KeePass Review – Great Password Management or an Open-Source Disaster?
Who can get by without passwords these days?
From your bank accounts to social media and email, there’s no way to work in an online environment without using them.
The downside of passwords is that they can be stolen. What happens to your precious data then?
Since no one is chomping at the bit to become a victim of online theft, it makes sense to protect yourself. That includes using some secure way to keep up with your passwords and not have to go through the agony of remembering which combination you used on which site.
In other words, you need a password manager.
But not just any old password manager. You need one that does the job, is somewhat flexible, and that you can master with relative ease. KeePass might be the right one for you.
Here’s what you need to know about this manager, including what sets it apart from similar products.
Exactly What is KeePass?
If you’ve been paying attention, you already know that KeePass is a password manager. What you may not know is that it’s an open source product.
What’s open source?
Basically, it’s software that uses source code anyone can see and change in some way that hopefully enhances the functionality. By no means does that mean open source software is inherently unsafe; many examples have built-in protections that make it just as secure as proprietary branded software.
What it does mean is that a group of committed users can pool their ideas and come up with ways to make what’s already a good thing better.
In terms of KeePass, that means there are experts who also happen to be consumers out there constantly looking for ways to make the product stronger. It also means that the basic product is offered at no charge.
Why Do I Need a Password Manager?
Password managers are applications designed to store login information in a secure setting.
The data is stored in encrypted form and can only be accessed by someone who has what’s generally called a master password. That master password is what allows the browser to access the list and pull the right one for logging into a specific site.
Think of it as a virtual safe. You put your valuables in the safe (in this case passwords) and lock the door. Without the combination, no one is getting into the safe. As the one who has the combination, you can open the door any time you want.
Not all password managers are alike. Some do a better job of protecting passwords than others. To learn if KeePass is a worthy product, keep reading.
Do I Need KeePass or any Password Manager?
If you like the thrill of leaving yourself susceptible to being hacked, don’t bother with KeePass…
On the other hand, people who prefer to not have their identities stolen or their data corrupted will love this resource.
How serious can it get? Consider these recent events:
In August 2018, Air Canada isolated a mobile app breach and locked down 1.7 million app user accounts. When the dust settled, they found that the login credentials of more than 20,000 customers were stolen. That means 20,000 people had to change their login information pronto and hope that the breach didn’t lead to problems on other sites.
During the first week of September 2018, British Airways found that details for 380,000 clients had been compromised. Once again, people had to scramble to update passwords and hope for the best.
Anyone using KeePass would be able to rest easy and know that the breaches were unlikely to affect them.
What Systems Will KeePass Work On?
Different editions of KeePass will run on various versions of Windows. If you happen to love Linux, you’ll find editions that work with most Linux operating systems, including the Lubuntu systems. The software is compatible with most Android systems as well as Mac and iOS.
You may have to do some digging to find out which edition of KeePass works with a certain system. Don’t fret if you are still running an older system that’s no longer supported by anyone. You can find an edition that will work with systems as old as Windows 98.
This is one of the ways KeePass stands out in the password manager crowd. Many are designed specifically for the latest operating systems. If you are running an older machine that will not support recent system releases, you’re out of luck. If you go with KeePass, there’s a good chance of finding a manager that works perfectly.
Keep in mind that the apps designed to let you use KeePass are still free, but they may require that you view ads from time to time. Who doesn’t loves a good commercial now and then?
Let’s Talk Setup
Setup is one of the areas where critics disagree on KeePass. There’s no doubt it requires more effort in setting up the password database.
Some might consider that daunting, simply because they’ve grown used to the built-in password saving and management system found in most major search engines.
However, some people think baking a cake is daunting because it’s harder than picking up one at the bakery. Others thrive on baking their own cakes and sail through the process. If you are the type who isn’t afraid of a little data entry, KeePass setups will be, well, a piece of cake.
