PearPass is a new, free, open-source, cross-platform password and identity manager, but the question is, should you use it? PearPass differs from conventional password managers, which fall into two categories: local and online.
Conventional Password Managers
Local password managers store credentials on your device. Syncing a local password manager is the responsibility of the vault owner. The local password manager on the DCT recommended software list is KeePass. It is an excellent choice – I used it for years.
Online password managers store their vaults in an online credential infrastructure. This infrastructure can be self-hosted or company-hosted. Two good cloud-based password managers are Bitwarden and 1Password. I have used 1Password in the past, and I currently have a premium Bitwarden subscription. Jim Hillier recommends Bitwarden’s free version if you do not need the premium features.
PearPass Password Manager
PearPass is different. Unlike traditional cloud-based managers, PearPass does not store your data on external servers. All your credentials are stored and encrypted directly on your device using strong end-to-end encryption. However, unlike traditional local managers, PearPass syncs your devices. PearPass uses peer-to-peer technology.
Peer-To-Peer Technology
PearPass runs on the Pear Runtime, a peer-to-peer technology that eliminates the need for centralized servers. The Pear Runtime enables PearPass to synchronize vaults across devices without transmitting data through third-party servers. PearPass uses a swarm, meaning any peer running the application will reseed it to other peers. PearPass is built on Libsodium, a modern software library designed for encryption, decryption, digital signatures, password hashing, and key derivation.
Tether Limited, the issuer of the cryptocurrency Tether stablecoin (USDT), launched PearPass. However, Tether’s USDT relies on blockchain technology.
Audited
Secfault Security, a firm specializing in offensive security and cryptographic analysis, has independently audited PearPass.
Should You Use PearPass?
So, the big question is: Should you use PearPass? In my opinion, no. PearPass has some appealing features: it’s free, open-source, and cross-platform. It also uses some interesting technology. PearPass also passed an audit. However, I see some negatives.
First, the technology sounds interesting, but I don’t really understand it. I don’t understand many things, but I’m not ready to trust my most sensitive data to technology I don’t understand.
Second, only one audit has been conducted, and it was incomplete. The audit only lasted five days. Additionally, it did not fully cover the technology library that PearPass is built on. The audit included this statement: “Additionally, it should be mentioned that this review could not cover all of the underlying Pear runtime, given its complexity and the amount of source code. Therefore, this test was performed following a best effort approach incorporating the testers’ prior experiences and domain knowledge.” I’d like to see more audits.
Third, and most importantly, PearPass is very new. Other password managers, such as 1Password, Bitwarden, and KeePass, have been around for a long time. They are proven. PearPass is not. Further, there is no guarantee that Tether will continue to improve and support PearPass.
Bottom Line
PearPass is a new, free, open-source, cross-platform password manager. With its peer-to-peer network architecture, PearPass stores credentials locally while syncing them to other devices without the need for a central server. This feature combines the best of both local and online password managers. However, in my opinion, PearPass is too new to be used confidently as one’s password manager.
—
