Most major password managers we’ve reviewed so far follow a similar path: they utilize an intuitive, simple-to-use user interface (UI), provide different plans for different users, and offer their products at a tiered pricing model – making it easy to set up and scale up/down your plan if necessary.
At the same time, some aren’t particularly user-friendly nor pretty to look at, but once you overcome the initial learning curve you’ll find out that it’s a fantastic piece of software you can’t live without.
KeePass is one of those password managers and if you wish to find out more about it, keep reading this review.
We’ll start by saying that KeePass is cost-free, open-source, and able to give you complete control over your passwords and other sensitive data. It might not be the most user-friendly solution out there (to put it mildly), but it makes up for it with a high level of flexibility, customizability, and overall control.
|Platforms||Windows, macOS, Linux, Android, iOS|
|Browser extensions||Only via plugins|
If you think that KeePass is worth a look, here’s a short list of its main pros and cons:
- 2FA and MFA support
- All data is encrypted on your device
- Completely free and open-source software
- Data encrypted in transit and at rest
- Multiple sync strategies are available
- Strong on security
- Wide variety of powerful plugins
- No standard customer support channels
- Not particularly beginner-friendly
- Setup can be time-consuming
- Outdated UI
KeePass feature summary
Here’s a summary of KeePass core features:
- Data is encrypted on your device
- Data encrypted in transit and at rest (E2E) with AES-256, ChaCha20, SHA-256, AES-KDF, and Argon2
- Encrypts the complete database
- Multi-language support (with over 45 available languages)
- Multiple optional sync strategies
- Password import/export
- Support for 2FA and MFA
- Strong password generator
- Password list can be exported to TXT, HTML, XML and CSV format
- Plenty of powerful plugins
- Works on Windows and Mono (Linux, macOS, and BSD) with plugins for other OS’ and browsers
KeePass isn’t published by a company. It is free and open-source (FOSS) software distributed under the terms of the GNU General Public License version 2 or later by the author, Dominik Reichl.
As often happens with FOSS software, while the core product is created and maintained by Mr. Reichl, much of the KeePass software is actually created and maintained by others.
The legal verbiage for KeePass is all available here in English and German. The portion of the document covering Privacy appears to comply with the EU’s GDPR (if you want to be sure, check for yourself).
KeePass does collect some user data. Session-related data is deleted at the end of the session. Some data is collected in logs. The data in the logs is either deleted after at most seven days, or anonymized if kept longer.
For more information, visit the KeePass Legal Documentation page.
Given that third-party audits are expensive, and KeePass is free, I didn’t expect to find any such audits. However, as you can see on the Awards, Ratings, and Opinions page, KeePass was audited twice, most recently in 2016. This last was a code review by the EU’s Free and Open Source Software Auditing project, also known as EU-FOSSA 1.
While it would be great to see penetration testing results on KeePass, this code audit, along with the various other audits and awards on this page, are all positive signs for KeePass.
There are KeePass clients for most operating systems and web browsers. Here’s what the Windows version looks like:
The user interface for KeePass doesn’t appear to have changed much since the birth of the product back in 2003. It appears that the developer has put his effort into improving the functionality of KeePass rather than the appearance. Given that he is a one-man band as it were, that approach makes a lot of sense.
Interestingly, only the Windows version is actually published by Mr. Reichl. All other clients are unofficial releases created by third-party developers. That can be confusing, but it also allows the KeePass ecosphere to evolve much faster than if one person had to do everything himself.
So how do you know which client to use? Your best bet is to go to the KeePass Downloads page and try out any of the Contributed/Unofficial KeePass Ports you find there for the device you are interested in.
You can find KeePass ports for the major operating systems, web browsers, and smartphones, as well as more exotic targets such as Windows Phone, PocketPC, BlackBerry, Sailfish, and others.
KeePass hands-on testing
I tested KeePass on an old Windows 7 machine. Since KeePass isn’t set up to sync between multiple devices by default, I did not attempt to set this up.
There are several approaches you can use, involving various levels of manual configuration. If you decide to use KeePass on multiple devices, you’ll need to go to this page to learn about how KeePass synchronization works and configure one of the sync methods yourself.
Note: KeePass 1.X and 2.X are available for download. Following the publisher’s advice, this review covers KeePass 2.x.
I downloaded the installer for KeePass 2.43 from the Downloads page and ran that. The installation was pretty standard at first, but became a bit confusing when it required me to specify where the passwords should be stored and what the file should be called, followed by creating a Composite Master Key:
I can see a typical user throwing up their hands at this point and deciding to try a different product.
After creating the Composite Master Key (which is required to get access to your stored data) I was able to view the empty Windows client, which looks like this:
Adding login credentials to KeePass
With the client up and running, it was time to add some login credentials. KeePass gives you two ways to add login credentials.
