Index ¦ Archives ¦ Atom

KeePassX Review

I've been using KeePassX for about two years now. I've been putting all my passwords in there and I've got just over 180 entries now.

The argument for using a password manager is pretty easy to make, there is simply no way I could remember 180 different passwords. And especially not at the level of complexity I'd like to have in each password. But why KeePassX specifically, and not some other password manager like PasswordSafe, 1 Password, LastPass, or just a physical password book1?

Advantages

  • Open Source - You can open it up and see what makes it tick.
  • Cross Platform - For me Windows and Linux support is important, there is a Mac OS X version too.
  • Multiple implementations - This is a great "feature" for two reasons, one is that there are Android, and iOS implementations. But it also means that several other people have implemented the database format, and have looked through it in enough detail to get it working. If there was any weird backdoor or something that's not documented it's more likely to have been spotted if other people are implementing the spec. You can take a .kdbx file from one KeePass implementation and open it in another.
  • Encrypted - Not just Encrypted, but encrypted with a key you control. This might seem obvious, but it's much better than the built in password manager in most browsers
  • Password Generation - We are not very good at thinking up passwords, my usual trick is dd if=/dev/random bs=1 count=18 2>/dev/null | base64 but sometimes you have to have a specific number of characters or special characters. You can set the parameters you need an KeePassX will generate a password that fits.
  • Can store files - You can store "Attachments" with your passwords so you can backup things like private keys.

Neutral

  • No built in sync option - This is great because it works offline and a lot of people feel uncomfortable with their passwords being stored by a company owned by LogMeIn. But syncing the file across many devices is really helpfull. Personal I use ownCloud to sync my .kdbx file.

Drawbacks

  • No multi-user support - You can't share passwords with other users across the organisation without sharing the whole file.

I've been using a YubiKey with a long random password to encrypt my KeePassX file so I don't even know what the password to my password manager is.


  1. People may laugh, but Bruce Schneier has written about writing down passwords before and I tend to agree with him. There is an over emphasis on not writing down passwords. While sticking it on a post-it note on your screen might be a dumb idea, getting a password book and keeping it safe in your backpack, hand bag or a locked draw is not a bad idea. We are good at physical security, we have been building safes for almost two hundred years now. It's a decentralised offline system, sure one or two people might lose a password book but there will never be a breach which exposes millions of people. 

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.