-import that easily read the exported passwords into the new password store.

In Firefox I installed the add-on PassFF along with the component that needs to be installed in the underlying system.

I already like it more than the build-in Firefox password store.

Pass offers functionality to sync the gpg encrypted content of the password store with a git repository to make the passwords available on different devices.

To use this I set up a #gitea on my #yunohost and with some basic git knowledge it's easy to push and pull the passwords from a private repo.

The problem of my missing 2nd factor I could solve by using the #LibremKey (which is a special version of a #nitrokey) to generate the one time passwords.

There's still some work to do to get that all from my notebook onto the Librem5, but I can already open my password store on the phone and sync it from and to my repo.

Todo:

• write about using pass with the LibremKey/nitrokey
• write about pass-tomb, problems using ext4 and why btrfs proved to be the better choice
• try the nitrokey application on the Librem5
• try PassFF in Firefox on the Librem5
• find a way to make pass and gpg use the LibremKey on the Librem5 (the phone has a built-in smartcard reader loaded with an openpgp smartcard. Having two readers and two openpgp smartcards seems not to be supported very well by gpg 2.2.x)
• write about how the above worked

Any comments, help (especially on using gpg with two readers and two smartcards available) and questions are welcome.

@me My setup is very similar. I use pass, PassFF and sync using git. For 2FA I use Yubikey and https://developers.yubico.com/yubioath-desktop/ , which unfortunately works only with yubikeys.
About using 2 smartcards at once: gnupg 2.3 says it has improved support (https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html), but yeah, unfortunately it's not the version provided by PureOS.

For the moment being I decided to disable the use of the #OpenPGPcard inside my #Librem5 to force the use of my #LibremKey when gpg is needed on the phone.

Support for multiple smartcards is improved in gpg 2.3.x I read which is not available for my distribution, yet.

This way pass works with the externally connected LibremKey/#Nitrokey as expected.