- Import credentials from your web browser or another password manager;
- Enter credentials manually.
Note: While we are talking about Login Credentials here, you can enter any other data into KeePass the same way.
Unfortunately, KeePass does not have a feature to capture login credentials. You need to enter the data manually whenever you log in to a site and the data isn’t already in KeePass. While this approach gives you complete control over what and how gets added to KeePass, you may find this to be more of an annoyance than a feature.
Importing login credentials
KeePass can import data from numerous other password managers, as well as Google Chrome and Mozilla Firefox. I tested this capability by importing all my data from Bitwarden. The process only took a couple of minutes and even replicated my Bitwarden folder structure so all my passwords and notes remained organized.
Adding login credentials manually
To add login credentials manually, open KeePass and click the Add Entry button, or press the CTRL+I keyboard shortcut. The Add Entry window appears, and looks like this:
Enter the username and password you want to use in the provided fields. KeePass will generate a Quality score for the password you enter, making it easy to ensure that you don’t create a weak one.
The best way to avoid creating weak passwords is to use the KeePass Password Generator. Click the Generate a Password button (circled in red in the preceding image) and in the menu that appears, select Open Password Generator.
KeePass password generator
The password generator in KeePass is very powerful and customizable (just like the rest of the product), with tons of options.
Despite the tons of available options, in most cases, you can just use the default settings, which will give you a very secure password with no fuss or bother.
Auto-type to fill in fields
Wait! We’re not done yet.
KeePass takes a very different approach to enter your data into a web page than other password managers. Whereas they just automatically enter the data into the relevant fields on the page, KeePass Auto-Types on the page.
The system is a little complicated, but the idea is that you give KeePass the exact sequence of keystrokes you would use if you were logging into the site by hand. You program this sequence of keystrokes on this tab in the Add Entry window:
This may seem like a crazy way to do things. It does make setting up most passwords harder than with other products. The benefit is that you can set up KeePass to work with virtually any login screen, no matter how complicated. You’ll have to decide for yourself whether this is a benefit or a reason to look elsewhere.
Working with your passwords and other data
Once you’ve got login credentials and other data into KeePass, how do you work with that data? Open up KeePass and select the database that contains the data you want to work with. All the data entries are visible when you select the database itself. Or you can select the folder that contains the type of data you are looking for (Secure Notes, for example), and find the correct entry there.
Double-click the entry to open the Edit Entry window. The window is virtually identical to the Add Entry window we looked at earlier, which means you can view or edit anything about that entry in this window.
KeePass in action
To get KeePass to enter your login credentials onto a web page, you need to do a bit more work than with other password managers. Since it is a standalone app instead of a browser extension, you have to tell KeePass what page it needs to fill in.
To get KeePass to enter your Login Credentials, follow these steps:
- In your web browser, navigate to the page you want to log into.
- Open KeePass, and select the entry for that page.
- Click the button circled in red in the following image:
Once you do this, you will see KeePass literally type the data into the appropriate fields and log you in.
Additional KeePass features
Considering that KeePass has over 100 plugins and extensions that you can use with it, talking about additional features doesn’t make a lot of sense.
Aside from the ability to automatically capture Login Credentials (which doesn’t really make sense given the design of KeePass), if you can think of some feature that you would like KeePass to possess, you can probably find a plugin or script that can give you that feature.
There is also a large list of available plugins and extensions.
Background of KeePass
KeePass started its journey as a Windows program. It is written using the programming language C#. C# is a fine language, but it requires some special code from Microsoft (the .NET framework). This makes porting KeePass to other operating systems complicated, requiring yet more specialized software to make it all work. Even with that, KeePass running on other operating systems looks like an old Windows program, rather than a modern Mac or Linux app.
KeePassX was created several years ago to be a Linux version of KeePass named KeePass/L. In 2006, the developers decided to make KeePassX into a cross-platform app (one capable of running on multiple operating systems). Unfortunately, development work on KeePassX stopped in October of 2016.
This caused a group of KeePassX fans to create their own version (a fork) of KeePassX, called KeePassXC.
Meet KeePassXC: The KeePass Cross-Platform Community Edition
Here’s how the developers describe KeePassXC:
“KeePassXC is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager.”
To make this happen, KeePassXC is written in C++, which makes it possible to run natively on Windows and non-Windows operating systems.
KeePassXC can read KeePass password databases, making it easy to migrate your passwords over. That said, they are definitely distinct products. The following table lists some of the differences:
You can consider KeePassXC as a great alternative to KeePass if you want to run your password manager on multiple operating systems, or you need one of the features in the preceding table. You might also want to consider that KeePassXC is being developed by a team (five members currently), while KeePass is a one-person project.
