Lastpass CLI for free on your phone

..

2021-07-03

This is a tutorial to install and use Lastpass password manager on your iOS device, in the command line (!), for free, to access your Lastpass passwords stored on Lastpass's server. It should work on Android as well but you'll have to find your own way to install the Lastpass-CLI package. You don't have to be a greybeard hacker to run this 'hack' but you should have at least a little bit of experience in the command line. Well, now's a great time to learn.

For years, Lastpass has been one of the most recommended password managers. And it was completely free to use across your computers, including your phone with their apps for iOS and Android. I have been using it for years. They offered a premium service, but as far as I remember its utility was in the ability to share your password management with other people, a service that I didn't want.

In spring 2021 Lastpass made a change to their free tier. You had to choose between desktop OR mobile. If you wanted access to both you had to pay $36 yearly for a service that used to be free. I wasn't ready to make that change.

Lastpass is a browser extension, and for a while there was a GUI app as well. Here's where the 'hack' will come in: there's an open source Lastpass CLI program, and it works on iOS. Here's how to do it:

1. Install iSH

Link to install directly on iOS

iSH website

If you're on your iOS device, for example browsing with Elaho client, with redirecting of http links set up, then click the first link above and it should directly open iSH in the app store. From Gemini. LOL.

When it's finished downloading, open iSH.

2. Install Lastpass CLI

iSH runs a virtual machine with Alpine Linux. Alpine is a small, simple, independent Linux distribution without much pre-installed.

To install software in Alpine we use the apk package manager. Install Lastpass CLI

apk install lastpass-cli

Wait a second for it to install. By the way, let me know if you can figure out how to install the man pages as well this way.

3. Login to Lastpass

Due to an annoying quirk we need to tell Lastpass that our password is coming from the CLI's standard input when we run the program, and then to pass it our password. To do so, we disable LPASS_DISABLE_PINENTRY and echo our password to the program.

echo "your-password" | LPASS_DISABLE_PINENTRY=1 lpass login "your-email@your-domain.com"

If all goes well, you're logged in. If not, check your master password, your login email, your wifi or data connection, and make sure you typed this all right.

4. Get passwords you need

Need your Bandcamp password?

lpass show bandcamp.com

Need your New York Times password?

lpass show nytimes.com

Want to see a huge list of all your passwords?

lpass ls

If you have multiple logins for the same domain, you will get back a list of however many match. Re-enter the same command (press up) but this time add the number of the one you want to the end.

lpass show roll20.net 2

You can see a list of command-line options by typing lpass help.

This should be enough to get you started. You'll need to re-login if you restart your phone or if you quit iSH. Now you can access your passwords on your phone.

OPTIONAL: Make your command line more friendly and automate login to fish shell

There is a tutorial on installing packages in iSH shell here. Go to the section on changing the default shell and change the login to automatically run fish on start. Or modify it and install Bash or Zsh.

Run Linux on iOS

OPTIONAL: Automatically login to Lastpass-CLI each time you open iSH from scratch (in Fish)

So if you close the app, you will stay logged into iSH. But if you restart your phone or quit and reopen iSH you'll need to do the rigimarole to re-login to Lastpass. Let's automate it instead.

We can add our one-liner login command from earlier to the fish shell.

nano ~/.config/fish/config.fish

Enter the line we used to login from earlier, and this time we'll have it run as a background command. Curiously, without doing this it seemed to run before the full login prompt and would cause the shell to hang after I opened another program and quit, maybe because there were still background startup init scripts running from OpenRC? In any case, this was my simple solution:

echo "your-password" | LPASS_DISABLE_PINENTRY=1 lpass login "your-email@your-domain.com" &

Notice just the addition of the ampersand at the end means this will now run in the background. Then Save ^-O and Quit ^-X. Type exit and iSH will relaunch the shell and fish will run and you'll see the lpass login begin in the background. The prompt will be ready but it will still be connecting to Lastpass in the background and interrupt. When it's done it will give you a success message and you can hit the enter key to get another prompt.

If you don't use fish shell, you can find many resources elsewhere for creating login scripts for Bash, Ash shell (the default shell that comes in Alpine Linux), Zsh, etc. Alternatively, you can create a startup service using OpenRC. This takes a few more steps and I use Fish shell, so I'll leave that process as an exercise for the reader.

You can comment on this post by sending an email to the email listed on the index page.