KeePass Reviews

A Couple of Tips for Getting Started

about KeePass and Keefox · · Helpful Not helpful 10 Helpful Report as spam

Windows users, increase your security: In KeePass go to Tools > Options > Security > check "Enter master key on secure desktop". This helps to defeat keyloggers.

Use Keefox for integration with Firefox browser.
It finds the website fields correctly in 99% of instances, which is better than some commercial products like LastPass.

There are a couple of things to know to save you time when installing the plugin. In particular, if you've followed the instructions and it still doesn't open try this: Go go KeeFox > Options > KeePass tab > check "Remember above settings (e.g. when using KeePass portable).Hopefully that should sort it out.

reply

Can it work with Chrome ?

Yes, it can work with Chrome. For Chrome, you will need a different plugin, however: ChromeiPass. But, if you value your online security and privacy, I strongly urge you not to use Chrome. It's part of Google's broad suite of software that harvests your personal information. If you want a more privacy-oriented but Chrome-compatible browser, see Vivaldi or, better still, Iridium. For both of those the ChromeiPass plugin should also work.

Using Keepass + a browser plugin is less convenient than using a service that syncs your passwords, e.g. the excellent Bitwarden. People who accept the extra inconvenience of Keepass are generally doing it for the added security and privacy benefits. So why undermine your privacy by letting Google track everywhere you go online and everything you search for?

about KeePass · · Helpful Not helpful 4 Helpful Report as spam

I used KeePass a long time ago and switched to LastPass, since it was just easier to use. Now i am back to Keepass, since there is a good solution on iPhone also (KeePass Touch).
Now that i used both of them for some time i have to say, that KeePass perfroms way better than Lastpass. The problem for "simple" users is, that you have to install some plugins and need to think (learn) a litte bit more to get the same functionality but once you have done this, LastPass is not better AT ALL. Specially when it comes to Desktop passwords, KeePass performs way better.
I am just happy :-)

reply

Lastpass does not encrypt the domain names you have stored in its database. Therefore, you can be profiled on the basis of which websites you have accounts with, which is a privacy liability. They could even profile when you go to these websites. No such problems with KeePass, of course.

Otherwise, try Bitwarden; like Lastpass but open source and they do encrypt the domains.

For me, one of important thing in KeePass - encryp...

about KeePass · · Helpful Not helpful 4 Helpful Report as spam

For me, one of the important things in KeePass - encrypted file storage and templating add-on. For example, you could keep account data, related document scans, credit card info in one handy entry and it always will be encrypted. No need to bother with creating extra encrypted volume with VeraCrypt (or something else) to sync it with different devices.

reply

best password manager for computer geeks

about KeePass · · Helpful Not helpful 4 Helpful Report as spam

KeePass is very useful password manager for people like us.
It is on the top of the list of its kind mainly with two reasons: 1) its completely free and 2) it's all the features a good password manager should have.
Great works!

reply

Best password manager out there

about KeePass and LastPass · · Helpful Not helpful 3 Helpful Report as spam

Not only is it safe from leaks and hackers, but it is extremely handy for those of us who want to create complex passwords but then end up not remembering them.

reply

Unless you're using it on Windows, of course, which has a built in keylogger and sends every keystroke back to Microsoft. How do you defend your master password then? You can of course disable it, but then Windows does reset your preferences during some updates so next time you might just be caught unawares. Safe from leaks and hackers? Depends on your perspective.

Possibly the best password/account/license/data/whatever manager there ever was!

about KeePass and KeePassDroid · · Helpful Not helpful 3 Helpful Report as spam

I'm using it for everything that needs extra protection; passwords, passcodes, accounts (shops, banks etc), license keys, credit cards and much more.

The auto-type functionality is extremely handy, allowing me to conveniently use unique login/pass for everything (as an example it even works with the login screen in Elder Scrolls Online). There are special cases where it doesn't work by default, but they are very few and since KeePass offers flexible auto-type customization, there's usually a way to get it to work anyway if you need it (e.g. by targeting a specific window/process and altering the keys that are being sent to it). Or you don't have to use auto-type of course. :)

I've never come across a better piece of software for this purpose, and being both free and open source makes it a no-brainer.

I had a few minor problems with it a while ago, but the author fixed them very quickly as soon as I reported them! Dominik Reichl is both very dedicated and highly skilled!

