KeePass password manager review

Our Verdict

The costless and open-source KeePass isn't for everyone, but if you lot're willing to put in some effort, it's i of the virtually powerful password managers out there.

For

• Completely free & open-source
• Extensive plugin back up
• Gives y'all full command of your data

Against

• Outdated design will exist unintuitive to many users
• Requires plugins for many standard features
• 3rd-party Android, iOS apps

Tom's Guide Verdict

The gratuitous and open-source KeePass isn't for everyone, but if you're willing to put in some effort, it'south one of the most powerful password managers out there.

Pros

• +

  Completely free & open-source

• +

  All-encompassing plugin back up

• +

  Gives you total control of your data

Cons

• -

  Outdated design volition be unintuitive to many users

• -

  Requires plugins for many standard features

• -

  Third-political party Android, iOS apps

KeePass specs

Platforms: Windows, Mac, Linux; unofficial Android, iOS and Chrome Os ports
Complimentary-version limitations: None; information technology'south all free
2FA: Via plug-ins
Browser plugins: Third-party extensions for Chrome, Firefox, Cyberspace Explorer, Opera, Safari
Form filling: Aye
Mobile PIN unlock: Depends on app
Biometric login: Via plug-ins
Killer feature: Infinitely customizable

The gratis and open-source password manager KeePass has been around since 2003 and offers a huge number of customization options, as long every bit y'all're willing to put up with a scrap of a learning curve.

You lot probably won't demand to worry about information technology disappearing anytime soon, despite the fact that it is gratuitous software. It's the best password managing director option if yous want to maintain consummate command of your information.

KeePass' core version is missing a number of features when compared to the strongest offerings out there like Keeper, LastPass or Dashlane, although the many tertiary-party plug-ins made for the service help fill in the gaps. The question is whether information technology is worth saving $35 to $60 per year.

As you'll see in our KeePass review, if yous want a solution that you can just sign into and basically never have to worry about, then KeePass isn't for you lot. But if yous don't mind spending some fourth dimension to larn and manage a very powerful application, yous can practise a lot with KeePass.

KeePass: Costs and what'south covered

KeePass is the only password manager I've tested that is completely free to utilise. Information technology'south besides open-source software, meaning anyone tin volunteer to help develop it. KeePass' lead developer, Dominik Reichl, has a donation link on the official KeePass website to help support continued development, but that won't unlock additional functionality – you've already got access to everything.

The tradeoffs are that KeePass lacks the polished user interface of other password managers, and that you lot'll need to be comfortable tinkering with plugins and extensions to get the most out of KeePass.

(Image credit: Tom's Guide)

That includes finding an online storage solution, such every bit Dropbox or Google Drive, to host your countersign database if you desire to sync your KeePass vault between your devices using the internet.

The core KeePass desktop application supports password generation and direction, syncing via local hard disks or network shares, motorcar-type form-filling and machine-type hot-key form filling. To unlock the full ability of KeePass, yous actually need to install plugins and extensions.

I tested the "two.x" version of KeePass, which has a rich prepare of features and can exist installed on platforms beyond Windows. KeePass also nevertheless develops the "i.x" version, which is simpler, Windows-simply and uses a dissimilar codebase.

KeePass 2.10 officially supports Windows Vista and subsequently, macOS and Linux. Nevertheless, if you visit the downloads page for KeePass you will meet more than than thirty boosted versions of KeePass that extend back up to Android, iOS, Blackberry, Chrome OS, PocketPC, J2ME and browser-based solutions. Browser extension plug-ins are available for Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Apple Safari and Opera.

For this review, I used KeePass on a 2017 MacBook Pro fifteen running Windows ten and macOS 10.14 Mojave, an iPhone 7 Plus, and a Google Pixel 3. Google Chrome was my chief browser beyond all platforms just testing on macOS and iOS was also done with Safari.

KeePass: Setup

Your first step is a visit to the KeePass downloads page. If you lot are running Windows Vista, vii, viii, 8.1 or 10, then this will be smooth sailing. Simply hit the Download Now link on the Installer for Windows, and you'll have a choice between the one.x and 2.x development streams.

MacOS and Linux are officially supported, but installing KeePass requires installing the supplemental platforms Mono and XQuartz and a bit more tinkering right off the bat. You'll demand to download a KeePass version on the "2.x" development path.

If you are on any other platform, gyre downwardly to the "Contributed/Unofficial" KeePass Ports and KeePass Packages sections to notice your OS. Yous can too opt for KeePass Portable, a version that can exist installed on a USB stick and plugged into a PC, Mac or Linux box.

(Image credit: Tom'south Guide)

To say that things expect sparse when y'all start launch KeePass is an understatement. It's a basic utility framework with zippo in it. Nearly every option is greyed out until yous create your database by clicking File > New, which is when y'all'll be prompted to create a principal password, create a key file or utilise your Windows user account. If you opt for the key file, you will install the file on a USB drive and will need to plug in the drive when accessing KeePass.

