KeePass Password Safe is a different animal in the password managers’ universe. Although many tools are free, KeePass is also a completely open-source based password manager. This has several implications that are pretty important in deciding whether this is the right tool for you.
KeePass is not a flashy, easy-to-use software. Compared to other free password managers, such as LastPass or RoboForm, which feature a modern and friendly interface, KeePass is lagging behind; in fact, a user with no background (even a basic one) in manual software configuration and putting simple scripts to work might be confused by its design and lack of intuitiveness. However, the real value of KeePass is in its surprising amount of features, security strength and versatility—if you are up for the task of learning how to use it. After looking closely at almost 70 password managers, here’s what I thought you really need to know about this unique tool.
|KeePass Features Overview|
|Multi-device sync||No (only manualy)|
|Backup and recovery||Yes (only through plugin)|
|Mobile apps available||Yes (not official)|
|Password Auto-import||No (available through a plugin)|
|Languages available||Arabic, Bulgarian, Burmese, Bahasa Melayu, Catalan, Chinese, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian, Italian, Japanese, Korean, Latvian, Lithuanian, Macedonian, Norwegian, Persian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Vietnamese.|
KeePass offers two versions of its tool that vary in the basic features available (see screenshot). 1.x is much leaner and may be a good solution for getting started, as both versions are free.
You will find that the 2.x version offers loads of features that cover a wide range of different scenarios and uses (some via plugins). It is an impressive offering and it matches up very well to other password managers on the market (more than LastPass and Dashlane; only Zoho Vault offers a comparable amount, but remember that open-source evolves faster due to its decentralized nature), but you would be wise to consider the learning curve required for integrating the various plugins (over 100!), or scripts and getting familiarized with them. This is relevant to in-demand features, such as a mobile app (there’s an unofficial version available) and browsers’ extensions that are available only through plugins.
The rule of thumb with this password manager’s features is that whatever is not already in the box has a workaround via a plugin, or a third party unofficial development (a mobile app, for instance). The version I reviewed is 2.41, and as an open-source tool, we can expect that its evolution will consist of more and more features in varying specificity levels.
Remember that by default, KeePass stores the data locally on your device. This is great for security compared to other password managers who sync it to a cloud service (Dashlane, for instance) but if you do want to use such an option you can configure KeePass to do so, but expect to do some copying and pasting manually. A good practice would be to put KeePass credentials database on cloud-syncing folders, like OneDrive, Google Drive, etc. There’s no limit to the number of passwords you can create and KeePass also allows you to create as many sub-folders as you want to manage your databases.
Here are the main features to pay attention to:
KeePass is not shy about its security strength, and they like to show it (see their awards section). The program checks itself with every run and alerts if any of the algorithms fail the test. For those who are apprehensive about the open-source model in a security context, you may want to read what KeePass says on its home page (see screenshot below).
- Supports AES and Twofish, compounding a very high-security level
- SHA-256 encryption, a 256-bit cryptographically secure one-way hash function
- Complete database encryption: KeePass encrypts the password fields, but also usernames, notes and other details as well
- KeePass process memory protection: passwords are encrypted while KeePass is running. This feature prevents using the process of dumping memory to disk by your OS as a backdoor to reveal your passwords.
Multiple user keys
- One master password is used to decrypt the entire database
- Using a key file (on its own, or in tandem with the master password). Carrying the file in a physical piece of hardware (a flash drive, for example) means it is safe from cyber attacks, but make sure you don’t lose it!
- You can combine the key file with the master password for stronger 2-factor authentication encryption. The good news is that losing the key file does not compromise your database’s security.
Portable and low-signature version
- KeePass features a portable version that can be carried on a flash drive and runs on Windows OS without any installation needed (see versions screenshot above)
- KeePass doesn't store anything on your system. No new registry keys or INI files are created in a Windows directory.
- Deleting KeePass (either the ZIP or installer package) doesn’t leave a trace of it in your OS
KeePass does a good job taking care of its relatively weak point when it comes to browser integration with easily importing and exporting data from other password managers out there (in the pro version). In fact, with over 40 vendors included (LastPass, RoboForm 8, Dashlane 4 and others), it may well be a leader in this category. The downside is that you’d have to do some manual copying and pasting.
- Password list can be exported to TXT, HTML, XML and CSV formats
- The XML output can be used in other applications
- The HTML output employs CSS to format tables for easy layout changes
- The CSV output is fully compatible with most other password safes
- The CSVs can be imported by spreadsheet applications like Microsoft Excel
Plans and Pricing
There’s no fine print here: KeePass is totally free, regardless of the version you wish to use. You do have the option to make a donation to support this open-source effort on the website, but it is completely voluntary. As for plans, as I’ve noted in the overview, the difference between the lighter 1.x version and the 2.x (sometimes referred to as “pro”) is in the number of available features. The KeePass website does a good job in comparing the two versions head-to-head according to various categories/use-cases (see screenshot).
Ease of Use and Setup
Installing KeePass to my Windows 10 system was smooth and easy; downloading the desired version was quick and the site is informative and helpful. KeePass was designed to operate in a windows environment and covers even ancient legacy versions (even as far back as Windows 7, via… plugins), but it is compatible with Mac iOS, Linux and other OSs out there.
The major issue with KeePass is the overall UX/UI, namely, the grey Windows 95-style screen that welcomes you once the program is opened. There are no pop-ups, tool-tips or any indication of what you should be doing to actually start putting this tool to good use. This is the downside of the open-source nature of KeePass, as much work was put into the technical security functionalities, but the design obviously suffered major compromises.
It’s hard to imagine a non-techy user being comfortable using this password manager. Other then the main menu ribbon, there’s nothing out there to prompt any action. The first thing you want to do is to create a new database by clicking the somewhat obscure icon (see screenshot). From there on you could choose which folders to work with.
The password generator interface is equally old fashioned, yet clear and offers the most configurable, detailed password creation out there (see screenshot). You could set and configure virtually every aspect of your master password as it is rated in real time by the generator. As you noticed with KeePass, the level of features and configuration stands up to the paid competitors in the password management universe, but an ordinary user probably wouldn’t find a use for most of them.
As I mentioned earlier, KeePass employs the SHA-256 encryption standard, which is considered the highest in the industry and has shown no major weakness so far. Paring that with the key-file option creates a very powerful 2-factor authentication that incorporates a physical aspect (a flash drive carrying your key-file) that is less vulnerable to cyber attacks. As an out-of-the-box feature, this is very nice (and free!).
As far as I know, the KeePass password management system did not show any critical weakness that is prone to breaches—so, in terms of security, it is a very powerful tool.
If you ‘d like to backup your password database, KeePass doesn’t offer a built-in option, but it is possible to do a manual backup.
KeePass is an open-source venture, as such there’s no major corporate-level support as users have come to expect in password management (and in any other services). The website offers a help page with an FAQ section, but this will not benefit a user that finds technical reading tedious and just needs a helping hand in real time. To their credit, KeePass’s help is very well organized and detailed.
Learning how to perform manual processes and getting around the somewhat bleak interface is done through a wiki that is referred to from the help page (see screenshot).
The program does support a vast number of languages, thanks to the open-source contribution from many individuals from all over the world. In that respect as well, no other password manager has such extensive language support, which would make a lot of users happy around the globe.