Expert’s Rating
Pros
- Full management over login information
- Simple, easy interface
- Native help for browser extensions
- Free to make use of
Cons
- Very fundamental browser extension performance
- Setting changes are essential to get probably the most out of the app
Our Verdict
Whether you’re fed up with on-line password managers or simply distrust them, KeePassXC is a good way to securely self-manage your passwords. It doesn’t precisely replicate a web-based password supervisor, however that’s type of the purpose. Overall, it covers the fundamentals, and its ease and suppleness of use make up for its shortcomings.
Price When Reviewed
Free
Best Prices Today: KeePassXC
Simplicity is an asset. It’s what sells on-line password managers—they take the effort out of managing dozens (if not a whole lot) of distinctive, complicated logins. You join, set up a browser extension, click on just a few buttons, and the service handles the remaining. But on-line password managers require trusting a third-party with delicate information. While most are worthy of such religion, it takes only one large slip up (like LastPass’s epic failure to strongly safeguard its servers and in addition absolutely encrypt all buyer information) to show everybody’s worst fears.
An offline password supervisor is absolutely the one method to absolutely management your logins…but the most well-liked of them, KeePass, is just not precisely easy. Learning its ins and outs generally is a flip off to all however the very affected person, even when you’re moderately tech savvy.
Fortunately, there’s a streamlined different to the official KeePass app: KeePassXC. It’s simply as open supply and free, however with its extra fashionable interface, it’s a far simpler program to make use of. Basic options thought-about customary for password managers are baked into the software program, in contrast to KeePass. You nonetheless want the abdomen for sustaining and backing up your complete assortment of passwords—no small accountability—however you may be up and operating with this app fairly shortly. And as soon as you might be, it’s a nice mix of safe password administration with decrease threat of a stolen password vault.
Further studying: See our roundup of the perfect password managers to find out about competing merchandise.
KeePassXC: How it really works
PCWorld
As an offline password supervisor, KeePassXC saves your login information in a database file. You can open these .kdbx recordsdata in any program able to studying them (together with cellular apps and model 2.x of the official KeePass app), in addition to visa versa—it’s the identical precept as with the ability to open a .doc file in Word, LibreOffice, Google Docs, and so forth. KeePassXC ships with built-in browser integration, too.
Database recordsdata may be saved anyplace you would like. You can maintain them fully offline, selecting to make copies on each gadget you need entry from. You can put them into the cloud and thus approximate the comfort of a web-based password supervisor. You can strike a center floor and use a service like SyncThing to maintain copies of your database(s) synced throughout gadgets with out utilizing cloud storage.
But regardless of what number of databases you create and the way you select to retailer them, you’re solely chargeable for sustaining and backing up your recordsdata. You don’t have any security web. If you neglect your grasp password, there’s no restoration choice. If your database file corrupts or is unintentionally deleted, you’ve misplaced that information until you made a backup. If you add a keyfile or {hardware} key as additional safety in your database, it’s on you to at all times maintain it readily available. This is the trade-off for having full management over all of your login information.
KeePassXC: The fundamentals
Opening the app for the primary time drops you right into a clear, uncluttered display screen designed to get you began shortly. You can select to create a brand new database, open an present one, or import one from a CSV file, 1Password, or an older model of KeePass (1.x). The first two choices are easy—even when you’re not aware of encryption settings, the app suggests defaults when making a contemporary database that ought to work effectively, particularly when you’re new to password managers. If you already know your stuff, it’s simple to tweak issues to your liking.
PCWorld
What can take longer is switching from a unique password supervisor. You’ll first export your vault to a file, then import that into KeePassXC. If your earlier service has sloppy CSV exports, you’ll should burn time cleansing up the entries. You can also have to spend time on cleanup when you import a number of recordsdata into KeePassXC, merge them into one database, and find yourself with some duplicate entries.
Tip: If you intend to export your present password vault to a CSV file, use VeraCrypt to create an encrypted folder (“volume”), and save your CSV to that safe location. That approach, your passwords stay protected at each step of the transition course of.
Once you’ve arrange your database (or databases—you may have multiple open on the identical time), utilizing it’s simple to determine. This is essentially because of the pared-down variety of choices you could have. KeePassXC doesn’t help plugins, just like the official KeePass app does. Instead, it offers you all the fundamental options you’d want from a password supervisor, and leaves issues at that.
Case in level: You get only one type of entry meant for logins. No different sorts like safe notes, bank cards, or identities can be found. And whenever you fill out a password entry, there’s only a handful of fields: consumer ID, password, URL, notes, and tags. You can arrange two-factor authentication TOTP tokens as effectively, plus connect recordsdata or create customized attributes (textual content fields), however that’s it. The fundamentals are coated, however you don’t get extra.
PCWorld
Those entries get saved in folders—both within the default “Root” listing, or in a subfolder you create—and you’ll solely work together with them via the left hand navigation bar or the search characteristic. (The latter is way quicker, as soon as you determine how to use it efficiently.) Moving entries between folders requires dragging and dropping; you may’t additionally change the assigned folder throughout the entry itself.
