keepassxc

keepassxc , 25 days ago to random

Due to repeated request, we now support SEPA transfer and Wero as new donation methods. Want to support us? Go to https://keepassxc.org/donate/ 💰

keepassxc , 2 months ago to random

Earlier this year, the German BSI together with the Consumer Advice Centre NRW performed a review of 10 popular password managers. What can we say? We're happy to be one of only few to receive a very positive review without major security concerns. 🥳 We're also mentioned explicitly for being particularly privacy-friendly.

The full report (in German) can be found at https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/passwortmanager_sicherheit_datenschutz.html and https://www.verbraucherzentrale.nrw/wissen/digitale-welt/apps-und-software/10-passwortmanager-im-vergleich-113439

nabor , 2 months ago to random German

Die Aktualisierung auf @keepassxc 2.7.11 hat eine unschöne Nebenwirkung.
Die Integration in Firefox ist ist kaputt und ich habe noch keine einfache und schnelle Lösung gefunden, sie wieder zu reparieren...

#keepassxc #firefox

keepassxc , 2 months ago to random

🎉 We're very happy to announce our new release KeePassXC 2.7.11 and... drumroll that the KeePassXC version 2.7.9 has been awarded a CSPN Security Visa by the French National Cybersecurity Agency (ANSSI). 🎉❤️🔒
See our blog post for more information: https://keepassxc.org/blog/2025-11-23-2.7.11-released/ #VisaSecu #KeePassXC

ANSSI Security Visa Logo

ALT

keepassxc , 3 months ago to random

We wrote up a blog post detailing our development and quality assurance workflow. We describe how new contributions are merged into the code base, and we address the change to our policy regarding AI-assisted code submissions and the concerns raised about it. https://keepassxc.org/blog/2025-11-09-about-keepassxcs-code-quality-control/

catsalad , 3 months ago to random

RE: https://infosec.exchange/@mttaggart/115516415501584126

Hey @keepassxc ⁠. Care to explain the AI usage in your code?

2something , 7 months ago to random

Hi Fedi,
I have been using @bitwarden since 2019, and been a premium subscriber for most of that time. Due to their recent hyping of AI, I am interested in switching away.

Update 2025-07-14
So far I am liking Gnome Secrets (desktop) and Keepass2Android (Phone). However, there does not seem to be a way to get Secrets to autofill on websites.
https://gitlab.gnome.org/World/secrets/-/issues/34

I'll give Bitwarden a few weeks to see if they can resolve their AI issues. If not, I'll probably suck it up and lose autofill.

Options I am currently considering are Nextcloud Passwords , KWalletManager, and a Keepass-based password manager synced using Nextcloud. I have questions and concerns about each, and I'm hoping you can address my concerns for at least one of these three options, or suggest something else.

Before getting into those, I'll just say I also considered and rejected Proton Pass, on the grounds that
a) The server software is proprietary,
b) Logging in requires a Captcha. I can pass the captcha, but I'm always afraid that I will fail it.
c) The CEO has said and done bad things,
d) The company is also into AI.

So, what are the options I am considering?

Keypass with Nextcloud for syncing
This is the recommendation I see the most. I have three concerns: two regarding use on Android and the other on desktop.

First, on Android, one Bitwarden feature I use heavily is "unlock with pin." Downloading my Bitwarden vault from the server requires entering my very long Bitwarden password plus 2fa. Unlocking my vault on my device to which I am already logged in only requires entering a short password. That's good, since entering my full password on my phone takes a long time.

Keepass doesn't seem to have a native feature like this, but I can sort of replicate it by having a strong password for my Nextcloud account and a weak password for my keepass file.

The concern I have with doing this is that it would mean the folks who run my Nextcloud server, or anyone who hacks them, would have access to my password vault encrypted with a fairly weak password. Is this something I should be worried about? Is there a way to use a strong password for my Keepass vault without needing to take a long time to type it every time I need to log in to anything?

Note that I don't think I can use biometrics. I don't have clear fingerprints, and my phone (Pixel 6a) doesn't AFAIK support face ID.

Next up is the question of which Keepass-compatible apps to use, on both desktop and Android. There seem to be a lot of choices on Android and I have no idea how to narrow it down.

EDIT: The two that people seem to like are Keepass2Android (only on Google Play) and KeepassDX (on F-Droid). Both seem very nice.

