We put KeePass password manager to the test for plan value, compatibility, features, and security. See why The Password Manager rated KeePass 3.6/5.
By: Gunnar KallstromHead of information systems and cybersecurity research
Updated September 29, 2023
KeePass: A Quick Overview
Bottom line: This powerful suite of security tools for managing your passwords is free. It has top-notch security protocols, is updated constantly, and its dedicated community helps you iron out any wrinkles. But the cost is your time. KeePass can be counterintuitive to set up and navigate, a huge barrier of entry if you seek a simple solution.
Who should choose KeePass? Those who aren’t afraid of a DIY project because they know it will save them money in the long run.
KeePass’s Editor Rating
Overall: (3.6)
KeePass earned its rating mainly due to its difficult-to-navigate UX balanced by its great feature set at an unbeatable cost — free. It may not be one of the best password managers, but it may be what you seek.
Those who are willing to tinker or businesses with a dedicated IT professional
Promotion
None needed — KeePass is completely free
What Are the Pros and Cons of KeePass?
KeePass is a powerful, free tool for those willing to put in a little work in order to figure it out. While its features are plentiful, many were buried under layers and multiple processes, which I had to figure out before they would work properly. This will be a pro for those who love to tinker, but a con for almost everyone else.
Pros
Security: KeePass uses industry-standard encryption in addition to local storage only — the company doesn’t know your information because it doesn’t have it.
Open source: KeePass is, and always will be, free.
Consistently updated: Despite having been around since 2003, this developer of KeePass still hasn’t lost steam for this project, with updates every couple of months or so.
Cons
Difficult to use: KeePass doesn’t have an intuitive design for those who aren’t programmers themselves. While it can handle most of what you’d want a password manager to do, some of it is difficult to get working.
No live support: There are only two support options for KeePass — the extensive FAQ and the community forums. If you have a problem, you’ll have to troubleshoot yourself.
Who Should Choose KeePass?
Step1.People who like to tinker: KeePass is a powerful tool in the right hands, but doesn’t hold yours by teaching you to use it. If you like instruction manuals, this is the password manager for you.
Step2.Those on a strict budget: KeePass is free and fully featured, which may overrule anything I have to say about the learning curve inherent to this software.
KeePass Plans and Pricing
Overall: (5.0)
The most notable feature of KeePass is it’s completely free. While other services offer a limited free version with subscriptions to their premium version, KeePass is unlocked from the start with no need to ever pay its creator a dime. This alone may sell you on KeePass despite its other drawbacks.
Donations are accepted to reward the developer, Dominik Reichl, for the labor he puts into keeping this software up to date.
KeePass 2.53.1
Price
Free
Best for
People who like to repair things and those who need a free, full-featured password manager
Platform compatibility
Windows, Linux
Autofill capability
Technically no, but Auto Type can be set up to fill a similar function
Guest accounts
No
Number of passwords
Unlimited
Password sharing
No
2FA
Yes
Account recovery
No
Support types
FAQ and community forums
Encryption
Advanced Encryption Standard (AES)-256, ChaCha20, and Twofish
Reporting capabilities
No
Single sign-on (SSO)
Yes
KeePass Platform Compatibility
Overall: (3.0)
One of the major downsides to KeePass is its relative exclusivity, with only two major operating system platforms supported:
Step1.Windows
Step2.Linux
If you’re a macOS, iOS, or Android user, a lack of official support for KeePass may be a dealbreaker. As a non-commercial, open-source project, it has neither the incentive nor the desire to create additional releases for platforms outside of Windows and Linux.
However, one of the upsides to the program being open source is that others can take the work already done and port it over to the platform of their choice. Reichl even includes links on his own download page to these ports, which range from Android and iOS to macOS.
But as unofficial ports, these versions may not be as faithfully updated, so explore them at your own risk.
KeePass UX
Overall: (3.0)
KeePass looks like it was created to run on Windows XP never really bothered to update its look. It may not be pretty, but it gets the job done.
It may not be intuitive to use (nor does it hold your hand during set-up) but I found KeePass’ UX as functional and understandable as some paid products I’ve reviewed here. While it won’t win any beauty contests soon, it works well. I imported my passwords from a CSV file with only a short foray into the FAQ section of the website.
If you’re interested in KeePass, you must be willing to peruse the support section of the website, as the program itself won’t walk you through anything. I didn’t find this much of an issue, but if you aren’t tech-literate (or even tech-curious), you may want a more forgiving password manager.
KeePass Form Filling
Overall: (3.0)
Not technically automatic form filling, Auto Type is a powerful tool that performs a similar function. However, it was difficult to set up.
KeePass doesn’t include form filling, per se — it gives you a technically more powerful and diverse tool called Auto Type. Most password managers will prompt you when they detect a text field on a webpage.
But KeePass utilizes a preset keystroke you can trigger when certain conditions are met. You can modify this sequence to your heart’s content and even trigger it to perform functions outside of web browsing.
All of this functionality comes at the cost of usability, though. I had to set up each site I wanted to have the ability to automatically log into and watch a few tutorials on how to set up Auto Type in the first place.
This is a tedious process for the average user. It will only appeal to those who like the flexibility and customization that comes with a DIY project.
KeePass Security
Overall: (5.0)
By using AES 256 standard in addition to 256-bit ChaCha20, KeePass is just as secure as many paid alternatives.
In addition to using the industry standard 256-bit AES encryption, KeePass encrypts and stores data locally — either directly on the device it’s running on or via a portable installation on a USB drive.
