Strong security
Completely free
Open-source code can be intimidating and technical
All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
Online security is a huge priority for many individuals today, whatever their level of technical expertise. When it comes to protecting your online information, you want top-notch safety that won’t break the bank. Still, have you tried to keep track of all your passwords for numerous online accounts?
We know that’s no easy task, so we investigated the KeePass password manager to see how it can make your online life easier. KeePass is a dream come true for technical people because of the database management setup. But for non-technical users, it’s a little clunky. A password manager secures your login info and keeps it safe from unauthorized users. Keep reading to check out the features and functionality KeePass offers.
| Price | Free |
| Browser extensions | Chrome, Vivaldi, Brave, Firefox, Tor, Edge, Chromium |
| Password sharing | No |
| Encryption | AES-256, ChaCha20, Twofish |
| Two-factor authentication | Yes |
| Password generator | Yes |
| Form filler | Yes |
| Digital legacy | No |
KeePass keeps all files encrypted, including the entire database. The database is KeePass’s version of a password vault. That means not only your passwords, but your usernames, website address, and notes all get extra security. The encryption used is AES 256-bit for KeePass 1.x, whereas KeePass 2.x adds ChaCha20 to. The AES 256-bit is the standard encryption service used by the U.S. federal government and approved by the National Security Agency, which makes it secure in our opinion.
KeePass also has importing and exporting functionality. Users can import data from CSV files, so if you have passwords already stored in a different location in that format, you can transfer them to KeePass. It’s also an open-source password manager, so you can view the HTML code within KeePass. There’s nothing hidden, and the idea is that everything is out in the open for anyone to review.
You may have heard that passwordless authentication works better than using passwords to keep data secure. KeePass is a bit different from many of the password managers we’ve seen. You have the option of using a key file for two-factor authentication, but the KeePass website also discusses using a YubiKey, which is a USB stick. If you insert the USB stick into your device, pressing the button on the stick triggers it to enter a password for you. In contrast, the key file is like a passcode you can use in combination with your master password.
The YubiKey can also be used to enter a master password for your database. If you want even more protection for your database, you can use the challenge-response mode of YubiKey, which will require the KeeChallenge plugin.
KeePass recommends using the password generator to create random passwords. A secure password will keep your information safer. You can customize this by letting KeePass know what specific characters can be used to generate the passwords. The program will then only create passwords based on your selections. These options can get quite detailed depending on how unique you want the passwords. Rules that can be implemented include requiring the use of a certain number of uppercase or lowercase letters and requiring a certain number of digits.
KeePass uses auto-type to automatically enter usernames and passwords. With this feature, you can define a sequence of key presses that will be entered for you when you open a browser window or access a login screen.
That function is typically used for the username and password combination, but it can also be a shortcut entered for notes. KeePass allows users to define a prefixed entry using the phrase “Auto-Type.” Then, you can go back to your notes to see what the sequence is for different programs. The only part that gets auto-filled is the words after “Auto-Type.”
Keep in mind this is not your usual autofill feature. Other password managers give you a screen to set up your login credentials and do most of the work for you. With KeePass, there is more work on your part.
KeePass uses an algorithm to estimate the strength of a chosen password. It looks for patterns based on a list of thousands of common passwords. KeePass shows the quality of the password in entropy bits.
Entropy bits measure the strength of passwords based on the number of guesses it would take to crack that password. You get a score from 0 to greater than 128. Anything over 128 is considered a very strong password by the program. Good news: You don’t have to fully understand machine learning to see whether your password is strong. KeePass will show you, and you can change it to something else if you want.
We didn’t find much in the way of how emergencies can be handled with KeePass. It seems there are some ways to share file access with other users, such as storing a copy of the database in the cloud, then opening it on other devices. Some users share a Dropbox folder with someone else to give them access to the database. Other than this, we couldn’t find a clear way that KeePass supports digital legacy.
KeePass does offer easy database transfer, where files can be moved from one computer to another. You can also attach files to password entries, so you can easily view a document if needed. The program seems more customizable than other password managers if you want to take the time to do so. The password generator will create strong passwords you can define and design in a format of your choosing. That’s something you can use or let the program create a random passcode on its own.
