KeePass Password Manager Review

KeePass is different from other well-known password managers in several key ways. It's totally free, and it's an open-source platform. Unlike newer password managers such as LastPass or Dashlane that store the password vault online in the cloud, KeePass keeps it on your laptop, desktop or mobile device.

It's very powerful and very customizable, and it runs on almost every modern desktop and mobile platform. But KeePass' highly technical, open-source nature may intimidate most users, especially when compared to the friendlier interfaces of other password managers.

Costs and What's Covered

The desktop edition of KeePass is absolutely free for all users. For desktop installations, you'll have to choose between KeePass Classic Edition and KeePass Professional Edition.

The Classic Edition runs on Windows Vista through 10 only. (You can find versions that will support Windows 2000.) The Professional Edition has more features (including synchronization across devices). It officially runs on the same versions of Windows as KeePass Classic Edition, but you can find versions that support all the way back to Windows 98. The Professional Edition also supports Mac, Linux and BSD. Users on all platforms will need to have the Microsoft .NET framework — or its open-source, multi-platform cousin Mono — installed.

Depending on the operating system you use, you may have to download additional software to run KeePass. (Mac, Linux and BSD will need Mono.)

There is no official KeePass mobile app, but there are several ported apps available for Android, iOS, Windows Phone, BlackBerry and even Palm OS, some of which show ads and/or ask for donations. We installed an Android app called KeePassDroid on a Samsung Galaxy S6 and a OnePlus One, and an iOS app called KeePass Touch on an iPhone 6s Plus.

Setup

The Windows, Mac, Linux and BSD versions of KeePass can be downloaded from the project's website. At first glance, the site's homepage lacks the modern design features of other managers' interfaces. But don't be put off because the home page looks like it was created in the mid-'90s. There is a solid and trusted platform behind it all — and you will definitely want to read the tutorial at KeePass.

KeePass is also portable. You can install it on a USB stick so that you can carry it with you, keeping your entire password database within arm's reach at all times.

Setting up your KeePass account is fairly straightforward. You first create a database on your single or primary device. You can create a master password to unlock the database, or instead use a key file (a long, unique number that you'll store on a USB thumb drive) as your entry key, or both.

MORE: Best Password Managers

We went with the master-password-only option. (You may want to generate the key file anyway, because combining it with the master password creates a powerful form of two-factor authentication.)

Because KeePass stores files locally — i.e., on one of your devices — rather than in the cloud, it's best to put the KeePass credentials database in a Dropbox, Microsoft OneDrive, Google Drive or similar cloud-synced folder in order to access the database from another device. Alternatively, you can sync your devices across your own local Wi-Fi network.

We had no problem using Google Drive to sync KeePass Classic Edition between a Windows 8 laptop and an Android phone. Other KeePass users told us they had equal success with Dropbox. On Windows 10, KeePass Professional Edition defaulted to OneDrive, as we had no other sharing software installed, but we had trouble syncing the OneDrive folder with other devices. That's likely a Microsoft problem, not a KeePass one.

The open-source nature of KeePass is designed to be secure and effective, but not fancy.

Unlike most password managers, KeePass doesn't have browser extensions to automatically recognize or log into websites. Instead, you can configure hot keys on your desktop to trigger a vault search, or manually copy and paste — or drag and drop — a set of credentials from the application to the website. (You can set KeePass to wipe the clipboard clean after a period of time.)

KeePass Desktop Application

The KeePass desktop program is entirely unimpressive. The simple, gray, blank interface looked daunting at first, but it wasn't so bad once we started using it.

Although KeePass can't automatically pull in login credentials from web browsers, KeePass Professional can import data from dozens of other password managers, including 1Password, LastPass and Sticky Password (see a full list here).

We imported our LastPass logins, which was simple enough to do but still required some re-sorting once they were in our KeePass vault. Because the program is so basic, it wasn't hard to get data organized and put into folders. KeePass lets you create subgroups within folders, a convenient feature often overlooked by other password managers.

One downside is that KeePass does not automatically capture login credentials when you use a website for the first time, as many other password managers do. Instead, you'll have to enter the information for the new record manually. Your best bet is to do this immediately after you create a new login.

MORE: How to Create and Remember Super-Secure Passwords

When creating a new entry, you can choose an icon to represent it and let KeePass generate a unique, strong password that it will remember when you log in next time. There's even an option to randomly seed password generation with your own mouse movements and keyboard inputs.

KeePass Mobile Apps

Like the KeePass website and desktop interface, both of the mobile apps we tried were basic and highly functional. Again, all password entries had to be created manually, which was kind of a pain. You have to stay on top of your logins and remember to add them — or have the app create a password for you — so KeePass will save it for later.

KeePassDroid walked us through syncing its locally stored database with OneDrive, Google Drive or Dropbox. Selecting any of those brought us to a page that showed us all available folders. As mentioned above, we had no trouble using Google Drive to sync a laptop and smartphone.

Overall Performance

Like many free and open-source programs, KeePass doesn't do it all, or even much, for you, and you will have to put in some effort to reap its full benefits. The open-source nature of KeePass is designed to be secure and effective — especially for tech-minded users — but not fancy.

However, despite its plain façade, KeePass worked really smoothly, even for a basic user. Even the portable edition on a USB stick — a format that can be annoying to use with some other password managers — was practical and simple with KeePass. Having your data stored in a place or places only accessible by you is pretty flawless protection. Just don't lose that USB drive.

MORE: 10 Best Mobile Password Managers

Bottom Line

On one hand, KeePass offers solid and secure password management and storage for absolutely no cost. On the other hand, the open-source interface is highly technical and design-challenged, and requires a bit more manual labor than the average password manager.

The KeePass settings are incredibly customizable, starting with the choice of a master password and/or key file for accessing your account. And although you must manually create new entries, KeePass offers unparalleled options for accounts from which you can import data. It's a great choice for those who are technically inclined, but perhaps not such a good one for the average user.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
No comments yet
Comment from the forums
    Your comment