On desktop, there seem to be fewer options. I see @keepassxc recommended a lot, but their Github says they allow AI-generated code contributions, so I don't think I can trust them not to lose my passwords.
https://github.com/keepassxreboot/keepassxc?tab=readme-ov-file#generative-ai

Then there's Gnome Secrets
https://flathub.org/apps/org.gnome.World.Secrets
Which looks a lot better. However, it doesn't have a way to autofill on websites, and this issue has been open for a long time.
https://gitlab.gnome.org/World/secrets/-/issues/34

Nextcloud Passwords

Aside from using Nextcloud to sync a Keepass valut, there is also Nextcloud's native password manager. There appear to be three Android apps:

1. https://f-droid.org/en/packages/com.hegocre.nextcloudpasswords/

I am able to log in to this one with my Disroot Nextcloud account. However, I see a red banner at the bottom of the app saying "Cannot connect to server. Tap to retry." (Retrying regenerates the same banner).

2. https://f-droid.org/en/packages/es.wolfi.app.passman/

In this case I cannot even log in: entering my username and password produces

Network error: HTTP request failed with http status-code: 404

3. https://f-droid.org/en/packages/de.jbservices.nc_passwords_app/

This one I also can't log in, but there is no error message, I just get sent back to the login screen.

I also tried logging into the desktop flatpak and I am seeing white text on white background.

KWalletManager
I have a rule that if I want to use my computer to do X, and there's a KDE app which does X, then I will give the KDE app a fair try. KDE has a password manager, so I have to at least consider it.

The issue here is I can't figure out any way to sync it with Android. Can this be done?

Passky
I took a look at Passky.
https://passky.org/download

It's a service like Bitwarden: one company provides a desktop app, a mobile app, a browser extension, and a service to sync all of them. One thing to note is that it seems like all of their repositories have very little activity: The Android repository has had no commits for close to three years, the web vault has had no commits for close to two years, and the desktop repository (which is Electron) has had no commits since April 2024. That might not be a bad thing if it's working, but I don't think I'm qualified to assess the difference between "this software has unpatched security issues we aren't fixing" and "This software is working perfectly so we don't need updates."

Their website has a broken link to Google Play, as the app seems to be delisted, but the do have an f-droid app.
https://f-droid.org/en/packages/com.rabbitcompany.passky/
Their website has a broken link to Google Play, but it seems they do have an f-droid app
https://f-droid.org/en/packages/com.rabbitcompany.passky/
In addition to a verified flatpak.

Pwsafe
Then there's Password Safe
https://pwsafe.org/

Much like Keepass, it stores all passwords as a single encrypted file and expects you to use another program to sync. There are iOS and Android apps that are compatible.

The trouble here, as with Keepass, is getting the desktop app to autofill on websites. It does nominally have an "autofill" feature, but it can't detect when the site you are viewing corresponds to an entry: you have to open the desktop app, search for the relevant entry, open it, and then click "autofill." It's a lot less convenient than clicking the icon for Bitwarden's browser extension.

#PasswordManager #AppRecommendation #Bitwarden #Keepass #KWalletManager #Nextcloud #passky #pwsafe

keepassxc , 8 months ago to random

🚨 Attention! We were made aware of a fake “KeePassXC Password Manager Pro” repository on GitHub that links to unverified external binary downloads.

• There is NO Pro version of KeePassXC!
• You get all the “Pro” features with the regular version.
  Please download KeePassXC only from trusted distribution channels linked on https://keepassxc.org/ !

Screenshot of the fake Pro features.

ALT

keepassxc , 1 year ago to random

Hey there, looks like #KeePassXC is relevant enough that 🤡 #AI #slop security foo companies now target our keywords on Google mobile search. What do you think would happen if suddenly lots of people started clicking those ads without actually buying anything?!🧐😁🤑

ALT

keepassxc , 1 year ago to random

🚨BLACK FRIDAY SALE!!! 🤑📉 Our FREE software is 90% OFF this weekend!!

Get your deal at https://keepassxc.org/download NOW (only while stock lasts)! This is not a drill!

Also, if you want to support us more, we have options listed for you at https://keepassxc.org/donate 🤗

keepassxc , 1 year ago to random

Debian Users - Be aware the maintainer of the KeePassXC package for Debian has unilaterally decided to remove ALL features from it. You will need to switch to keepassxc-full to maintain capabilities once this lands outside of testing/sid.

keepassxc , 1 year ago to random

Passkeys! Passkeys! Come get yur Passkeys!!
We have released KeePassXC 2.7.7 with full support for Passkeys through the browser integration service. This release also brings 1Password and Bitwarden importers and many other enhancements. Read more here: https://keepassxc.org/blog/2024-03-10-2.7.7-released/