- Open Source
- 10 Reviews
- 178 Likes
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
Also portable app: http://portableapps.com/apps/utilities/keepass_portable .
KeePass is also a platform with 5 apps listed on AlternativeTo. Browse all 5 apps for KeePass.
Automatic Form-Filler Auto-type Browser integration Customizable Encrypted passwords Extensible by Plugins/Extensions Integrated Password Generator Integrated Search Local Storage Multi-Factor Authentication (MFA) Multiple languages Works Offline Open Source apps Password encryption Password Generator Password safe Plugin API Plugins Portable Scriptable Security focused Sorting by folder Add a feature
form-filler local-client password-manager password-protection password-recovery passwords-keeper
Make this page better by adding screenshots to KeePass.
Windows users, increase your security: In KeePass go to Tools > Options > Security > check "Enter master key on secure desktop". This helps to defeat keyloggers.
Use Keefox for integration with Firefox browser.
It finds the website fields correctly in 99% of instances, which is better than some commercial products like LastPass.
There are a couple of things to know to save you time when installing the plugin. In particular, if you've followed the instructions and it still doesn't open try this: Go go KeeFox > Options > KeePass tab > check "Remember above settings (e.g. when using KeePass portable).Hopefully that should sort it out.
Can it work with Chrome ?
Yes, it can work with Chrome. For Chrome, you will need a different plugin, however: ChromeiPass. But, if you value your online security and privacy, I strongly urge you not to use Chrome. It's part of Google's broad suite of software that harvests your personal information. If you want a more privacy-oriented but Chrome-compatible browser, see Vivaldi or, better still, Iridium. For both of those the ChromeiPass plugin should also work.
Using Keepass + a browser plugin is less convenient than using a service that syncs your passwords, e.g. the excellent Bitwarden. People who accept the extra inconvenience of Keepass are generally doing it for the added security and privacy benefits. So why undermine your privacy by letting Google track everywhere you go online and everything you search for?
I'm using it for everything that needs extra protection; passwords, passcodes, accounts (shops, banks etc), license keys, credit cards and much more.
The auto-type functionality is extremely handy, allowing me to conveniently use unique login/pass for everything (as an example it even works with the login screen in Elder Scrolls Online). There are special cases where it doesn't work by default, but they are very few and since KeePass offers flexible auto-type customization, there's usually a way to get it to work anyway if you need it (e.g. by targeting a specific window/process and altering the keys that are being sent to it). Or you don't have to use auto-type of course. :)
I've never come across a better piece of software for this purpose, and being both free and open source makes it a no-brainer.
I had a few minor problems with it a while ago, but the author fixed them very quickly as soon as I reported them! Dominik Reichl is both very dedicated and highly skilled!
I run it stand-alone and don't use any kind of browser integration since I consider that very insecure. I do however use the simplistic DB Backup plugin to create a new backup every time I save (yes, the more backups with minor changes, the easier it probably is for an adversary to crack the encryption, but I don't have anything incriminating or of national security interest so I don't worry if somebody would decide to do a serious targeted attack on my data - it's good enough for me to keep regular criminals and other idiots away). I place the database + backups in my Dropbox account for off-site backup and painless synchronization between all my devices where I use KeePass (i.e. my Windows workstations, Windows laptop, Android tablet and Android phone - the latter two using KeePassDroid).
Just a tip though: if you're using Dropbox (or any other off-site storage) as off-site backup, don't have the Dropbox login/pass only in KeePass. Why? Let's say your on-site backup and all devices you have KeePass installed on are destroyed (e.g. by fire) or stolen, how are you going to fetch your KeePass backup from Dropbox if you don't remember the Dropbox login/pass? That's a catch-22 you don't want; you'd need the Dropbox login/pass to get the KeePass backup, but you'd need the KeePass backup to get the Dropbox login/pass. Whoops!
Anyway, KeePass is a project well worth donating to, which I of course have done. I sincerely hope everybody else loving it also donates; KeePass deserves to be kept alive! :)
[Edited by alterkenji, February 17]
I used KeePass a long time ago and switched to LastPass, since it was just easier to use. Now i am back to Keepass, since there is a good solution on iPhone also (KeePass Touch).
Now that i used both of them for some time i have to say, that KeePass perfroms way better than Lastpass. The problem for "simple" users is, that you have to install some plugins and need to think (learn) a litte bit more to get the same functionality but once you have done this, LastPass is not better AT ALL. Specially when it comes to Desktop passwords, KeePass performs way better.
I am just happy :-)
Lastpass does not encrypt the domain names you have stored in its database. Therefore, you can be profiled on the basis of which websites you have accounts with, which is a privacy liability. They could even profile when you go to these websites. No such problems with KeePass, of course.
Otherwise, try Bitwarden; like Lastpass but open source and they do encrypt the domains.
For me, one of the important things in KeePass - encrypted file storage and templating add-on. For example, you could keep account data, related document scans, credit card info in one handy entry and it always will be encrypted. No need to bother with creating extra encrypted volume with VeraCrypt (or something else) to sync it with different devices.
KeePass is very useful password manager for people like us.
It is on the top of the list of its kind mainly with two reasons: 1) its completely free and 2) it's all the features a good password manager should have.
Not only is it safe from leaks and hackers, but it is extremely handy for those of us who want to create complex passwords but then end up not remembering them.
Unless you're using it on Windows, of course, which has a built in keylogger and sends every keystroke back to Microsoft. How do you defend your master password then? You can of course disable it, but then Windows does reset your preferences during some updates so next time you might just be caught unawares. Safe from leaks and hackers? Depends on your perspective.
KeePass have MitM security flaw in update check. KeePass uses, in all versions up to the current 2.33, unencrypted HTTP requests to check for new software versions. An attacker can abuse this automatic update check – if enabled – to “release” a new version and redirect the user to a malicious download page.
KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
[Edited by Distortion, October 15]
That's why users must verify the hashsums!
The developer has said that this issue was patched:
"In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-4096 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS"
This password manager has never let me down, safe to say it's one of the best and safest one out there. I would like to see a bit of design overhaul to be honest. Database can be opened by several cross-platform unofficial ports, however, not all of them are bug-free and may contain security flaws.
I store the database on several offline places.
Summarized, it's free, it's good and it's secure.
Best password manager
One important feature of KeepPass is the ability to store encrypted attatchments into the database. This allow to keep sensitive documents safe with you on a usb stick, for example. KeePass will perform a clean erase from the device you accessed an attatchment. And the standalone version of Keepass allow you to run it from the usb drive on computers that do not have KeePass installed.
KeePass 2.x can be made to work on OS X with mono. I'd still recommend using KeePass 1.x on Windows and KeePassX on Linux and OS X over it if you care about cross-platform compatibility.
Not because free and opensource. it's because easy to use and lightweight.
I don't know how many years he's been around 10 maybe 15. It's old but reliable. For me, this is the best password manager I ever saw!