I run it stand-alone and don't use any kind of browser integration since I consider that very insecure. I do however use the simplistic DB Backup plugin to create a new backup every time I save (yes, the more backups with minor changes, the easier it probably is for an adversary to crack the encryption, but I don't have anything incriminating or of national security interest so I don't worry if somebody would decide to do a serious targeted attack on my data - it's good enough for me to keep regular criminals and other idiots away). I place the database + backups in my Dropbox account for off-site backup and painless synchronization between all my devices where I use KeePass (i.e. my Windows workstations, Windows laptop, Android tablet and Android phone - the latter two using KeePassDroid).

Just a tip though: if you're using Dropbox (or any other off-site storage) as off-site backup, don't have the Dropbox login/pass only in KeePass. Why? Let's say your on-site backup and all devices you have KeePass installed on are destroyed (e.g. by fire) or stolen, how are you going to fetch your KeePass backup from Dropbox if you don't remember the Dropbox login/pass? That's a catch-22 you don't want; you'd need the Dropbox login/pass to get the KeePass backup, but you'd need the KeePass backup to get the Dropbox login/pass. Whoops!

Anyway, KeePass is a project well worth donating to, which I of course have done. I sincerely hope everybody else loving it also donates; KeePass deserves to be kept alive! :)

[Edited by alterkenji, February 17]

reply

KeePass have security flaw in update mechanism, developer refuse to fix

about KeePass · · Helpful Not helpful 4 Helpful Report as spam

KeePass have MitM security flaw in update check. KeePass uses, in all versions up to the current 2.33, unencrypted HTTP requests to check for new software versions. An attacker can abuse this automatic update check – if enabled – to “release” a new version and redirect the user to a malicious download page.
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/

KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/?limit=25#6b69

[Edited by Distortion, October 15]

reply

That's why users must verify the hashsums!

  • but most of them never do.
  • THEIR fault if they download something fake
  • at least he published it
    (The checksum in a stupid form though, he says it is readable, good luck with it Dom, read it, i won't!)

The developer has said that this issue was patched:

"In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-4096 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS"

http://keepass.info/help/kb/sec_issues.html#updsig

about KeePass · · Helpful Not helpful Report as spam

Excellent tool. I've been using it for years on PC without any problems. The only thing it's missing is a simple cloud syncing feature so I don't have to manually back it up, but otherwise it's awesome and secure.

reply
about KeePass · · Helpful Not helpful Report as spam

Stable, supported, glitch free, standardized.

reply
about KeePass · · Helpful Not helpful Report as spam

KeePass and related versions are great Open Source software for keeping your credentials safe on a variety of platforms. Especially by keeping them locally on your machine-- if it's online, it's more likely to be compromised eventually one way or another. Online managers may be convenient but they're always available.

Most versions of KeePass have features for dealing with keystrokes and passwords in memory which are helpful as long as we use them.

See the full review at the LearningWilds website: https://learningwilds.net/learnd/node/114

reply
about KeePass · · Helpful Not helpful Report as spam

One important feature of KeepPass is the ability to store encrypted attatchments into the database. This allow to keep sensitive documents safe with you on a usb stick, for example. KeePass will perform a clean erase from the device you accessed an attatchment. And the standalone version of Keepass allow you to run it from the usb drive on computers that do not have KeePass installed.

reply
about KeePass · · Helpful Not helpful Report as spam

Best password manager bar none and it's open source too which is a double bonus!

reply

Best open source password manager

about KeePass and LastPass · · Helpful Not helpful Report as spam

Best OSI certified piece of software. Very transparent, functional, and with lot of extensions - KeeFox, KeePassDroid, KeePass2Android... if you are on MAC/LINUX, there is a Small KeePassX iconKeePassX Most important factor is that your database is always stored on your drive, and you have absolute control over your passwords, unlike alternativeto.net/software/lastpass/ . Don't get me wrong, lastpass is overall good software, but it is still proprietary.

reply

Lacks Good Browser Plugin

about KeePass · · Helpful Not helpful Report as spam

Keepass is a great program. However, the third-party browser plugins aren't as effective and easy to use as the commercial password managers.

reply

There's Keefox for Firefox-based browsers and a KeePass extension for Chromium-based browsers.

I agree with bopperjr346, many of the browser plugins are hard to setup and lots of time unreliable.
Keepass by itself is a great piece of hardware, the problem is the integration....