KeePass Reviews

best password manager for computer geeks

about KeePass · · Helpful Not helpful 1 Helpful

KeePass is very useful password manager for people like us.
It is on the top of the list of its kind mainly with two reasons: 1) its completely free and 2) it's all the features a good password manager should have.
Great works!

Reply

KeePass have security flaw in update mechanism, developer refuse to fix

about KeePass · · Helpful Not helpful 1 Helpful

KeePass have MitM security flaw in update check. KeePass uses, in all versions up to the current 2.33, unencrypted HTTP requests to check for new software versions. An attacker can abuse this automatic update check – if enabled – to “release” a new version and redirect the user to a malicious download page.
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/

KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/?limit=25#6b69

[Edited by Distortion, October 15]

That's why users must verify the hashsums!

  • but most of them never do.
  • THEIR fault if they download something fake
  • at least he published it
    (The checksum in a stupid form though, he says it is readable, good luck with it Dom, read it, i won't!)

The developer has said that this issue was patched:

"In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-4096 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS"

http://keepass.info/help/kb/sec_issues.html#updsig

Reply

Best password manager out there

about KeePass and LastPass · · Helpful Not helpful 1 Helpful

Not only is it safe from leaks and hackers, but it is extremely handy for those of us who want to create complex passwords but then end up not remembering them.

Reply

Possibly the best password/account/license/data/whatever manager there ever was!

about KeePass and KeePassDroid · · Helpful Not helpful 1 Helpful

I'm using it for everything that needs extra protection; passwords, passcodes, accounts (shops, banks etc), license keys, credit cards and much more.

The auto-type functionality is extremely handy, allowing me to conveniently use unique login/pass for everything (as an example it even works with the login screen in Elder Scrolls Online). There are special cases where it doesn't work by default, but they are very few and since KeePass offers flexible auto-type customization, there's usually a way to get it to work anyway if you need it (e.g. by targeting a specific window/process and altering the keys that are being sent to it). Or you don't have to use auto-type of course. :)

I've never come across a better piece of software for this purpose, and being both free and open source makes it a no-brainer.

I had a few minor problems with it a while ago, but the author fixed them very quickly as soon as I reported them! Dominik Reichl is both very dedicated and highly skilled!

I run it stand-alone and don't use any kind of browser integration since I consider that very insecure. I do however use the simplistic DB Backup plugin to create a new backup every time I save (yes, the more backups with minor changes, the easier it probably is for an adversary to crack the encryption, but I don't have anything incriminating or of national security interest so I don't worry if somebody would decide to do a serious targeted attack on my data - it's good enough for me to keep regular criminals and other idiots away). I place the database + backups in my Dropbox account for off-site backup and painless synchronization between all my devices where I use KeePass (i.e. my Windows workstations, Windows laptop, Android tablet and Android phone - the latter two using KeePassDroid).

Just a tip though: if you're using Dropbox (or any other off-site storage) as off-site backup, don't have the Dropbox login/pass only in KeePass. Why? Let's say your on-site backup and all devices you have KeePass installed on are destroyed (e.g. by fire) or stolen, how are you going to fetch your KeePass backup from Dropbox if you don't remember the Dropbox login/pass? That's a catch-22 you don't want; you'd need the Dropbox login/pass to get the KeePass backup, but you'd need the KeePass backup to get the Dropbox login/pass. Whoops!

Anyway, KeePass is a project well worth donating to, which I of course have done. I sincerely hope everybody else loving it also donates; KeePass deserves to be kept alive! :)

[Edited by alterkenji, February 17]

Reply
about KeePass · · Helpful Not helpful

One important feature of KeepPass is the ability to store encrypted attatchments into the database. This allow to keep sensitive documents safe with you on a usb stick, for example. KeePass will perform a clean erase from the device you accessed an attatchment. And the standalone version of Keepass allow you to run it from the usb drive on computers that do not have KeePass installed.

Reply
about KeePass · · Helpful Not helpful

Best password manager bar none and it's open source too which is a double bonus!

Reply
about KeePass · · Helpful Not helpful

Seems to not be suited for Chrome. Chrome extensions for it are low-rated and have bad reviews.

Reply

Lastpass is better

about KeePass · · Helpful Not helpful
Reply

A Couple of Tips for Getting Started

about KeePass and Keefox · · Helpful Not helpful

Windows users, increase your security: In KeePass go to Tools > Options > Security > check "Enter master key on secure desktop". This helps to defeat keyloggers.

Use Keefox for integration with Firefox browser.
It finds the website fields correctly in 99% of instances, which is better than some commercial products like LastPass.

There are a couple of things to know to save you time when installing the plugin. In particular, if you've followed the instructions and it still doesn't open try this: Go go KeeFox > Options > KeePass tab > check "Remember above settings (e.g. when using KeePass portable).Hopefully that should sort it out.

Can it work with Chrome ?

Reply

Best open source password manager

about KeePass and LastPass · · Helpful Not helpful

Best OSI certified piece of software. Very transparent, functional, and with lot of extensions - KeeFox, KeePassDroid, KeePass2Android... if you are on MAC/LINUX, there is a Small KeePassX iconKeePassX Most important factor is that your database is always stored on your drive, and you have absolute control over your passwords, unlike alternativeto.net/software/lastpass/ . Don't get me wrong, lastpass is overall good software, but it is still proprietary.

Reply

Lacks Good Browser Plugin

about KeePass · · Helpful Not helpful

Keepass is a great program. However, the third-party browser plugins aren't as effective and easy to use as the commercial password managers.

There's Keefox for Firefox-based browsers and a KeePass extension for Chromium-based browsers.

I agree with bopperjr346, many of the browser plugins are hard to setup and lots of time unreliable.
Keepass by itself is a great piece of hardware, the problem is the integration....

Reply

Whoooooa

about KeePass · · Helpful Not helpful

Awesome App

Reply

Better use wine than mono

about KeePass · · Helpful Not helpful

For Macos use wineskin to install it
Be sure to install .NET 2 first

[Edited by alsamuef, August 31]

Reply

Good software on Windows, not so much on GNU/Linux.

about KeePass · · Helpful Not helpful

Great application for use on Windows, it does the job and is easy to use.
On GNU/Linux however, it can only be run with Mono and the paste- functionality doesn't always work the way it should + some of the characters in the edit entry form are mangled, hidden or replaced with white recangles.
I might try to use KeepassX but then i'd have to convert the password database (if at all possible).

All in all, i'd recommend it.

Reply