KeePass Review

I’m often asked for advice as to how someone can improve their own personal level of security and the second topic I bring up (installing antivirus software is the first) surrounds the use of passwords.

As stressed elsewhere here at Comparitech, there is no substitute for a long, complex, hard to guess password made up of numbers, letters and symbols. There is also no alternative to the use of unique passwords for each and every site you visit – reusing the same one for every account under your control is a prelude to disaster should any one of those accounts be breached because, as you may have seen in the news, the compromised login credentials often then find their way onto certain sites from which the criminals can then harvest and use them.

But how do you remember a different password for every account you have?

Especially when the number of passwords we have to recall seems to grow by the week (the average person has 118 online accounts now and will likely have over 200 within the next ten years).

Well, the answer is to use a password manager.

By employing such a piece of software, along with a browser extension, you can let go of the dozens of passwords you need to remember and focus instead on just one master password for the particular program you are using.

Sound good?

If so, read on and I will show you how to install one very popular – and free – password manager, as well as explain exactly what benefits you can derive from it.

KeePass overview

Not quite as slick as a commercial password manager such as 1Password, which itself has been in the news this week, KeePass gathers much deserved praise over the way in which it generates and stores encryption keys locally, and the fact that it does not store your passwords on a centralised database that could be susceptible to hacking.

As an open source program, it is, as already mentioned, free. But in its most basic form, it is only compatible with the Windows platform. And for the vast majority of you, that won’t be a problem.

If, however, you are using Linux or OS X there is an alternative in the form of KeePassX and iOS users are catered for with iKeePass. Android users need not feel left out either as Keepass2Android has been designed to take care of their needs. Each of these alternatives to the main Windows version fall out of the scope of this article though so be sure to let us know via the comments if you want more info on any of them and we’ll see what we can do to help.

Security and Privacy

The fact that KeePass is open source means its code is up for scrutiny by anyone who cares to look at it. Given the number of gifted coders using such software, that means there is a good chance that any vulnerabilities will not only be spotted, but spotted quickly.

Encryption presents itself as a double-edged sword with this password manager – its end-to-end nature means the only person who will ever know your master password is you. The advantage of this is that no-one will ever be able to access your password database unless you choose to divulge that password. Not only that, but your encrypted database will be inaccessible to any attacker who gains access to it, making it a good option should you wish to store it on a platform that may otherwise be insecure (a cloud storage platform, for instance). On the flip side, if you ever forget your own master password you’re in trouble – there is no recovery option.

The wide array of plugins that can be added to KeePass allow for a wide range of additional security features to be added including, for example, software keyboards which are an excellent defence for anyone concerned about the possibility of a keylogger being installed on their system.

Conclusion

Drawing a conclusion on the usefulness and effectiveness of KeePass is a tricky proposition because of its open source nature.

As previously mentioned, that has its advantages in terms of security, something that is further enhanced by the inclusion of end-to-end encryption and a lack of a centralised database. These are excellent plus points.

What’s good

• Its open source nature lends itself well to security
• It offers end-to-end encryption
• The default encryption method uses a strong AES-265 cipher with SHA-256 hash authentication
• A wide range of plugins are available which can add browser integration and many other features
• A comprehensive FAQs and community support is strong
• Did I mention its free?

On the other hand, it is nowhere near as polished as a commercial password manager and that could be a serious point of consideration for the less technically inclined among you. If you follow our companion how to guide you should be OK, but that doesn’t detract from the fact that the user interface is one of the less welcoming I’ve seen, or the fact that browser integration is not as smooth as with some of the alternatives.

What’s not so hot

• The user interface could be better – non-technical users may feel intimidated by it
• The aforementioned browser integration cannot be achieved as seamlessly as with other password managers. Likewise, adding in other plugins isn’t as straightforward as it perhaps could be

Overall, however, KeePass does a sterling job of keeping your passwords secure and there are few, if any, password managers that can beat it on that front.

You can try it for free and make your own mind up, safe in the knowledge that you will have lost nothing but your time if you discover its not for you. And if you do decide to pass on KeePass, please do go with an alternative such as LastPass, 1Password, Dashlane or even a password manager built into your browser – either are a far better option than using no password manager at all.