KeePass Review 2024: Is Storing Passwords Locally Worth the Effort?

After testing KeePass, we found it could be more work than password manager users could want but it does have top security standards.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.
3.8
Editorial Rating
Learn More
On KeePass's website

Password Manager
KeePass
  • Strong security
  • Completely free
  • Open-source code can be intimidating and technical

KeePass is ideal for database management setup but it can be frustrating to use as a standard password manager. As we set up the password manager, KeePass did little to explain its features so we had to rely on the help guides and turned to Google when even those weren't clear.

Our testing clarified KeePass is best for those wary of keeping their passwords in the cloud and are game for a more customizable option. Learn more about our experiene with this password manager. 

Pros
  • Completely free
  • Military-grade encryption standards
  • Endlessly customizable with plug-ins for two-factor authentication, cloud storage and more
Cons
  • Unfriendly user portal
  • Open-source code can be intimidating
In this article
At a glance
Our experience
Cost
Features
Privacy policy
Is KeePass safe to use?
Customer service
Alternatives
FAQs
Bottom line: Is KeePass good?

At a glance

Price Free
Free version Yes
Compatibility Windows, other platforms unofficially
Browser extensions Unofficial extensions for Chrome, Firefox, Edge, Safari, Brave
Password sharing No
Encryption AES-256, ChaCha20, Twofish
Password generator Yes
Password strength report Yes
Autofill No
Digital legacy Yes
Cloud storage No
Learn more Get KeePass

How we test and rate password managers

We put every password manager through vigorous hands-on testing by downloading the software to our own devices. We test how the product works on both mobile and desktop, evaluating how well we're able to save, share, and use passwords across a variety of situations.

By taking a fine-tooth comb through all available features and settings, we carefully compare each product using our proprietary grading rubric. The star ratings take into account price, features, extras like cloud storage and data breach alerts, plus looks at security and privacy features like encryption levels and past data breaches. 

To learn more about how we test, check out our full testing methodology here.

We last tested KeePass on November 11, 2024.

3.8
Editorial Rating
Learn More
On KeePass's website
Password Manager
KeePass
  • Strong security
  • Completely free
  • Open-source code can be intimidating and technical

Our experience

We tested KeePass on our laptop running Windows 11. The setup process leaves much to be desired, as you'll be welcomed by an empty dashboard with no instructions.

KeePass empty dashboard

Other programs give you prompts so you know what to do next. To learn how to use KeePass, you’ll probably need to use the tutorials on the website. 

From the KeePass site, you'll find a link for the First Steps Tutorial under the KeePass Help Center. This page breaks down how to create a new database, add an entry, use entries, and more. 

From the tutorial, we learned how to create a database and proceeded to import files. KeePass allows you to import via CSV, but it surprisingly also includes different file types for import from 1Password, Bitwarden, Dashlane, and more. 

KeePass CSV importer with list of usernames and passwords to import

However, we found the user interface to be unfriendly and not intuitive. In fact, we thought the interface seemed outdated and reminded us of old database software. 

KeePass database dashboard

We aren’t saying this is a bad password manager. It offers good security and standard features like the password generator and a password quality check. It’s also open-source software, so you can review the code if you want. But we wish it was easier to use, even for us.

How much does KeePass cost?

KeePass is a free, open-source program. We've compiled KeePass's standout features in the table below:

KeePass
Number of users Unlimited (users with database access)
Encryption AES-256, ChaCha20, Twofish
Autofill
Password vault
Password generator
Two-factor authentication
Data breach alerts
Digital legacy
Details Learn more

KeePass features

KeePass keeps all files encrypted, including the entire database. The database is KeePass’s version of a password vault. That means not only your passwords, but your usernames, website address, and notes all get extra security. 

KeePass 1.x uses AES-256 and Twofish-256, whereas KeePass 2.x uses AES-256 and ChaCha20. The AES-256 is the standard encryption service used by the U.S. federal government and approved by the National Security Agency, which makes it secure in our opinion.

