Our bottom line: Password Safe pulls head in most categories despite the two being fairly close.
By: Gunnar KallstromHead of Information Systems and Cybersecurity Research
KeePass and Password Safe are two password managers with services that are comparable in price (free), features, and compatibility. They share a lot of similar DNA as open-source projects which are the passion project of a single developer.
Which password manager should you get? Let this KeePass vs. Password Safe face-off help you decide.
| Review factor | Winner |
|---|---|
| Price and plans | Tie: Password Safe (5.0), KeePass (5.0) |
| Platform compatibility | Tie: Password Safe (3.0), KeePass (3.0) |
| User experience (UX) | KeePass (3.0) |
| Form filling | Password Safe (3.0) |
| Security | KeePass (5.0) |
| Two-factor authentication (2FA) | Password Safe (4.0) |
| Best overall | Password Safe (4.6) |
Our bottom line: Password Safe pulls head in most categories despite the two being fairly close.
| Password manager | Details | Basic plan features |
|---|---|---|
| Password Safe Overall rating: (4.6) Read our full Password Safe review. | Starting price: Free Platform compatibility: Windows, Linux Security: Twofish algorithm with a 256-bit key |
|
| KeePass Overall rating: (3.6) Read our full KeePass review. | Starting price: Free Platform compatibility: Windows, Linux Security: AES 256-bit encryption, ChaCha20, Twofish, and 2FA |
|
Price winner: Draw | |
|---|---|
| Password Safe (5.0) | Free, but donations are accepted |
| KeePass (5.0) | Free, but donations are accepted |
Both Password Safe and KeePass are free and open source, asking for no compensation for download or use whatsoever. While most other services offer a limited free version with subscriptions to their premium version, both Password Safe and KeePass are unlocked from the start with no need to ever pay their creators a dime.
However, if you end up appreciating their work, you can make a donation to either Dominik Reichl (KeePass) or Rony Shapiro (Password Safe).
Winner: Both password managers are equally free and tie for this category.
Platform compatibility winner: Draw | |
|---|---|
| Password Safe (3.0) | OS: Windows, Linux Supported browsers: N/A |
| Password Safe (3.0) | OS: Windows, Linux Supported browsers: N/A |
You may notice another similarity in compatibility between Password Safe and KeePass — they’re both limited to Windows and Linux. If you’re a macOS, iOS, or Android user, a lack of official support for either may seem odd. However, as non-commercial, open-source projects, the creators are doing all the work without any team. It’s impressive enough that both Linux and Windows versions are being maintained.
Yet one of the upsides to these programs being open source is that others can take the work already done and port it over to the platform of their choice. Reichl and Shapiro even include links on their own download pages to these ports, which range from Android and iOS to macOS.
But it’s important to note that support for these offshoots comes and goes depending on the attention span of the person who released it — just because a version exists for iOS doesn’t mean it receives regular updates.
Winner: Another draw — Password Safe and KeePass only officially support Windows and Linux.
UX winner: KeePass | |
|---|---|
| Password Safe (3.0) | Old school and obtuse, Password Safe is for tinkerers at heart |
| KeePass (3.0) | KeePass looks like it was created to run on Windows XP — it may not be pretty, but it gets the job done |
Another day, another draw. Neither KeePass or Password Safe are winning any beauty contests anytime soon. Again, this is likely the result of them being produced by a one-person team — there simply isn’t any time or resources to spend on making a well-designed UX.
It may not be intuitive to use or hold your hand during set-up, but I found KeePass’s UX as functional and understandable as some paid products I’ve used in this job. While it won’t win any beauty contests soon, it works well. I imported my passwords from a CSV file with only a short foray into the FAQ section of the website.
Password Safe’s user interface may look warm and familiar to those used to digging through their computer’s registry or who love tinkering with open-source tools. But the average person will run into problems right out of the gate as they are hit with a mass of icons and options only made clear through intentional exploration.
Both received the same overall score during our review, but I preferred KeePass. It may not look any prettier, but I found it more intuitive to use.
Winner: KeePass has a slight edge over Password Safe in usability.
