KeePass – Perhaps the cloud is not always the best solution

KeePass – Perhaps the cloud is not always the best solution

The era of the use of a single password shared between all accounts has come to an end. The growing frequency of data breaches has so far drawn attention to the importance of using robust and unique passwords for all accounts, and of enabling multifactor authentication whenever possible. Nevertheless, the use of several different passwords arose the issue related to the need of a safe yet easy to access storage. Many password managers tools have been trying to address the matter creating applications for both laptops and mobile devices, that can be integrated into most common operating systems (such as Google Password Manager or iCloud Keychain). These are, however, widespread solutions that imply entrusting the storage of sensitive data to third-party companies over which we cannot exercise any form of control.

Therefore, is there a valid tool that allows full control of data? The 20-year-old password manager tool KeePass has established itself as one of the most relevant solutions to the matter of storing data. The reason for the growing success of KeePass is related to its simplicity. It stores data locally on an encrypted file, whose extension is the wide compatible standard kbdx. Furthermore, it is protected by a master password that and it can be integrated into a hardware authentication tool such as YubiKey.

Another valid characteristic of KeePass concerns its open source nature that guarantees the security of the code on which it is structured – thanks to the wide and active community that always contributes to its development and improvement. Moreover, this implies the creation of alternative clients that solve the main flaws in the traditional one, such as the outdated graphical interface and the poor compatibility with mobile devices and UNIX operating systems.

I personally recommend two clients in particular, KeePassXC and KeeWeb, that are both equipped with modern interfaces, additional features and releases compatible with the majority of operating systems. Another feature that stands out is the combination of the trigger functionalities and URL overrides.

This allows to automate almost any action on the database (like saving, copying, synchronization etc), and to integrate the application with third-party programs and open ssh tunnels with putty using the credentials stored in the entries for example. Unfortunately, this is available only on the traditional client release. Also, it is important to mention that some flaws are intrinsic to the nature of KeePass itself. In other words, the file storage component makes this tool safe yet not prone to a multi-user use, unless very specific–and not much user-friendly–customizations are in place.

The user must pay special attention to the master password and the file integrity, as there is no recovery mode in case of forgotten password or corrupted file. On the other hand, the database isn’t accessible without a master password that makes it encrypted and so inaccessible. This kind of flaws can be easily mitigated, always considering that it is humanly easier to keep in mind one master password than hundreds of them. Let’s sum up the main advantages and disadvantages of KeePass!

Pros of KeePass

  • Free of charge
  • Great flexibility
  • Full control over the storage of information
  • Guarantee on the absence of backdoors because of its open source code
  • the possibility of creating custom records and shortcuts to allow the integrations with third-party software
  • Deep integration with browsers
  • many plugins and alternative clients available in order to meet different needs.

Cons of KeePass

  • Lack of support
  • Difficult integration in a multi-user environment
  • Unable to recover data in case of forgotten master password or corrupted file
  • Less “user friendly” and modern user interface than other tools.

To whom is KeePass addressed?

This tool is indicated for security aware users, as there is no official support to address in case of any problem. However, since it is an open source application, the community provides insight and help. It is worth mentioning that the great flexibility that characterizes KeePass requires time to master it and computer skills to exploit its full potential. Nevertheless, I would personally recommend it to anyone who wants to progressively regain control of their data by detaching from cloud solutions and perhaps to automate some processes otherwise manual.