It’s also an open-source password manager, so you can view the HTML code within KeePass. There’s nothing hidden, and the idea is that everything is out in the open for anyone to review.

Importing and exporting passwords

One feature KeePass does includes is the ability import and export credentials into your database. The formats for import include the generic CSV importer, other KeePass files, or other password managers in various file formats. 

KeePass window to import file/data

We tested this feature with a CSV vault we downloaded from Roboform. The generic CSV importer presented both the title and the email address of the entries as the user name. We went back to the structure tab to specify the layout of the CSV file.

KeePass window for the Generic CSV Importer open on the Structure tab

To import your vault, just select File > Import. Note that the file you're importing may not align with KeePass's layout, so it could need adjustment. 

Password generator

KeePass recommends using the password generator to create secure passwords. We found the password generator under Tools > Generate Password. 

KeePass is more customizable than most of the password managers we've tested. Along with selecting the character length, use of uppercase and lowercase, and numerals, you can also specify the specific symbols you want included. You can also generate passwords using patterns or custom algoritms.

KeePass password generator window

These options can get quite detailed depending on how unique you want the passwords. Rules that can be implemented include requiring the use of a certain number of uppercase or lowercase letters and requiring a certain number of digits.

Auto-type

KeePass uses auto-type to automatically enter usernames and passwords. With this feature, you can define a sequence of key presses that will be entered for you when you open a browser window or access a login screen.

We tested auto-type by going to the Roboform login page. We opened our KeePass app, right-clicked the Roboform entry, and selected Perform Auto-Type. KeePass filled out our credentials, but it's not as seamless as a browser extension with true autofill. There are KeePass browser extensions, but these are contributed and unofficial options. 

Roboform login page side-by-side with KeePass dashboard

Keep in mind this is not your usual autofill feature. Other password managers give you a screen to set up your login credentials and do most of the work for you. With KeePass, there is more work on your part.

Password strength report

KeePass uses an algorithm to estimate the strength of a chosen password. It looks for patterns based on a list of thousands of common passwords. 

KeePass shows the quality of the password in entropy bits. Entropy bits measure the strength of passwords based on the number of guesses it would take to crack that password. You get a score from 0 to greater than 128. Anything over 128 is considered a very strong password by the program. 

KeePass password quality tab with list of entries

Good news: You don’t have to fully understand machine learning to see whether your password is strong. KeePass will show you, and you can change it to something else if you want.

Digital legacy

Once you've set up your database, KeePass prompts you to print your emergency sheet. You'd fill out the sheet with the information required to open your database.

The emergency sheet is the only form of digital legacy we found, as the prompt stated it could be shared with trusted contacts if they need access.

KeePass pop-up to print the emergency sheet

KeePass privacy policy

According to its privacy policy, KeePass processes personal data only if it's necessary for a website to function. It also explains that the software will ask for consent before sharing personal information. 

Your home address, phone number, and email address for marketing are prohibited, so you won’t have to worry about your inbox getting hit with tons of spam due to KeePass use.

KeePass third-party audits

The most recent audit of KeePass was in 2016. The KeePass Trust page shows that it was audited by the European Commission’s Free and Open Source Software Auditing project. During the audit, no security problems were found. 

Third-party audits provide an objective viewpoint on the security of a program by assessing the coding, documentation, and processes of software. KeePass is open-source, so it's constantly being reviewed by other eyes, but it should undergo official audits regularly. 

Is KeePass safe to use?

KeePass is safe to use due to its encryption standards. All the information in the database is secured with AES-256 encryption and either Twofish or ChaCha20 encryption.

The original KeePass is also a database directly on your device, so your passwords aren't in the cloud but stored locally. 

Two-factor authentication

You may have heard that passwordless authentication works better than using passwords to keep data secure. 

KeePass is a bit different from many of the password managers we’ve seen. You have the option of using a key file for two-factor authentication, but genuinely we had a hard time finding the file or learning how to change it.

