KeePass Password Manager Review (2021)

The right password manager for the do-it-yourself crowd. 

TLDR: KeePass takes your security seriously and offers a wide range of customization, but you’ll have to do a lot of work to incorporate the same features and convenience as other password managers.

For years, KeePass has been a top free password manager choice for tech enthusiasts. KeePass offers an open-source password vault for unlimited entries at no cost to you, but it isn’t very easy to use. Read our KeePass review to see if it’s right for you.

Unlike other password managers we’ve reviewed, KeePass is a provider of open-source code anyone can use on the internet versus a traditional company with staff and customers. Since anyone can see the code, everyone can work together to improve KeePass’ security and features. Open source also means someone can take KeePass’ code and build it into a custom application, plugin or extension. If that sounds better than building your own password manager with KeePass code, we’ll help point you to the right tools.

KeePass, released in 2003, was first written in C++ computer coding language. Since May 2021 it has been updated with C# language to version 2.48.

KeePass is free. You can find KeePass mobile apps and online tools that may charge a price for a “premium version” or to remove ads, but ultimately, you can download the root program of KeePass right now and immediately start using it, assuming you have some degree of technical know-how.

KeePass mentions a donation option in case you want to financially support the development of KeePass, which is ongoing. However, this is not an obligation for usage.

The benefits of open-source code include customization and flexibility. The base code of KeePass doesn’t have many features, especially compared to some of its rivals. Since anyone can access the KeePass source code and manipulate it how they see fit, anyone can build out extra features for KeePass without express permission. That means there are hundreds of plugins on KeePass’ site that you can download and install to your version of KeePass. It also means you have options to choose from regarding which application you want to use, especially on your mobile device.

The downside is that you do have to manually install all the new features. If you’re willing to do the work and learn on your own, KeePass may be worthwhile as a password manager because of how customizable it is. It does take time to navigate, however, and for many users that time investment will be too much.

What we like: KeePass is lightweight, meaning there aren’t many lines of code involved, so the program runs faster, and you can carry it around on a USB stick if you want. Finally, KeePass stands out for its security because of its open-source nature. Anyone can review KeePass’ code to see if it’s properly working, and KeePass says that you could also use a different encryption model if you want.

As we’ve mentioned, anyone can use the KeePass code and get started building their own password manager. We’ll walk you through the basics, below, but you could also consider popular applications like KeePassium for iOS or KeePassDroid for Android users.

Step 1: Download

We tested KeePass 2.48 on Windows 10, and the download and installation took less than a minute. Once you’ve downloaded KeePass to your platform, you can instantly set up your master password. Your email address is not required to set up your account.

Step 2: Create a Database

After downloading the program, if you’re less tech-savvy, you may feel confused. There are no popup instructions for setup like most other password managers. There is a helpful First Steps online tutorial you can use, but the tutorial looked outdated to us and didn’t line up with our setup process.

Step 3: Save the Database

KeePass is unique from other password managers in that you have to decide where you will manually save your new password database. Once you save the database file somewhere, which will save as a KeePass KDBX File (.kdbx), you’ll see another window to create your master password.

Step 4: Create a Master Password

KeePass will judge the quality of your master password as you type it. Once your password is strong enough, you can customize the database name, description, color, encryption model and key derivation.

KeePass then gives you the option to print an emergency sheet. In case you forget your master password, the emergency sheet can easily get you back into your database. You can skip printing the emergency sheet and jump into adding passwords.

We were impressed with how easy it was to customize key transformation iterations you want to apply to your master password, and you can test how long KeePass will take to run through all those iterations. There are even more settings you can customize, but for most people, this will be enough.

Step 5: Add Passwords

Adding a password entry is easy, and KeePass’ built-in password generator securely stores each password for you. There’s a wide range of advanced options you can dig into, such as setting expiration dates and string fields, but you also don’t have to do this.

As a default, KeePass will allow you to double-click an entry to copy that data into your computer’s clipboard. You’ll then have 12 seconds to paste your password into the login form before KeePass automatically clears the clipboard. While the copy-and-paste method isn’t nearly as convenient as autofill through a browser extension, we really like KeePass’ process for security and for combatting hacking or keystroke logging.

• Advanced Encryption Standard (AES)-256
• Secure Hash Algorithm (SHA)-256 function
• Key derivation functions (AES-KDF, Argon2, etc.)
• Password edit controls
• Keylogging prevention
• All data locally stored
• Open-source code

KeePass’ many security features are intended to combat hacking and keylogging, especially for Windows operating systems. However, unlike some password managers which make their interfaces as simple as possible, you’ll need to figure out for yourself how to utilize all KeePass’ security features. It’s also up to you to protect the rest of your operating system.

KeePass can become vulnerable if you expose it to other available programs online. Dominik Reichl, who created KeePass, addressed this problem on KeePass’ website, specifically mentioning a program called KeeFarce that can copy and expose passwords in KeePass to hackers. Reichl attributed the problem to spyware, saying that “Neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment. Users still are responsible for the security of their PC.”

Since your data will only be stored locally, your device could be infected with malware and cause all of your passwords to be susceptible to corruption or hackers.

Like everything else with KeePass, the amount of security you get from KeePass depends on the effort you put into it. That includes manually adding extra features most password managers already have, like browser integration, Time-Based One Time Password authentication, Auto-Type, importing, exporting and more.

KeePass Accessibility

KeePass was first designed for Windows, but the code now supports Mono and Wine, which are two open-source frameworks that allow you to run KeePass on Mac, Linux and more operating systems. KeePass has also been developed into ports for various operating systems and devices, and you can download apps from Google Play or the App Store as we mentioned earlier. KeePass doesn’t endorse any certain packages, it simply provides links. 

There is no customer service with KeePass. As an open-source program, users are on their own when it comes to product usage and service. The only real way to get help from other people is through KeePass.info’s guides and tutorials or by engaging in KeePass’ SourceForge forums.

KeePass is as do-it-yourself driven as password managers come. Some computer-literate users will appreciate that, but we don’t think most consumers will.

KeePass Reputation

If you haven’t heard of KeePass before, do not let that deter you, as the password manager has a strong underground following even if it doesn’t have the name recognition as LastPass, Dashlane and 1Password. Though KeePass’s Trustpilot page only has nine reviews (with one negative review dragging the company’s average rating down to 3.6 out of 5.0 stars), fans like the sense of control of creating their own password manager they can store locally on their own devices.

Simply put, KeePass is not for everyone, but it works wonders for a niche crowd. If you like digging into computer programming and customizing options, KeePass, along with its ports and plugins, is the best open-source password manager. It’s not pretty, but the breadth of customization and security measures make it a top-notch password manager if you know what you’re doing.

The problem is most people won’t know what to do with KeePass. It’s not nearly as intuitive as other password managers, even free ones like Bitwarden, and without customer service, you’re on your own to figure it out.

If none of that bothers you, we can recommend KeePass as an open-source password manager. If you like the back end of software and feel confident handling your own security measures, you’ll do well with KeePass.