If you would like a full walkthrough, KeePass does have a pretty solid "First Steps Tutorial."

(Image credit: Tom's Guide)

At present, return to the File bill of fare to import whatsoever passwords you may have stored with some other countersign manager or in your browser. Information technology'south a rubber bet that KeePass can import whatever you have, equally KeePass has the longest list of supported services and browsers for import that I have seen.

If you don't see your service in the built-in import options, it's a safe bet there's a plugin for it. I imported data from the Chrome browser'south built-in password manager and it worked perfectly.

(Image credit: Tom's Guide)

If you desire KeePass to sync your passwords across your diverse devices, you'll need to determine which deject service or personal server you are going to use. Back up for a number of cloud-syncing services, including Dropbox, Google Drive and Microsoft'southward OneDrive, are available via plugins.

Finally, you lot will want to install one of the unofficial mobile apps. Check the downloads folio or search the iOS and Android app stores for KeePass, and y'all will notice several choices. I opted for Keepass2Android Countersign Safe on Android and Strongbox on iOS.

KeePass on the desktop

KeePass is functionally solid, but yous definitely get what you pay for with the user interface and experience. While some other password managers, such equally 1Password, accept a bit of a utility feel to them, KeePass feels like a utility from the late '90s.

The cadre KeePass application offers only the password-managing director nuts. I'll cover that hither and will address plugins in a later section.

The KeePass desktop interface looks like a standard file-manager window, with your database(s) on the left and the data on the right.

You tin can create groups to sort your login data. Past default, the application creates General, Windows, Network, Internet, electronic mail and Homebanking. You can elevate and drop any prepare of credentials into whatever group and you tin create, edit and delete groups.

To create a new entry, either type "Control + I" or tap the icon of the fundamental with a green download arrow on it. Entries are highly customizable – you tin can create a title, an icon, custom foreground and background colors, tags, URLs to specify which browser should open up them and auto-type settings to handle sites with non-standard forms. You don't need to customize anything, but the fact that you can is only one example of the flexibility of this very elementary-looking app.

(Image credit: Tom's Guide)

Past default, new entries automatically self-populate with a new password 20 characters in length. Tap on the key with the lord's day adjacent to information technology to see additional password options or to jump into the total password generator.

The countersign generator gives you a ridiculous degree of control, with nine option toggles for different types of characters to include, the power to exclude any specific characters you similar, control over the length with no apparent upper limit and the ability to bring in custom countersign-generation algorithms.

KeePass doesn't integrate with your browser to capture login credentials equally you create or update them. Hopefully, you should be able to import your existing passwords during setup, as adding new credentials must be done manually. You have to open a new entry as y'all log into an business relationship, and and so copy and paste the username and password into the entry form.

KeePass tin natively sync your other devices using local network shares or the cyberspace protocols FTP, HTTP and WebDAV. Plug-ins extend back up to secure copy protocol (SCP), the FTP secure extensions SFTP and FTPS, and to well-known online storage providers such as Amazon AWS S3, Box, Dropbox, Google Bulldoze and One Drive.

I chose KeeAnywhere, which was both the about recently updated and about comprehensive of the available sync plugins. In one case KeeAnywhere was installed, I transferred my database over to a deject drive and and then selected File > Open > Open from Cloud Drive to exist up and running with my remote-syncing KeePass database.

To install a KeePass plugin, only open the Tools menu and select Plugins. Click "Get More Plugins" then download and unzip whatsoever you lot wish to install.

Now render to the Plugins menu, click Open Folder and elevate-and-drop the extracted folder into the Plugins folder for KeePass. Restart KeePass and your plugin will exist operational.

As with most aspects of KeePass, it takes a few steps to attain this, but everything worked as advertised one time I got a handle on it.

KeePass mobile apps

There are no official mobile apps for KeePass, just I'll discuss two unofficial ports for Android and iOS.

Keepass2Android is one of the most popular Android options available and follows Google's Material Design template. I wasn't certain what to expect,  but information technology actually adds some functionality to the core KeePass experience. Cloud syncing is congenital-in, with support for most major cloud-storage solutions, and I quickly and easily added my database from Google Bulldoze.

(Image credit: Tom's Guide)

Keepass2Android's master screen presents a very basic list of your login groups. Tapping a group displays the included accounts, with the URL and username for each. Borer an account brings up a scrap more than information, and from in that location you can edit the entry with all the options found in the full app.

One squeamish touch on: Keepass2Android has templates for new entries beyond but logins, such as credit cards, ID cards and secure notes. That's something the cadre KeePass application lacks, and which would greatly expand its utility and ease of use.