The KeePass website also discusses using a YubiKey, which is a USB stick. If you insert the USB stick into your device, pressing the button on the stick triggers it to enter a password for you. In contrast, the key file is like a passcode you can use in combination with your master password.

The YubiKey can also be used to enter a master password for your database. If you want even more protection for your database, you can use the challenge-response mode of YubiKey, which will require the KeeChallenge plugin.

KeePass customer service

There is no customer support for KeePass. You aren’t entirely on your own, though. There are FAQs, a help center, and tutorials to assist you with issues or questions. You can also access KeePass’ discussion forums to chat with other KeePass users.

KeePass compatibility

The official KeePass app is available for Windows only. However, KeePass lists contributed apps and extensions compatible with various devices and platforms. These include:

  • macOS
  • Android
  • iOS (iPhone, iPad)
  • Blackberry
  • Chromium-based browsers
  • Linux
  • Freebsd

We learned the software might work on some operating systems better than others. For instance, we would prefer a straightforward program that works with our Macbook rather than a compatible port to make it work. 

If you plan to download KeePass, be sure to download the ports directly from the KeePass site or other official sources.

Top alternatives

KeePass has its strengths, but we learned that it's not user-friendly and the customization options could become overwhelming. If you're still looking for other options, consider one of our recommended alternatives: 


Star rating
5.0
4.6
4.5
Starting price Starts at $1.29/mo (billed every two years) Starts at $0.99/mo Starts at $1.45/mo (billed annually)
Compatibility Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Opera Windows, macOS, Linux, iOS, Android, Chromebook, Chrome, Firefox, Edge Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Brave, Opera
Autofill
Password sharing
Password generator
Digital legacy
Learn more Get NordPass Get Roboform Get Keeper

KeePass FAQs


+

How secure is KeePass?

KeePass is a secure password manager that uses AES-256 encryption along with ChaCha 20 or Twofish encryption architecture.


+

What is the benefit of KeePass?

Along with superior security, the benefit of KeePass is that it is free software that offers a portable database storage solution. Because something such as Google Password Manager isn’t safe, KeePass gives you an additional layer of support for free.


+

How do I use KeePass on multiple computers?

If you want to use KeePass across multiple computers, you can use another service such as Dropbox, Google Drive, or Microsoft OneDrive to create shared folders. Alternatively, you can export the database and import it to another device. You can also open the database via the cloud on another computer.


+

What is the best way to use KeePass?

The best way to use KeePass is to have a copy in the cloud and download a portable version so you don’t have to install it and can run it faster. From there, you can use it as a standard database to store your crucial data.

Bottom line: Is KeePass good?

KeePass works well as a database management system, but it's not the best password manager. We liked that its secure and does a proper job of guarding your private information, but we recommend opting for our alternatives, which are more user-friendly and will easily work on any machine without the need for a port or other workaround technique.

If you’re a tech-savvy person who loves to dive into open-source coding and enjoys the look and feel of a database, this software may be for you. Otherwise, if you want something simple to use and that securely stores your passwords with an easy setup, we’d recommend steering clear of KeePass and considering one of the best password managers instead. Many other programs won’t cost a fortune but will be much easier to navigate. 

3.8
Editorial Rating
Learn More
On KeePass's website
Password Manager
KeePass
  • Strong security
  • Completely free
  • Open-source code can be intimidating and technical
Author Details
Patti Croft is a seasoned writer specializing in technology, with three years of experience. With a B.S. in Computer Science and a background as a technical analyst and security specialist, she covers a range of topics like data security and parental control software.
Steph Trejos is an Editor at All About Cookies, leveraging her expertise in the cybersecurity field. She holds a B.A. in English: Editing, Writing, and Media, as well as Media/Communications Studies. With over five years of professional writing experience, she has garnered recognition for her work on anti-financial crime topics, such as money laundering, terrorist financing, and cyberthreats.