We attempted to test KeePass on a Macbook Air running macOS Big Sur. After multiple failed attempts to download it, we had to access the MacPass download as a workaround. MacPass is a port that’s compatible with KeePass. But in our efforts to use the database, we felt KeePass was more geared toward database management users than people who simply wanted a password manager.
We found the user interface to be unfriendly and not intuitive. In fact, we thought the interface seemed outdated and reminded us of old database software. For users who want an easy program that manages and stores passwords, this one may be a bit complicated.
The setup is not as simple as it is with other password managers. Once you install the software, a database window opens that includes no instructions. Other programs give you prompts so you know what to do next. If you want to understand how to use KeePass, you’ll probably need to use the tutorials on the website. It is free though, and that’s good because we don’t think most people would pay for KeePass when offered alternatives that are easier to use.
We aren’t saying this is a bad password manager. It offers good security, a solid password generator, and includes an easy-to-understand password strength report. It’s also open-source software, so you can review the code if you want. In our view, there are simply much easier and more appealing password managers out there.
According to its privacy policy, KeePass processes personal data only if it's necessary for a website to function. It also explains that the software will ask for consent before sharing personal information. Your home address, phone number, and email address for marketing are prohibited, so you won’t have to worry about your inbox getting hit with tons of spam due to KeePass use.
KeePass has had third-party audits. On the website, it shows that it has been audited by the European Commission’s Free and Open Source Software Auditing project. During the audit, no security problems were found. According to the site, KeePass is also in the BSI Cyber Security Recommendations. Third-party audits provide an objective viewpoint on the security of a program by assessing the coding, documentation, and processes of software.
KeePass is safe to use due to the encrypting of the files and the entire database of passwords. All the information in the database is secured with AES 256-bit encryption and either Twofish or ChaCha20 encryption.
There is no customer support for KeePass. You aren’t entirely on your own, though. There are FAQs, a Help Center, and tutorials to assist you with issues or questions. You can also access KeePass’ discussion forums to chat with other KeePass users.
KeePass is compatible with various devices and platforms, though we learned the software might work on some operating systems better than others. For instance, we would prefer a straightforward program that works with our Macbook rather than a compatible port to make it work. You also may need to update your privacy settings to allow the download.
According to the website, KeePass is compatible with or has KeePass ports for the following operating systems and devices:
KeePass is a free, open-source program. Although it is a secure software, if you want a password manager you don’t have to buy, we recommend a more straightforward option, such as 1Password or LastPass. These are both easier to navigate with a more intuitive user interface.
| KeePass | |
| Number of users | Multiple users may access the database |
| Encryption | AES-256, ChaCha20, Twofish |
| Autofill | |
| Password vault | |
| Password generator | |
| Two-factor authentication | |
| Data breach alerts | |
| Digital legacy | |
| Import and export data | |
| Multi-language support | |
| Plugin architecture | |
| Details | Learn More |
KeePass is a secure password manager that uses AES-256 encryption along with ChaCha 20 or Twofish encryption architecture.
Along with superior security, the benefit of KeePass is that it is free software that offers a portable database storage solution. Because something such as Google Password Manager isn’t safe, KeePass gives you an additional layer of support for free.
If you want to use KeePass across multiple computers, you can use another service such as Dropbox, Google Drive, or Microsoft OneDrive to create shared folders. Alternatively, you can export the database and import it to another device. You can also open the database via the cloud on another computer.
The best way to use KeePass is to have a copy in the cloud and download a portable version so you don’t have to install it and can run it faster. From there, you can use it as a standard database to store your crucial data.
KeePass is good overall software if you want something that looks more like a database management system. It’s also secure and does a proper job of guarding your private information. With all the password managers out there, we recommend opting for something more user-friendly that will easily work on any machine without the need for a port or other workaround technique.
Strong security
Completely free
Open-source code can be intimidating and technical
If you’re a tech-savvy person who loves to dive into open-source coding and enjoys the look and feel of a database, this software may be for you. Otherwise, if you want something simple to use and that securely stores your passwords with an easy setup, we’d recommend steering clear of KeePass. Many other programs won’t cost a fortune but will be much easier to navigate. For a more beginner-friendly password manager, read our Bitwarden review.
Strong security
Completely free
Open-source code can be intimidating and technical
