All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
- Strong security
- Completely free
- Open-source code can be intimidating and technical
All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
KeePass is ideal for database management setup but it can be frustrating to use as a standard password manager. As we set up the password manager, KeePass did little to explain its features so we had to rely on the help guides and turned to Google when even those weren't clear.
Our testing clarified KeePass is best for those wary of keeping their passwords in the cloud and are game for a more customizable option. Learn more about our experiene with this password manager.
- Completely free
- Military-grade encryption standards
- Endlessly customizable with plug-ins for two-factor authentication, cloud storage and more
- Unfriendly user portal
- Open-source code can be intimidating
Our experience
Cost
Features
Privacy policy
Is KeePass safe to use?
Customer service
Alternatives
FAQs
Bottom line: Is KeePass good?
At a glance
Price | Free |
Free version | Yes |
Compatibility | Windows, other platforms unofficially |
Browser extensions | Unofficial extensions for Chrome, Firefox, Edge, Safari, Brave |
Password sharing | No |
Encryption | AES-256, ChaCha20, Twofish |
Password generator | Yes |
Password strength report | Yes |
Autofill | No |
Digital legacy | Yes |
Cloud storage | No |
Learn more | Get KeePass |
How we test and rate password managers
We put every password manager through vigorous hands-on testing by downloading the software to our own devices. We test how the product works on both mobile and desktop, evaluating how well we're able to save, share, and use passwords across a variety of situations.
By taking a fine-tooth comb through all available features and settings, we carefully compare each product using our proprietary grading rubric. The star ratings take into account price, features, extras like cloud storage and data breach alerts, plus looks at security and privacy features like encryption levels and past data breaches.
To learn more about how we test, check out our full testing methodology here.
We last tested KeePass on November 11, 2024.
Our experience
We tested KeePass on our laptop running Windows 11. The setup process leaves much to be desired, as you'll be welcomed by an empty dashboard with no instructions.
Other programs give you prompts so you know what to do next. To learn how to use KeePass, you’ll probably need to use the tutorials on the website.
From the KeePass site, you'll find a link for the First Steps Tutorial under the KeePass Help Center. This page breaks down how to create a new database, add an entry, use entries, and more.
From the tutorial, we learned how to create a database and proceeded to import files. KeePass allows you to import via CSV, but it surprisingly also includes different file types for import from 1Password, Bitwarden, Dashlane, and more.
However, we found the user interface to be unfriendly and not intuitive. In fact, we thought the interface seemed outdated and reminded us of old database software.
We aren’t saying this is a bad password manager. It offers good security and standard features like the password generator and a password quality check. It’s also open-source software, so you can review the code if you want. But we wish it was easier to use, even for us.
How much does KeePass cost?
KeePass is a free, open-source program. We've compiled KeePass's standout features in the table below:
KeePass | |
Number of users | Unlimited (users with database access) |
Encryption | AES-256, ChaCha20, Twofish |
Autofill | |
Password vault | |
Password generator | |
Two-factor authentication | |
Data breach alerts | |
Digital legacy | |
Details | Learn more |
KeePass features
KeePass keeps all files encrypted, including the entire database. The database is KeePass’s version of a password vault. That means not only your passwords, but your usernames, website address, and notes all get extra security.
KeePass 1.x uses AES-256 and Twofish-256, whereas KeePass 2.x uses AES-256 and ChaCha20. The AES-256 is the standard encryption service used by the U.S. federal government and approved by the National Security Agency, which makes it secure in our opinion.
It’s also an open-source password manager, so you can view the HTML code within KeePass. There’s nothing hidden, and the idea is that everything is out in the open for anyone to review.
Importing and exporting passwords
One feature KeePass does includes is the ability import and export credentials into your database. The formats for import include the generic CSV importer, other KeePass files, or other password managers in various file formats.
We tested this feature with a CSV vault we downloaded from Roboform. The generic CSV importer presented both the title and the email address of the entries as the user name. We went back to the structure tab to specify the layout of the CSV file.
To import your vault, just select File > Import. Note that the file you're importing may not align with KeePass's layout, so it could need adjustment.
Password generator
KeePass recommends using the password generator to create secure passwords. We found the password generator under Tools > Generate Password.
KeePass is more customizable than most of the password managers we've tested. Along with selecting the character length, use of uppercase and lowercase, and numerals, you can also specify the specific symbols you want included. You can also generate passwords using patterns or custom algoritms.
These options can get quite detailed depending on how unique you want the passwords. Rules that can be implemented include requiring the use of a certain number of uppercase or lowercase letters and requiring a certain number of digits.
Auto-type
KeePass uses auto-type to automatically enter usernames and passwords. With this feature, you can define a sequence of key presses that will be entered for you when you open a browser window or access a login screen.
We tested auto-type by going to the Roboform login page. We opened our KeePass app, right-clicked the Roboform entry, and selected Perform Auto-Type. KeePass filled out our credentials, but it's not as seamless as a browser extension with true autofill. There are KeePass browser extensions, but these are contributed and unofficial options.