Even the settings are pretty streamlined—although they’re break up up so that you just individually alter them for purposes and entries, you may’t actually go too deep into the menus. You can even normally work out via context what every setting is for, and no matter isn’t clear may be shortly appeared up within the user guide (or answered via a quick on-line search).
One such factor I needed to search for myself was auto-type—KeePassXC’s equal of auto-fill. It’s very clean, and helps bypass the danger of copying passwords to your clipboard (which may be considered by different apps in your PC) or utilizing the browser extension (a follow that on the whole can expose a password database or vault to somewhat extra threat). You load the web site, click on in one of many login fields, then swap to KeePassXC and select the data you wish to auto-type into the webpage. You may even create customized auto-type instructions for particular person entries, if their login web page structure doesn’t match the default auto-type choices.
KeePassXC: The stuff you’ll wish to tweak
PCWorld
By default, KeePassXC sticks to probably the most fundamental expertise—and whereas that’s adequate, you can also make this system even higher when you dig into the settings.
For customers who need an expertise nearer to that of a web-based password handle, you’ll have to flip on the built-on browser integration within the software settings. Installing the native KeePassXC browser extensions received’t work in any other case. You can restrict it to particular browsers, and even flip entry to sure entries on or off in every one’s settings.
For people who have to share their passwords with others, you’ll wish to arrange KeeShare. It principally creates a separate database with passwords that get synced between you and different folks, in addition to your major database. It’s how one can securely share your Netflix password along with your family members. Any adjustments made to these shared entries shall be seen by everybody with entry.
Alaina Yee / Foundry
For those that need stronger safety for his or her database recordsdata, you may add a keyfile or a {hardware} key to your login course of. (This may be executed when first making a database, or arrange afterward.) A keyfile is a separate file that have to be supplied together with a password to unlock your database, whereas a {hardware} key have to be bodily inserted into your PC and detected by KeePassXC whenever you enter your password. It’s not precisely two-factor authentication (you may learn why in this explanation in KeePassXC’s FAQ), but it surely does strengthen your password. It can also create a holy headache when you lose the keyfile or {hardware} key, or when you’re coping with cellular apps that don’t have good help for {hardware} keys.
And for anybody who desires to entry their database file (both by way of a neighborhood copy or a cloud save) on cellular, you’ll have to select a third-party cellular app. Obviously, this isn’t a setting to regulate—however as a result of KeePassXC lacks a local cellular app, you’ll should do some additional work to discover a appropriate Android or iOS app that you just like. Currently, the most well-liked choices are KeePass2Android or KeePassDX for Android, and Strongbox or KeePassium for iOS, however you could discover your tastes don’t run in these instructions.
PCWorld
There are different smaller settings you could wish to play with, too. For instance, the database doesn’t routinely lock after a interval of inactivity—I modified that straight away. I additionally determined to clear search queries after a number of minutes, and lengthen the automated clearing of the clipboard from 10 seconds to 15. And you could wish to maintain your entries’ usernames, passwords, and notes hidden from view. These particulars could seem small, however adjusting them and others to your precise liking can go a good distance towards feeling comfy utilizing KeePassXC each day.
KeePassXC: What’s lacking in comparison with on-line providers
As good as KeePassXC is as a self-contained password supervisor, its on-line competitors nonetheless outdoes it in just a few key areas.
Its greatest weak point: The browser extension is extra of a method to autofill login information already in your database. Oh, it can seize and save new login information as you create it for an internet site, but it surely doesn’t at all times acknowledge these conditions. And when it does, the dialog banner usually disappears extremely quick—I needed to be very quick on the draw to avoid wasting my passwords.
PCWorld
KeePassXC additionally lacks options like password auditing, the place it routinely checks in case your passwords have been compromised in a knowledge breach, in addition to darkish internet monitoring. You’re by yourself on this entrance.
Setting up a {hardware} key (like a Yubikey) is extra difficult, too. For starters, it’s important to first configure it to work with KeePassXC. I additionally spent much more time troubleshooting mine than I anticipated—particularly after I didn’t initially notice that it’s important to begin KeePassXC in Windows’ administrator mode for it to acknowledge a {hardware} key. Add within the difficulties with the third-party cellular apps I attempted, and I ultimately simply stripped it from my database to complete this evaluation. If you utilize a powerful, distinctive password at the least 24 characters lengthy, it’s best to have sufficient safety, however I nonetheless needed it to work anyway.
Should you utilize KeePassXC?
If you’re fed up with on-line password managers, otherwise you simply have by no means trusted them to start with, KeePassXC is a wonderful method to securely self-manage your passwords. You want far much less elbow grease to stand up and operating (in contrast to with the official KeePass app), as most fashionable password-manager options are baked in. It doesn’t precisely replicate a web-based password supervisor, but it surely adequately covers the fundamentals. Overall, its ease and suppleness of use make up for its shortcomings.