Since KeePass is created and maintained by the author, there isn’t a support team like you would get with other password managers. That means no phone support, no Twitter, and no email. If you need help with KeePass, the place to get it is in the KeePass forum on SourceForge.
The other resource you can use if you have problems is the KeePass Help Center.
There is a lot of detailed information here about every aspect of the product. However, much of the information is pretty technical, and may be somewhat confusing for regular users.
Is KeePass secure and private?
KeePass is powerful and flexible. But is your data secure and private if you entrust it to KeePass? Let’s see…
Your KeePass data should be secure against any attacks. It uses AES-256 or ChaCha20 encryption for your data, SHA256 for your key, and further protects against attacks on your password using AES-KDF or Argon2.
- KeePass is open-source software. Anyone can examine the code. Since KeePass has an active community of users and developers, it seems likely that someone would notice if there was anything objectionable in the code.
- There is no KeePass corporate cloud where your data is stored. About all someone can determine from an attack on KeePass is that you have an account.
How much does KeePass cost?
Nothing. Zip. Nada. That’s right, KeePass is totally free, and so is KeePassXC. However, if you appreciate the work they are doing, both teams will accept donations.
To learn how to donate to KeePass, click here.
To learn how to donate to KeePassXC, click here.
Is KeePass the right password manager for you?
KeePass might not be the right password manager for most people. It is extremely powerful and flexible, but it is also complicated to set up and use.
It is really more of a tool for a software developer, engineer, or other highly technical person who is willing and able to invest the time and energy needed to make the best use of KeePass.
What password manager should you look at if KeePass doesn’t meet your needs? If you like KeePass, but are concerned with cross-platform compatibility, check out KeePassXC. It is very similar to KeePass, and can read and write the same data. But KeePassXC is designed to run natively on all platforms, does not use Plugins, and simplifies synchronization between devices.
If you like that KeePass is open-source software, but it is too complicated for you, check out Bitwarden. It too is open-source software, but it is far simpler to use than KeePass.
If you like how feature-rich KeePass is but don’t like the complexity, you might like Dashlane. It isn’t open-source, but it is heavy on features, yet much less complicated than KeePass.
Yes, it’s safe to say KeePass is considered secure. With military-grade 256-bit AES or ChaCha20 encryption to safeguard your data, SHA256 for your keys, and AES-KDF or Argon2 as an additional layer of security, your data should be secure against any cyberattacks. Also, your data doesn’t get stored in a cloud which is another plus for overall security.
Yes, KeePass is freeware, which means it’s completely free to download, install, and use. What’s more, it’s an open-source solution as well – its source code can be seen, modified, and shared by anyone. This is why we have access to tons of free plugins for KeePass, many of which are pretty powerful.
If your device gets infected with malicious software, yes, your KeePass could get hacked. However, given that it employs first-rate types of encryption and there’s no third party to exchange sensitive data with, it’s unlikely to happen. That being said, in 2019, some serious vulnerabilities were discovered in the code of several password managers, KeePass included. Fortunately, this affected Windows 10 users only under the condition that specific malware was installed – and sensitive no user data was stolen.
Unfortunately, yes you can, and if you do, you’re out of luck. With KeePass, you secure your vault with a master password and a so-called key file, so if you somehow manage to forget/lose any of these key components, all your stored data is lost to you. There’s no backdoor, no universal key, no password reset tool, nothing. While cracking your KeePass database could spring to your mind, that might not be the best idea considering KeePassp’s strong protection against brute force attacks and password cracking attempts.
KeePass review conclusion
If you’re looking for a way to store all your passwords on a single computer, KeePass might be worth considering.
However, unless you possess some level of technical know-how that will allow you to tweak it a bit and utilize its full potential, KeePass won’t give you much besides the bare-bones functionality.
It’s also not as straightforward to use as other (mostly proprietary) password managers on the market – so, non-techies stay away.
On the other hand, if you’re a skilled software developer, cybersecurity professional, or otherwise tech-savvy user who doesn’t get intimidated by the technical nature of software, KeePass should be on your to-do list. With a wide variety of powerful plugins and a committed community, KeePass can be customized to fit any sort of organization.
Those who want to run their password manager on multiple OS’ should consider KeePass’s first cousin, KeePassXC – it’s somewhat simpler to use but beware of its limitations.
To find out what are our top picks for the best password managers, check out our guide.
And if you wish to check some of KeePass’s competitors, here is the full list of our password manager content:
- Bitwarden Review
- LastPass Review
- KeePass Review
- NordPass Review
- Dashlane Review
- 1Password Review
- Best Password Managers
- How to Create Strong Passwords
This KeePass review was last updated on January 4, 2023.