Keep in mind this is not your usual autofill feature. Other password managers give you a screen to set up your login credentials and do most of the work for you. With KeePass, there is more work on your part.
Password strength report
KeePass uses an algorithm to estimate the strength of a chosen password. It looks for patterns based on a list of thousands of common passwords.
KeePass shows the quality of the password in entropy bits. Entropy bits measure the strength of passwords based on the number of guesses it would take to crack that password. You get a score from 0 to greater than 128. Anything over 128 is considered a very strong password by the program.
Good news: You don’t have to fully understand machine learning to see whether your password is strong. KeePass will show you, and you can change it to something else if you want.
Digital legacy
Once you've set up your database, KeePass prompts you to print your emergency sheet. You'd fill out the sheet with the information required to open your database.
The emergency sheet is the only form of digital legacy we found, as the prompt stated it could be shared with trusted contacts if they need access.
KeePass privacy policy
According to its privacy policy, KeePass processes personal data only if it's necessary for a website to function. It also explains that the software will ask for consent before sharing personal information.
Your home address, phone number, and email address for marketing are prohibited, so you won’t have to worry about your inbox getting hit with tons of spam due to KeePass use.
KeePass third-party audits
The most recent audit of KeePass was in 2016. The KeePass Trust page shows that it was audited by the European Commission’s Free and Open Source Software Auditing project. During the audit, no security problems were found.
Third-party audits provide an objective viewpoint on the security of a program by assessing the coding, documentation, and processes of software. KeePass is open-source, so it's constantly being reviewed by other eyes, but it should undergo official audits regularly.
Is KeePass safe to use?
KeePass is safe to use due to its encryption standards. All the information in the database is secured with AES-256 encryption and either Twofish or ChaCha20 encryption.
The original KeePass is also a database directly on your device, so your passwords aren't in the cloud but stored locally.
Two-factor authentication
You may have heard that passwordless authentication works better than using passwords to keep data secure.
KeePass is a bit different from many of the password managers we’ve seen. You have the option of using a key file for two-factor authentication, but genuinely we had a hard time finding the file or learning how to change it.
The KeePass website also discusses using a YubiKey, which is a USB stick. If you insert the USB stick into your device, pressing the button on the stick triggers it to enter a password for you. In contrast, the key file is like a passcode you can use in combination with your master password.
The YubiKey can also be used to enter a master password for your database. If you want even more protection for your database, you can use the challenge-response mode of YubiKey, which will require the KeeChallenge plugin.
KeePass customer service
There is no customer support for KeePass. You aren’t entirely on your own, though. There are FAQs, a help center, and tutorials to assist you with issues or questions. You can also access KeePass’ discussion forums to chat with other KeePass users.
KeePass compatibility
The official KeePass app is available for Windows only. However, KeePass lists contributed apps and extensions compatible with various devices and platforms. These include:
- macOS
- Android
- iOS (iPhone, iPad)
- Blackberry
- Chromium-based browsers
- Linux
- Freebsd
We learned the software might work on some operating systems better than others. For instance, we would prefer a straightforward program that works with our Macbook rather than a compatible port to make it work.
Top alternatives
KeePass has its strengths, but we learned that it's not user-friendly and the customization options could become overwhelming. If you're still looking for other options, consider one of our recommended alternatives:
Star rating | |||
Starting price | Starts at $1.29/mo (billed every two years) | Starts at $0.99/mo | Starts at $1.45/mo (billed annually) |
Compatibility | Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Opera | Windows, macOS, Linux, iOS, Android, Chromebook, Chrome, Firefox, Edge | Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Brave, Opera |
Autofill | |||
Password sharing | |||
Password generator | |||
Digital legacy | |||
Learn more | Get NordPass | Get Roboform | Get Keeper |
KeePass FAQs
How secure is KeePass?
KeePass is a secure password manager that uses AES-256 encryption along with ChaCha 20 or Twofish encryption architecture.
What is the benefit of KeePass?
Along with superior security, the benefit of KeePass is that it is free software that offers a portable database storage solution. Because something such as Google Password Manager isn’t safe, KeePass gives you an additional layer of support for free.
How do I use KeePass on multiple computers?
If you want to use KeePass across multiple computers, you can use another service such as Dropbox, Google Drive, or Microsoft OneDrive to create shared folders. Alternatively, you can export the database and import it to another device. You can also open the database via the cloud on another computer.
What is the best way to use KeePass?
The best way to use KeePass is to have a copy in the cloud and download a portable version so you don’t have to install it and can run it faster. From there, you can use it as a standard database to store your crucial data.
Bottom line: Is KeePass good?
KeePass works well as a database management system, but it's not the best password manager. We liked that its secure and does a proper job of guarding your private information, but we recommend opting for our alternatives, which are more user-friendly and will easily work on any machine without the need for a port or other workaround technique.
If you’re a tech-savvy person who loves to dive into open-source coding and enjoys the look and feel of a database, this software may be for you. Otherwise, if you want something simple to use and that securely stores your passwords with an easy setup, we’d recommend steering clear of KeePass and considering one of the best password managers instead. Many other programs won’t cost a fortune but will be much easier to navigate.