While the many password managers on the market each promote their own services and offerings, we made it a point to evaluate Password Safe and KeePass on the features that matter most. That said, it’s also important to remember that your intended use as an individual, family or business is also likely to inform which company is better for your particular needs.
Based on our in-depth knowledge of password managers, we chose the following five features as our main criteria for evaluating the two companies: security and encryption, usability and ease of use, password sharing and price.
1. Security & Encryption
Every password manager’s primary goal should be to protect its users passwords from hackers, phishing scams, website breaches and other potentially harmful cyber threats. To do so, it should help users create strong passwords and use advanced encryption methods that keep passwords and other important information such as credit card, passport and bank account numbers from being discovered or used by any unwanted entities. Ideally, the password manager’s creators should not even have a way to access the user’s data.
2. App Compatibility
Also important is the number of website browsers, mobile devices and computer operating systems the passwords manager is compatible with. Ideally, a password manager should be compatible with every device and browser a customer uses to access digital accounts. This way, the app’s purpose of protecting and storing users’ data will not be compromised by anything less than full-time use. Additionally, especially since passwords must be frequently created and updated for maximum security, apps should automatically sync between each device.
3. Usability & Ease of Use
Password managers should be intuitive and easy for each of its customers to use, as using it with every login is the only way to ensure that all of a users’ passwords remain as secure as possible. Some things to look for in an easy-to-use password manager include having an easy set-up process with the option to import all passwords at once and autofill, drag-and-drop or copy and paste options for online forms that make them easy to update. It should also be easy for users to create and store new, strong passwords. Some password managers may even use biometrics, enabling users to log in to accounts using only their fingerprint or face.
4. Password Sharing
Password sharing is an important feature for many password management users, especially families and businesses who share accounts such as video streaming services, website domains, bank accounts, online databases and more. Many password managers make password sharing not only easy, but secure, offering protection while passwords are in transit or by allowing or other account members to access shared vaults. Often, business employees can opt to share certain passwords or other information with specific colleagues, clients or entire teams and create read-only or editing permissions. Additionally, some password managers allow users to share access to online accounts without the recipient ever having access to the actual login information.
5. Price
There’s no question that cost is an important consideration for most, so it’s important to have an idea of what pricing is standard and fair. Many password managers charge annually for a subscription service, and prices can range from anywhere between $10 and $60 or more per year for premium features depending on the particular company, the type of account (whether individual, family, business or enterprise), the features they offer and the number of users. Some of these subscription model password managers offer free versions with limited features, but there are also some password managers that are completely free and open source, with no paid version at all. Especially with paid services, users should make sure their password manager offers unlimited password storage since their number of passwords is likely to grow over time.
To help you decide whether Password Safe or KeePass is the best fit for you, we spent over 10 hours researching how they each fare in regard to these five important features. Below, we compare Password Safe and KeePass on security, compatibility, usability, shareability and price.
As open source software, Password Safe is accessible for anyone to inspect to ensure its security features remain strong and lives up to its claims of passing numerous security assessments. First of all, Password Safe databases are also encrypted with strong 256-bit keys through the Twofish algorithm. Password Safe also protects users’ passwords by having them create a master password which only they know. Users must memorize their Master Password as it’s not kept in the database itself. Additionally, users can opt for even stronger security by pairing Password Safe with a portable Yubikey authenticator device to create two-factor authentication.
Keepass is also open source, meaning anyone can look directly at its source code, which increases the likelihood that potential glitches will be fixed quickly and it will be continually updated with the latest security features. KeePass also encrypts its databases, but it supports three strong encryption algorithms: Twofish, AES-256 and ChaCha20. Each user has a unique composite master key that includes a master password, key file and either a Windows user key or a plugin key. Each part of the composite key is securely compressed to protect it from attacks from hackers who try to guess passwords. KeePass can also be loaded onto a portable USB stick that does not store any data on a user’s device or system.
Thanks to its open source status, Password Safe is compatible with most major operating systems and iPhones through the primary software and clones developed specifically to work with various devices and programs. The original Password Safe is compatible with multiple versions of Windows operating systems as well as Yubikeys. Mac, iPhone and iOS users can install a Password Safe clone (the iOS app is available on the Apple App Store, and the Mac version is available on the Mac App Store). Additional clones, or ports, are listed on the Password Safe website and include Android apps and more.
KeePass currently has two editions: versions 1.x and 2.x. Each are directly compatible with Windows through a portable USB stick, which can be used with or without installation onto a desktop, and 2.x can also be used with open source Mono frameworks on Linux and Mac OS X. Each version has compatible plug-ins that users can install for optional features such as web browser extensions with automatic form filling.There are also a long list of KeePass-compatible apps called ports, also open source, that allow users to use KeePass features on their Android and iPhone mobile devices, Mac computers, BlackBerry phones, browsers and more. Most of these compatible downloads can be used alongside KeePass and may give users extra organizational perks or allow users to sync data across devices.
