Troubleshooting & How-Tos

KeePass Password Managers

Unless you only use a handful of online services, a password manager is a must these days. If you reuse the same password across more than one website, and one of them gets hacked, leaked, or otherwise breached, hackers will try that login/password combination on other sites. You don’t want someone gaining access to your email or dropbox because some store you bought a shirt from two years ago lost control of its data.

There are a bunch of different password managers out there. LastPass, 1Password, Bitwarden… Most of them are online services themselves, which means you have to (a) trust that they won’t snoop on your passwords and (b) trust that their security is good enough that your passwords can’t get hacked.

What’s KeePass?

KeePass is an offline password manager that keeps your vault encrypted locally, on your own system. Or you can sync it any way you want, between as many computers and mobile devices as you want. Local file shares, SFTP or WebDav, your own NextCloud server, a cloud service like DropBox, OneDrive, Google Drive or iCloud, etc. And even if you use a cloud service, it (or an attacker) can only access the encrypted file. You have full control over your password storage!

The format is open, so you can mix and match different apps with the same database. I’ve found this combination works well for me:

Desktop: KeePassXC

I’ve used KeePassXC, the original KeePass, and KeyPassX (which is discontinued). KeePassXC responds more quickly in my experience, is actively maintained, just looks better, auto-saves your changes, offers to re-load when your sync setup bring in changes from another device, and it needs fewer hoops to jump through to install on Mac and Linux. And since I switch between Windows, Mac and Linux all the time, having the same password manager on all of them is helpful.

Download KeePassXC

Web Auto-Fill: KeePassXC-Browser

This add-on handles auto-fill for Firefox, Chrome(ium), Vivaldi and so-on, and is built by the same team that maintains KeePassXC.

It takes a little effort to connect it to your desktop app the first time, but from that point on it mostly does its job and stays out of your way, detecting login forms and adding a button to fill in credentials you’ve stored with that URL in KeePassXC (when you have the desktop app open and the database unlocked).

Tips on matching websites to password entries:

  1. General URLs will match better, like example.com instead of example.com/login?fromSignIn=true.
  2. You can associate extra websites that use the same account by putting them in extra fields named KP2A_URL, KP2A_URL2, etc. in the desktop application. (Conveniently, these are the same fields KeePass2Android uses.)

Download KeePassXC-Browser:

Mobile: KeePass2Android

A nice, clean Android app with auto-fill support for both websites and apps. It locks the database after a timeout, but you can set it to keep it available and quick-unlock using either part of your password or your device’s fingerprint scanner if it has one.

Syncing is supported by SSH, WebDav and NextCloud, as well as major cloud services like DropBox, OneDrive and so on. It’s almost seamless, too. I’ll often add a password on my desktop, then open up my phone and it’s synced already. Or vice versa. Both KeePassXC and KeePass2Droid keep their local copies updated as you change them, and have been surprisingly good at merging changes when they get out of sync!

Download:

I’m sure there are some good iOS apps for KeePass, but I don’t have an iPhone, so I’ve never looked or had a chance to try any out.