KeePassXC: A Starter Guide

We all need and use password. The passwords we use should be complex and unique. Password re-use is a huge problem with large data breaches becoming more and more common these days, with billions of data records lost or stolen since 2013.

So how are we suppose to remember tens of strong, complex and unique passwords? We don’t! We only need to remember one good password and use a password manager.

There’s a whole bunch of password managers available, and most of them are not free. Some of them even offer subscriptions. I don’t know about you, but I find the idea of renting software retarded.

Some vendors even advertise their password managers as “military grade” or “bank level” secure. But how can you be 100% sure your data is actually stored securely? There certainly was no lack of breaches and vulnerabilities found with most of the popular password managers in the past.

Using the built-in manager of your favorite browser is definitely not a good idea either.

Ideally we would use a password manager that we’re in full control of.

PROS of KeePassXC

  • Free and Open Source
  • You are in full control
  • Cross-platform
  • Encrypted database
  • Local database storage
  • Sync database on all platforms via your preferred method ( e.g. flash drive, mail, dropbox etc )
  • Can use “Perform Auto-Type” ( more on that later ) on apps too not just the browser.

Cons of KeePassXC

  • Not the prettiest UI
  • No automatic capture of login credentials. You must manually enter them in the database.
  • Breaks you out of Apple’s bullshit ecosystem that users love to praise so much

Bottom line

If you want full control over your sensitive data this is for you. If you don’t have 5 extra seconds to handle your sensitive data, this is definitely not for you and there’s plenty of automated services out there. Pay until you realize why a FOSS alternative is more often than not a better choice.

What is KeePassXC?

KeePassXC is a free, open source, encrypted and offline cross-platform password manager. It can also store more than just usernames and passwords. You can create entries to store other things like account numbers, product keys, airline frequent flyer information, or serial numbers.

What is a password manager?

A password manager is a tool that creates and stores all of your passwords, so you don’t have to memorize them. You only need to remember one master password that allows you access to the encrypted password manager database.

KeePassXC is not the only app of its kind. There are others with similar names like KeePass and KeePassX. Some of them are based on the same code while others just use the same database format.

In this tutorial we’re going to take a quick look at KeePassXC ( for macOS, but the process is similar on Linux and Windows ) not only because it’s cross-platform but also more actively developed than other alternatives.

How KeePassXC works?

The app uses password databases. The database is a file that stores a list of all your usernames and passwords. It’s also encrypted by a master password when stored on your computer.

NOTE: since your master password will encrypt and protect all of your other passwords, you should make it as strong as possible. Also, keep multiple copies of your database. On external drives and so on.

What’s a master password?

A master password, it’s the only password you will need to remember and acts like a key that opens the password database. Without the master password, you ( or anybody else ) can’t see what’s inside the password database.

Download 

You can download KeePassX for macOS, Linux and Windows here. On macOS you can also install KeePassX via Homebrew cask with the following command “brew cask install keepassxc” ( no quotes ).

 

Getting started…

1. Download and install KeePassXC 

2. Launch KeePassXC and click “Create new database”

3. You will be prompted to name your database and save it. You can give it any name, and save it wherever you want. I’m going to name mine “Passwords” and save it on Desktop.

NOTE: after you save your database, you can move it to any location on your hard drive, on a USB storage, on another computer. It doesn’t matter. You can use this database on any other device as long as it has KeePassXC ( or something capable of reading the database ) and you know the master password.

4. On the next screen you will be prompted to choose your master password and ( optional ) a keyfile.

What’s a keyfile?

A keyfile is any file ( an image, a video, a text file, ANY file ) that can be used in addition to your master password. This will make it even harder for someone to decrypt your database. However, you’ll need to make sure that the file you’re using as a keyfile never gets modified. If even a single bit of information is being modified, you will no longer be able to decrypt your password database. Choosing a keyfile, in this case, is not necessary for most people. Just set a strong master password.

5. That’s pretty much it. You’ve created your database. Now let’s move on and store all the passwords.

6. KeePassXC allows you to organize your passwords into groups. Think of these groups as folders and subfolders. You can create, edit and delete these groups. To create a group, right click on the left column ( where it says “Root” ) and select “Add New Group”.