Form filling winner: Password Safe | |
|---|---|
| Password Safe (3.0) | While it doesn’t offer a fully automatic form fill function, autotype tries its best to handle this role. |
| KeePass (3.0) | Not technically automatic form filling, Auto Type is a powerful tool that performs a similar function, though it was difficult to set up. |
Neither KeePass or Password Safe technically offer form filling or autofill, but they both implement a similar alternative — auto type.
Most password managers will prompt you when they detect a text field on a webpage. But KeePass utilizes a preset keystroke you can trigger when certain conditions are met. You can modify this sequence to your heart’s content and even set it up to perform functions outside of web browsing.
All of this functionality comes at the cost of usability, though. I had to set up each site I wanted to have the ability to automatically log into and watch a few tutorials on how to set up Auto Type in the first place. This is a tedious process for the average user. It will only appeal to those who like the flexibility and customization that comes with a do-it-yourself (DIY) project.
I won’t say as much about Password Safe — its version of auto type works similarly, but not as well. Again, I have to give the edge to KeePass.
Winner: KeePass wins. Even though it doesn’t technically offer auto fill, it’s auto type function fills the same role and works once you put in the effort.
Security winner: KeePass | |
|---|---|
| Password Safe (4.0) |
|
| KeePass (5.0) |
|
In addition to using the industry standard 256-bit AES encryption, KeePass encrypts and stores data locally — either directly on the device it’s running on or via a portable installation on a USB drive.
That data can only be decrypted using a master key that you set up when running KeePass for the first time. Unless someone already knows the key, they can’t access your data.
Meanwhile, Password Safe uses the Twofish algorithm with a 256-bit key and is open source, which allows anyone who knows code to inspect it and point out flaws and weaknesses.
Since Password Safe only runs locally on your computer, most of the internal security options relate to individual device security, allowing you a measure of control over how often your vault will be locked and under what conditions.
While both are fairly barebones, KeePass offers more options for security.
Winner: KeePass offers more options than Password Safe and wins this category handily.
2FA winner: Password Safe | |
|---|---|
| Password Safe (4.0) |
|
| KeePass (3.0) |
|
Both KeePass and Password Safe support 2FA, if in very different ways. Password Safe only offers 2FA through 3rd party physical security keys while KeePass offers the more traditional OTP method.
Password Safe doesn’t support 2FA on its own, yet it is compatible with a few third-party authenticator USB keys such as YubiKey and OnlyKey. Both of these products are physical USB keys that, when used, must be inserted into your device to access your password vault.
Meanwhile, KeePass allows you to add another layer of security on top of especially sensitive accounts (such as bank accounts or other financial institutions) with an OTP generator. This system shoots you a text or an email with a confirmation code before allowing access to your account. Setting up an OTP through KeePass isn’t intuitive, though I was impressed it was included in this free piece of software.
In the end, the edge goes to Password Safe. Physical security keys are more secure than OTPs and the difficulty in setting up through KeePass pushes the advantage in Password Safe’s favor.
Winner: Password Safe offers a more secure 2FA option.
Bottom line winner: Password Safe | |
|---|---|
| Password Safe (4.6) |
Best for: Tinkerers and programmers |
| KeePass (3.6) |
Best for: Those who love DIY projects |
In a lot of ways, KeePass and Password Safe have a lot in common — they’re both free and open source and developed by a single programmer (with all the limitations that come with that). They also scored pretty similarly in every category.
In the end, it mostly comes down to preference. Do you need physical security keys or is basic 2FA enough? Do you have the time and patience that it takes to make autotype work for you? Do you need a portable installation, or is a desktop install sufficient?
Many of you will answer these questions differently than I did and come to your own conclusions as to which is better. And that’s ok. The good news is that you’re not risking anything but your time — both of these password managers are free to use.
On the surface, all password managers essentially generate and store passwords. As I evaluated providers, I dug deeper, comparing software on what matters most, including price, platform compatibility, security, and other factors.
I signed up for a plan with each provider to test:
Learn more about our review methodology.
About the Password Manager, Gunnar Kallstrom:
Kallstrom is a Cyber Team Lead for a Department of Defense (DOD) contracting company in Huntsville, Alabama, and has also worked as a computer network defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.
He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.
Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.
Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).