| Platform | Password Safe | KeePass |
|---|---|---|
| Chrome, Chrome OS | Yes (extensions through unofficial ports) | Yes (extensions through plug-ins) |
| Edge | Yes | Yes (through plug-ins) |
| Firefox | Yes | Yes (through plug-ins) |
| Internet Explorer | Yes | Yes (through plug-ins) |
| Opera | Yes | Yes (through plug-ins) |
| Safari | Yes (extensions through unofficial ports) | Yes (through plug-ins) |
| iOS | Yes (through unofficial ports) | Yes (through unofficial ports) |
| MacOS | Yes (through unofficial ports) | Yes (OS X through Mono framework and unofficial ports) |
| Android | Yes (through unofficial ports) | Yes (through unofficial ports) |
| Windows PC | Yes (XP, Vista, 7, 8 and 10) | Yes (Vista 7, 8 and 10) |
| Linux | Yes (through unofficial ports) | Yes (through Mono framework and unofficial ports) |
| Other | Yubikeys 4, 4 Nano and NEO | BSD, Wine, USB sticks |
Password Safe has a fairly simple organization and storage system that allows users to save all of their passwords in one or more databases, called “safes.” Safes can be created specifically for personal, business or other types of use. In each safe, users can import, manually enter and organize their passwords however they prefer, in one long list or nested into groups. Password Safe lets users quickly create new strong passwords and enter them into web forms by copying and pasting or using its AutoType feature that actually types login credentials into fields for the user. A default AutoType setting should work for most login pages, but users must make a customized formula for more complicated sites. Additionally, users must initiate this process from Password Safe each time they want to log in to an online account.
The KeePass setup process is fairly similar to Password Safe’s. To begin, users install the software and create their composite key. Then, a blank vault appears in which they can begin either manually entering their logins and other data or fill by importing passwords from a browser, previous password manager or CSV. The “generate password” button creates new, strong passwords which users can easily customize through the “password generation options” box. To login to websites, users can copy and paste credentials, drag and drop logins or, like with Password Safe, use KeePass’ auto-type feature. Fortunately, users can also take advantage of a hotkey that, when pressed, pulls up the correct credentials for a site and begins the auto-type function automatically.
Password Safe doesn’t have a formal system in place for password sharing, but users can do this simply by first ensuring everyone who needs access to the passwords or data has Password Safe. Then, a user would create a new safe with a unique master password for every password or set of passwords they’d like to share. Multiple users can then access the safe by using the shared master password.
KeePass, like Password Safe, allows multiple users to share a database through a shared master key. For easy access, the database should be stored on a shared network drive. KeePass attempts to let users know if more than one person is working in or accessing the database at one time by offering a read-only mode so only one user can make changes to the database at a time (otherwise, changes could be lost as it won’t sync between two simultaneous users). KeyPass 2.x does, however, offer built-in synchronization between multiple copies of a database.
The main version of Password Safe is free and open source (although it accepts donations), and users can install this free version on their personal computer or laptop. Password Safe also offers a disk-on-key version called PasswordSafe2Go that users can install on a disk-on-key device that they can then plug into any PC. It comes with free updates for up to one year from the purchase date, and costs just $9.99. Additionally, Password Safe’s multiple port options are typically also free and open source, but some may offer a commercial, paid version or plug-in.
KeePass is also free and open source, with numerous additional ports, plugins and extensions offered that are also open source. Like Password Safe, KeePass and many of its ports also accept donations. With both Password Safe and KeePass, if users wish to use an additional device such as a YubiKey or a USB stick, those physical devices must be purchased if not already owned.
| Plan | Password Safe | KeePass |
|---|---|---|
| Primary | Free and open source (donations accepted) | Free and open source (donations accepted) |
| Disk-on-Key | $9.99 | N/A |
It’s clear that KeePass and Password Safe have numerous desirable qualities that make them each a solid choice. To maximize a password manager’s effectiveness, however, you’ll need to know how to use it. In the table below, we compare how each of the main password management functions work for each of these open source solutions.
| Functionality | Password Safe | KeePass |
|---|---|---|
| Setting up the vault | Create a new safe (database) and create a master password; manually enter passwords under the “Basic” tab and add more details under additional tabs; import from text, XML or CSV file | Create a composite master key and manually enter or import logins from other password managers or a CSV file |
| Logging into accounts | AutoType feature quickly enters usernames and passwords when users visit a website login page, open Password Safe, right click and select “Perform Autotype”; use AutoFill extension | Copy and paste logins from clipboard, drag and drop or use auto-type feature |
| Creating passwords | Select “Generate Password” from Manage Menu; select either a previously made password policy or create a new one; paste created password into website field | Use password generator and define rules such as number and type of characters |
| Changing passwords | Visit website’s “change password” page, copy and paste old password if needed and generate new password | Go to site’s “change password” page and generate new password |
| Sharing log-ins | Create standalone safe with shared master key (all parties must have Password Safe) | Create shared database with the same master password for multiple users and store it on a shared file server or network drive |
| Recovering account | There is no way for a user to recover a lost or forgotten master password; If a user is unable to open the password database for another reason, Password Safe creates automatic cloud backup files | Users can create backup database files, but will not be able to access them if they lose or cannot remember the master key |
| Advanced security features | Two-factor authentication with YubiKey | Users can lock the workspace, securely view and edit attachments; three encryption algorithms |