7. You can name the group ( for example: Banking, Shopping, Web etc ) and set an icon for the group ( select from the ones available or add your own ).

NOTE: you don’t have to create groups if you don’t want to. You can just dump all of your passwords under Root. Groups won’t affect the functionality, but will help you keep everything organized. You can also create groups later on, and just drag and drop passwords into their respective groups.

8. Now to create and/or store passwords…. select a group and in the right column you can right-click to  add a new entry ( or cmd+N ).

9. On the next screen you will be able to set your username and password:

  • Enter a descriptive title the will help you recognize the password entry.
  • Enter the username associated with the password.
  • Enter the password associated with that account. You can also generate a password ( useful for new accounts or if you want to change an existing password. REMEMBER!  using the same username and password for all of your online accounts it’s never a good idea )
  • Set the URL
  • You can also choose an icon for your password entry, upload your own, or download the website’s favicon ( not all websites will allows KeePassXC to download the favicon )

9.1 If you want to generate a new password, click on the dice

Now choose between a password and a passphrase and set the length. Once you’re satisfied click Apply.

NOTE: not all website allow a password longer than a certain numbers of characters or allow ASCII. If allowed, just select everything, set the maximum length and click apply. Obviously this is overkill but since you don’t have to remember the password, nobody is stopping you to future-proof your passwords.

10. When you’re satisfied with your entry, click OK to save it. You can edit or delete the entry at any time.

 

 

Now here comes the fun part. Sadly Probably here’s where most people will say fuck it and stick to any other password manager, even if they have to pay for it ( or worst, use a pirated version ). Not to mention the possible security/privacy risks.

How to use KeePassXC to login?

1. Browse to the desired website or window ( KeePassXC works with apps too not just websites )

2. Go to the login page, and…. three options:

  • In KeePassXC, right click on the password entry and copy the username then paste it to the appropriate field. Go back to KeePassXC, and copy the password then paste it. The cool thing about KeePassXC is that the username and/or password will be deleted from clipboard after 10 seconds by default ( you can set how long the username/password stays in the clipboard in KeePassXC’s settings under security ).

  • Go to the website/window, click on the username field, then go to KeePassXC’s password entry, right click and choose “Perform Auto-Type”. Watch how KeePassXC types your username, password and clicks on the login button to log you in.

  • (update Dec. 2019, thanks to dwagenk ) You can also map the auto-type feature to a global key combination. Activate it in the settings.

Now focus the username field of a login form and press your key combination. If the database is locked, KeepassXC will ask for your master-password, otherwise it will directly pop up a list of possible matches for the website/window you’re trying to log into. Select the matching entry and press enter. KeepassXC will log you in.

The selection of matching entries is done based on the window title. So if the websites title is “Funkyspacemonkey’s Forum — Sign in” ( doesen’t exist, just an example ) and you have an entry “funkyspacemonkey” in your database, it will present it to you as a possible match.

If the website just says “Sign in” in the title KeepassXC will probably not find a matching entry in the database. You can add hints to your database entries by editing the entry ( rightclick > edit ), select the Auto-Type tab and populate the “Window Associations” field with hints.  Save the changes. From now on KeepassXC will also present you with this entry as an option, if it sees the “Sign in” window title again.

 

 

Having said this, it’s really not THAT bad. It will just take you out of that comfort zone offered by other, commercial, password managers.

The annoying part is when using the database on mobile devices. Specifically on iOS devices. I’m not going to cover Android because I’m not familiar with KeePass on Android.

The problem is, for some, that every time you make changes to your database you will need to sync it with your mobile device.

There’s no cloud with KeePass, but since the database is encrypted you can easily save the database to your dropbox and open it on your iPhone.

Moving past that, there’s no autofill in Safari anymore ( or any other 3rd party browser ). You will have to copy-paste the username and password manually from the database to the website or app.

There is some good news too….

1. You don’t need to login on every page you visit so not very time consuming

2. The app that I use on my iPhone and will recommand has a built in browser that will allow you to easily sign in to a page. I still don’t use the app’s browser, I manually copy-paste but you might find it easier to use that.

 

Apps

  • For iOS you can use MiniKeePass ( free and open source )
  • For Android you can use Keepass2Android ( free and open source )