That data can only be decrypted using a master key which you set up when running KeePass for the first time. Unless someone already knows the key, they can’t access your data.
If you want to learn more about the security processes, the KeePass website has a page devoted to explaining these features in detail.
KeePass Two-Factor Authentication
Overall: (3.0)
KeePass’ implementation of 2FA may be a little clunky, but available.
If you want to add another layer of security on top of especially sensitive accounts (such as bank accounts or other financial institutions), KeePass also has 2FA available as a security option, defined by the system as a one-time password (OTP) generator.
If you’ve ever shopped with Amazon from a device you don’t usually use, you’re probably familiar with OTPs. This system shoots you a text or an email with a confirmation code before allowing access to your account. While setting up an OTP through KeePass isn’t intuitive, I was impressed it was included in this free piece of software.
Recent Improvements to KeePass
The most recent version of KeePass (2.54) was released in June 2023 and made the following fixes and improvements:
Step1.In report dialogs, passwords (and other sensitive data) are now hidden using asterisks by default (if hiding is activated in the main window); the hiding can be toggled using the new '***' button in the toolbar.
Step2.The 'Print' command in most report dialogs now requires the 'Print' application policy flag, and the master key must be entered if the 'Print - No Key Repeat' application policy flag is deactivated.
Step3.The 'Export' command in most report dialogs now requires the 'Export' application policy flag, and the master key must be entered.
Step4.Improved UI update performance in the password generator dialog.
Compare KeePass Alternatives
KeePass is a great option for password management, but competitors including Dashlane, Keeper, Roboform, LastPass, and NordPass could be a better fit. We looked closely at each password manager, spent time using the services, and researched each for hours. Our research provides objective information about each company so you can find the best one for you.
See how KeePass compares to other top-tier password managers the PasswordManager.com team recommends:
Consider NordPass if: You don’t want different packages for your family and business.
Starting price: Free
Platform compatibility: Windows, macOS, Linux, Android, iOS, and popular browsers, such as Google Chrome, Firefox, Edge, Brave, Opera, and Safari
Security: XChaCha20 encryption algorithm and a zero-knowledge policy
Secure data sharing solution
Safe sharing of login details
Real-time breach monitoring
Data breach scanner
Frequently Asked Questions About KeePass
What are the cons of KeePass?
The biggest con is its lack of dedicated support and intuitive design. While it does a lot for a free product, you will likely spend a lot of time in the support forums and FAQs figuring out how to get it to work exactly the way you want. This won’t be a con if you enjoy this process, but the average user probably wants something closer to a plug-and-play experience.
Can KeePass be trusted?
KeePass has been consistently updated since it began in 2003. It has no servers to upload to, eliminating any chance of a data breach on their part. You don’t need to trust KeePass because it knows nothing about you. You can be assured that your data is secure.
What does it mean that KeePass is open source?
Open source means the entirety of the code is available for anyone to see, inspect, and change. For KeePass, this is like an insurance policy against accusations of including back doors in the software.
If anything malicious was hiding in the code, it would be findable and displayed for anyone to call out. This also allows the software to take on a life of its own outside of the main developer, allowing others to port the program to other platforms.
Wouldn’t KeePass being open source make it less secure?
It may be safer, as long as you’re downloading the program directly from the links provided by the main website. Open-source software can be changed and redistributed by anyone, but the developer controls the version released through its official website; you can trust it to have not been tampered with.
Where does KeePass store my passwords?
All data is encrypted and stored locally on the device of your choice and accessible only to those who know your Master Key.
What Is KeePass the Company?
KeePass is an open-source software created by Dominik Reichl in 2003. Little is known about Reichl beyond his published and consistently supported software projects, which are all open source and free. While his creations are free, donations are accepted to support his work.
Our rating process involves a thorough and detailed study of the various features stacked against the competition. I looked at the multiple facets and features provided by KeePass compared to other significant industry players through direct testing to ensure an accurate rating. I’ve also applied my experience using KeePass to provide a user’s perspective.
I signed up for a plan with KeePass to test:
Plan value: Most password managers offer various subscription plans from free to around $20 per month. While free plans may be sufficient for some, those that need more functionality may prefer paid plans.
Platform compatibility: You likely access your online accounts from multiple devices, including desktops, laptops, tablets, phones, as well as through different web browsers. Your password manager should be compatible with various devices, operating systems and browsers, and sync seamlessly between them all.
UX: This is how you interface with all the features and functions of your new password manager — if it’s bad, you’ll be less likely to use the service. While this is a highly subjective category and some will disagree, it’s important to provide an overview based on my experience.
Form filling: A password manager doesn’t have to include form-filling, but it’s somewhat standard and the ease with which it performs that function can be the deciding factor in which password manager you ultimately choose.
Security: Since a password manager is first and foremost a security tool, it should come with all of the most up-to-date standard security features. This includes the highest level of available encryption (256-bit AES with PBKDF2-HMAC-SHA512); 2FA, such as biometric logins or multi-factor authentication, and a password generator.
Two-factor authentication (2FA): Used all over the internet to protect your accounts, this is quickly becoming a standard security practice. 2FA is a great way to secure more sensitive accounts to ensure they’re not breached.
Gunnar Kallstrom is a Cyber Team Lead for a DOD contracting company in Huntsville, AL, and has also worked as a CND Cyber Analyst. An author and content creator for a cybersecurity academy, Gunnar spent nearly 15 years in the Army as a musician before entering the cybersecurity field.
He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.
Kallstrom has completed several CompTIA courses, including Secruity+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.
Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).