> From TFA, the password generation is via pwgen.

Seems strange to have the password generation "on the inside", though. That essentially means that `pwgen` is a strict dependency. Instead of writing something like

  pass generate Email/jasondonenfeld.com 15

the user should just type something like

  pwgen 15 1 | pass insert Email/jasondonenfeld.com

That way they don't need `pwgen` to install `pass`. It also means that all of the options to `pwgen` can be used without special effort or documentation.

I'd say the same thing about `xclip`, but it's probably not worth having to write something like

  pass -c Email/zx2c4.com | xclip -selection clipboard -l 1

(or however xclip is supposed to work).

Well, since pass is a shell script, and thus has no compilation, you don't need pwgen, and then you can just use "some-generator-program | pass insert blah" as you mentioned. For me, though pass generate Cheese 20 is a lot easier to remember than having to think about the options to pwgen. Pwgen, by default, makes passwords that are easy to remember, and there's some flag you have to hit to make them "truely random". I can't ever remember what this flag is.

With xclip, it's actually a bit more nuanced. You want this to be internal because I have some logic for removing the password from the clipboard after 45 seconds and putting the old clipboard contents back (if nothing else has replaced it in the meanwhile).

> my password is on the clipboard for 45 seconds.

That's not very secure. Why not send the password directly to the input manager (as keyboard events or what-have-you), so the password only is seen by the app that needs it, instead of every app the user is running?

Yea that sounds quite nice. Any suggestion on the best way to do this? I suppose there could be browser plugins that call out to pass, but what about a generic system? What would you recommend?

Exactly.