18 August 2024

KeePass KeePassXC Evaluation

Topics: Security
Tags: keepass
My current Password Manager is on life support, and I look at a leading FOSS alternative.

KeePassXC

A long time ago I started using an open source program called Password Safe to manage my passwords. On Linux Password Gorilla is file compatible. There hasn’t been a commit to Password Gorilla in 5 years, and there isn’t much activity on Password Safe.

Even though it’s about the same age, KeePass is still very actively developed. Like Password Safe-Gorilla, KeePass started on Windows, then its’ community developed a cross platform version. KeePass still actively supports its’ legacy version 1, active development is on version 2. The Cross Platform version is KeePass XC, the two projects have a cooperative relationship. With mono, Key Pass 2 installs easily and runs well on Linux and Mac, KeePass XC was always intended to run on all three.

KeePass also has an active Plugins community. KeePassXC does not support plugins. While KeePass maintains a registry of known Plugins, it does not have a plugin infrastructure or vetting process – you have to download each plugin and copy it into your KeePass installation, and the Plugins I did try to use either didn’t work or didn’t add a lot. Both programs integrate enough of a feature set that plugins are unnecessary.

When setting up a new database, both variants rated my password quality. Which points to an inherent conflict, stronger passwords are a nuisance to type every time you open the vault, but medium passwords are no longer adequate. The option to add a file or hardware (yubikey) based key is offered, but unless one has the discipline to take the key out and place it somewhere else (and do this every time they need to unlock the vault), this doesn’t help if a burglar takes the computer with the key in it!

For the import process, you’ll want to use KeePass 2, because XC can only import from Bitwarden and 1Password. KeePass 2 has an import filter for Password Safe XML. Delete the export as soon as you’ve imported it, you don’t want to leave the un-encrypted file around.

On Windows both Browser and Biometrics Integration worked fairly well, but on Linux, my main OS, Biometrics didn’t work and the Browser Integration had issues. On Windows Bitwarden of course worked well with Browsers and Windows Hello, on Linux it has solid browser integration, including in browser Passkey Support.

While KeePassXC is my direct successor for PassSafe, its’ victory is tainted by the fact that BitWarden works better and lets me use PassKeys on Linux today.

Topics

Audio and Video Configuration Management Database Debian and Ubuntu Home Improvement Linux Messaging Perl Security Version Control Web Development Web Servers Windows

Tags

acrobat active-directory aegis ansible apache backup bridgetown build from source catalyst certbot certificates cpanminus exchange expect fluentd form-diva git gnome gnome-network-manager grav iis jekyll keepalived keepass kvm landesk linux-mint load-balancers lumens mint mojo-template mojolicious msi openshot otp owasp payload perl-build perlbrew pi pulse-audio pulseaudio qemu sbc sinatra sms solr spice splunk ssh systemd telephone template-toolkit ubuntu voip votecount voting vrrp wmi