If y'all are on Android eight.0 or subsequently, Keepass2Android will support course filling if you install a split plugin from outside the Play Shop, which might be a step too far for many users. I did run the plugin, which is written by Keepass2Android's developer, to confirm that it worked.

While Keepass2Android is a completely basic Android app, it looks more than modern than some other countersign managers' apps. Critically, it did what it needed to do.

Turning to iOS, I went with Strongbox, which like Keepass2Android is free. In that location are quite a few KeePass-compatible options in the App Shop, including some paid ones and an interesting option called Keepassium that was merely inbound beta during my testing, so it'due south worth looking them all over.

(Image credit: Tom's Guide)

What I primarily needed was support for cloud syncing, which Strongbox offers. I simply had to indicate that I wanted to access an existing database. Then I selected Google Drive and signed into my Google business relationship, and all of my data was imported and syncing.

The icons are a bit prettier in Strongbox than in Keepass2Android, but overall Strongbox remains a bare experience. The principal screen is just your KeePass database listing your categories and a search box to a higher place them. The categories and logins are all in listing views; in that location are no grid or website-logo displays every bit with some of the nicer countersign-manager mobile apps.

(Prototype credit: Tom's Guide)

There isn't a lot of extra functionality baked into Strongbox, but yous tin admission, edit and create new items in your database. The countersign generator supports up to 88 characters and has nearly as many options as the cadre KeePass app. While the app claims that course-filling is supported on Safari, I was unable to become that feature to work.

Strongbox covers the basics in terms of giving you access to your KeePass database on your iOS device, merely I would take a look at 1 of the paid apps or the new Keepassium app to see if 1 of them delivers a bit more than features.

KeePass plugins and extensions

There are more 100 KeePass plugins and extensions that tin add functions and transform the looks of the awarding. I'm going to highlight merely a few, but the plugins and extensions folio on the KeePass site has the complete list.

(Epitome credit: Tom'southward Guide)

Simply be sure to check the dates on plugins earlier you install them. I ran into a few that hadn't been updated in three or more years, which is a adventure you run with open-source software.

The official plugins page breaks things up into 11 categories, which should give yous some idea of what can be washed with KeePass: I/O & Synchronization, Backup, Utilities, Integration & Transfer, Cryptography & Cardinal Providers, Import, Export, Import & Consign, Automation & Scripting, Resources and For Developers.

(Paradigm credit: Tom's Guide)

Some plugins, such equally KeeForm, ChromeIPass or PassIFox, enable form-filling of your usernames and passwords -- a must-take characteristic for paid countersign managers that is missing from the core KeePass experience.

KeePassWinHello, every bit you might guess, adds support for Windows Hello biometric logins to unlock your KeePass database. There is as well KeeOtp or Tray TOTP which add support for two-cistron authentication via time-based one-time passwords (TOTP).

The HaveIBeenPwned plugin checks your saved usernames and passwords against the well-known HaveIBeenPwned database of credentials compromised in data breaches. It's non every bit extensive as some of the alienation-scanning features available with the paid versions of Keeper or Dashlane, just information technology's gratis.

KeePass: Security

KeePass relies on AES-256 encryption to secure its password database, like nigh other password managers. While KeePass defaults to an AES/Rijndael (256-bit key, FIPS 197) algorithm, you tin change information technology to a ChaCha20 (256-bit key, RFC 7539) algorithm in the database settings.

(Image credit: Tom's Guide)

Even if your database should be obtained by someone else, information technology should remain rubber, equally your files can exist unencrypted only on your device.

As KeePass makes y'all responsible for your own database, this flexible security is perhaps even more than comforting for those who host their own databases online and sync to multiple devices.

(Prototype credit: Tom'south Guide)

Another selection available is to utilize an AES-KDF or Argon2 key derivation to transform your master key and make it more than difficult to crack. This may increment save/load times for your database, however.

KeePass lacks native support for common two-factor-authentication options, but there are plug-in options for 2FA via TOTP, another that supports YubiKey and a couple that offer RFID or NFC support.

KeePass review: Bottom line

KeePass is definitely not for the average user. Information technology just requires also much work and potential frustration to get everything up and running. Most users want a password manager that does well-nigh of the work of managing passwords, and solutions like LastPass or Keeper would be much better fits.

With that said, if you relish the procedure of customizing and working with your software, the core KeePass application is solid. And with the right collection of plugins, you can build it upwardly into a production that gets reasonably shut to the features of the high-end options, all without having to pay a dime.

A self-professed "wearer of wearables," Sean Riley is a Senior Writer for Laptop Mag who has been covering tech for more than a decade. He specializes in covering phones and, of grade, wearable tech, but has as well written about tablets, VR, laptops, and smart home devices, to name but a few. His articles have also appeared in Tom's Guide, TechTarget, Phandroid, and more.

Source: https://www.tomsguide.com/reviews/keepass

Posted by: mcintiredoughtereas.blogspot.com

Share this post