Expert’s Rating
Pros
- Free to use
- Highly customizable
- Provides full user control of data
Cons
- Requires a higher degree of technical proficiency than modern password managers
- Dated interface
- Core program lacks auto capture and replay and other basic password management features
Our Verdict
KeePass is a highly customizable open-source password manager that puts you in full control of your data, but the average use may find its technical demands to great.
KeePass is a free, open-source password manager that’s been around for 20 years. While functionally solid, the core program lacks many of the features we’ve come to expect from modern password managers such as password capture and replay, password auditing, dark web monitoring, and a native mobile app. On the plus side, it offers a high degree of customizability but requires a certain technical proficiency to take advantage of it, something the average user probably doesn’t have.
KeePass: Getting started
If you’re one of those average users, things get muddy the moment you go to download KeePass. There are two editions, 1.x and 2.x, and developers continue to support both. However, there’s little to guide your decision about which version to download. KeePass provides a link to an edition comparison page, which states the two editions are “fundamentally different (2.x is not based on 1.x).” But many of the differentiators are tough to decipher if you don’t have the requisite technical background. In the end, I chose the latest release of edition 2.x because it supports additional security features that 1.x doesn’t.
Note: See our roundup of the best password managers to learn about competing products, what to look for in a password manager, and product recommendations.
Once the KeePass installation is complete, an empty password database window appears with virtually every button grayed out and no instructions on how to get started. After returning to the KeePass web page and poking around a bit, I stumbled upon a “first steps tutorial” that describes basic usage.
Upon installation, KeePass launches an empty database window, but you’ll need to consult support documentation for instructions on how to get started.
Michael Ansaldo/Foundry
You first have to create a new database, by selecting File > New in the main menu. You’ll be asked where to store the database file; KeePass stores your database locally on your device rather than in the cloud, which greatly reduces the likelihood of a breach. Next, you’re prompted to create a master password. There’s also a checkbox here to display “expert options,” which allows you to enable multi-factor authentication for your KeePass account. You can either create a key file, which you’ll have to install on a USB drive that will have to be plugged into your computer when accessing your database, or you can attach the data to your Windows user account.
After you’ve created your master password, you can see your database. KeePass shows its age. The database is a bare-bones window. A menu on the left sorts your passwords into groupings circa 2003 (Networks, Internet, eMail, etc.), and your passwords for the active group are listed in a larger pane on the right.
KeePass: Features
Importing passwords from other databases is pretty straightforward. KeePass can import from more than 40 other password managers, including popular commercial options such as Dashlane, Bitwarden, and LastPass, as well as from Firefox and Chrome browsers.
KeePass rates the quality of your master password.
Michael Ansaldo/Foundry
Adding and creating new passwords takes a lot more work. Unlike modern password managers, KeePass does not have a browser extension that automatically captures and replays login credentials as you use and update them. Any credentials not included in your initial import have to be added to your database manually one by one. New entries automatically populate with a 20-character generated password containing lowercase and uppercase letters and numbers. KeePass’ password generator offers a dizzying array of options for how passwords are generated, but most of these are probably beyond the scope of the average user’s needs.
Most commercial password managers fill in your login credentials on secure sites either automatically or when you select the site’s entry from a browser extension. KeePass instead uses something called Auto-Type. It uses a sequence of keystrokes that simulate the act of you manually typing in your login credentials. When you invoke this sequence by pressing Ctrl-V in a login window, KeePass essentially performs those keystrokes.
The default keystroke sequence is set to {USERNAME}{TAB}{PASSWORD}{ENTER}. In other words, KeePass will simulate typing your username, tabbing to the next field, typing your password, and then pressing enter when you invoke Auto-Type. If a particular website requires a different sequence of keystrokes, you’ll have to define a new Auto-Type sequence for that entry in your database.
KeePass Auto-Type uses a defined sequence of keystrokes to populate your login credentials on websites.
Michael Ansaldo/Foundry
Auto-type works but it’s not particularly user-friendly. You have to be sure your cursor is in the right input field before you invoke Auto-Type or it won’t work. I also found that the feature didn’t work as expected on every site, in which case I had to simply copy and paste my credentials, toggling between the site and my KeePass database.
In addition to passwords, you can store credit cards, notes, and other sensitive personal information in KeePass. But as with passwords, it typically takes more steps and tweaking than in other password managers.
KeePass: Syncing
KeePass also allows you to sync your databases across devices but it’s not as straightforward as with cloud-based password managers. The base program supports syncing database files to other devices using local network shares, FTP, HTTP, and WebDAV. Things get trickier if you want to use the cloud to store and sync your database. Popular options like Dropbox, Microsoft OneDrive, and Google Drive may provide an integration that allows you to access your stored files using Windows Explorer. If not, you’ll have to find a specialized KeePass plugin to help do the job.
Speaking of plugins, KeePass has more than 100 that facilitate everything from backup to importing and exporting data, to integrating with third-party applications. If you decide to use KeePass, you’ll want to familiarize yourself with these because many bring the program’s capabilities on par with modern password managers, adding features like automated password capture and replay, password change reminders, and cloud syncing.
Should you use KeePass password manager?
This customizability means you can shape KeePass to your precise needs if you’re willing to put in the work. Most users, though, are turning to password managers to reduce complexity and mental labor, not increase it. If you’re not a tech-savvy tinkerer, KeePass’s demands and the need to repeatedly consult its support documentation will likely tie you in knots pretty quickly. I would strongly recommend you leave KeePass to those with the know-how to maximize it and look instead to one of the top picks in our password manager guide.