Here’s the basic process. Keep in mind it might differ slightly from one edition to the next:
- Create a name and specify a location for the password database file you’ll keep on the system.
- Make up the master password that you’ll use to access the database.
- Choose advanced options, if any, you want to use instead of or along with the usual user account authentications.
- Set the security preferences for KeePass and any other functions you want to customize.
- Have fun choosing colors for the database display as well as the layout.
Remember this. There’s no automatic syncing between devices. You’ll have to repeat the process on each device that you plan to use with KeePass.
Can I Import Passwords From Other Sources?
It depends on the source and the edition of KeePass you’re using.
For example, you may have passwords stored in Chrome. Most editions will allow you to grab those passwords and import them with the built-in tool. If you have a generic password file, maybe even a spreadsheet with headers identifying the passwords, you might be able to import them.
If you’ve used some other type of password manager before and decided to make a switch, there is the chance you could grab whatever you have stored in the other program and import that data.
If you import from an outside source, remember to check the data carefully afterwards. The last thing you need is to try logging into a site quickly and find that something didn’t import correctly.
How About Updating My Passwords? Is It Difficult?
You already know it’s smart to update passwords from time to time. What happens when you want to update the master password or one of the passwords already in the database? It’s not hard.
You should make a copy of the current database, just in case a problem develops. After that, you can open your database, go to File, select Change Master Password, and follow the prompts.
In most editions, updating saved passwords is a lot like updating a field on a spreadsheet. Go to the cell containing the password and change it. Remember to save your changes and you’re done.
Going Forward, Will KeePass Capture New Passwords and User Names?
One feature that some will see as a drawback and others won’t mind has to do with entering passwords for new accounts. KeePass won’t automatically add them to the database.
You’ll need to log in using your master password and manually enter the data yourself. It won’t take long and there’s some comfort in knowing your buddy won’t add his passwords to the database when you let him borrow your laptop while his is in the shop.
Can I Take It With Me?
Most editions of KeePass are designed to reside on a desktop, laptop, tablet, or smartphone.
However, there are editions you can load on a jump drive and take with you anywhere. The database remains on the jump drive and is accessed directly rather than downloading onto whatever machine you’re using.
That makes it handy to bring with you when traveling and would rather not lug a laptop around.
Let’s Talk Cost! How Much Will KeePass Set Me Back?
Remember we said that KeePass is open source software? That means it won’t cost you anything.
Sure, you can find jump drives or CDRs that have KeePass already loaded on them, usually at auction sites and similar shops. What you are buying is not the software itself, but the physical storage object.
Don’t waste time and money buying a KeePass CD or jump drive (unless you are experiencing an overwhelming urge to buy a new jump drive anyway).
You can download the edition needed as long as you have a relatively fast Internet connection.
So How Do I Find the Right Edition?
There is no one single edition of KeePass. Along with 1.x and 2.x, there are variations designed to work on a number of different platforms. Ponder these factors before going on the hunt:
- The type of device you use: desktop, laptop, tablet, smartphone, jump drive.
- The operating system: there are editions that will work for old systems like Windows 98 all the way through Windows 10 or the latest Linux product. You just have to know which edition works with what.
- The browser: do you prefer Safari or love using Silk? There are editions that work just fine with the lesser-known browsers.
There are over two dozen derivations currently available and the list is growing. You can narrow the search by identifying devices, operating systems, and browsers to find the one(s) that will work for you.
To sum things up, here are the major advantages and drawbacks you want to consider:
- Easy to install and customize.
- Compatible with many devices and operating systems.
- Pop it on a jump drive and take your passwords anywhere.
- Some may find the setup difficult.
- There’s no automatic syncing between devices.
- You have to enter new passwords or update old ones yourself.
Recommendation: Try KeePass on one of your devices. Play with it and see what you think. If you like it, load it on all of your devices. It may be a little work on the front end, but the protection and the ease of use after that make the time and effort worth it.