I used KeePassXC for a period, but from these release notes, the UI/UX still isn't great. If you're on macOS, I recommend MacPass, which feels more native to the system, is compatible with existing KBDX databases and most-importantly, is also open-source: https://github.com/MacPass/MacPass
I just switched from MacPass to KeePassXC for the reason mentioned in release notes: it obsoletes the HTTP Connector and uses another mechanism. MacPass keeps using HTTP, and it is uknown, when it will do the same switch.
Given that I use multiple computers, and the extensions are synced, I want to use the same mechanism on all of them.
I was a little confused by your comment at first, maybe you didn't intend it that way, but I got the impression that you meant MacPass is open source, unlike KeePassXC. Except that KeepassXC is in fact open source: https://github.com/keepassxreboot/keepassxc/
I suppose you meant that MacPass is open source, unlike some other Mac password managers?
I didn't really check until someone downthreads mentioned that KeePassXC is (basically) a superset of KeePassX, which I know is open source because I use it as my password manager. So that means it's time for me to check out KeePassXC :) See what it does for me :)
I highly recommend https://keeweb.info/ if you're looking for an attractive, easy to use, cross-platform and Open Source solution. I've been using it on Windows and MacOS for years without any major issues. It's by far the best looking front-end for keepass databases I've seen.
I love KeeWeb, especially when used together with Nextcloud. I can access my passwords in a buch of different ways, all synced and all secure (the kdbx has a password and a file key).
1. In KeeWeb from inside Nextcloud (there's an app)
2. In external KeeWeb over WebDAV (great when using it as a PWA)
3. In KeePass proper using desktop file sync
4. In a KeePass-compatible app from the Nextcloud app
All of these sound janky, but they work better that any other free software self-hosted cloud password manager.
Since it got a lot of positive attention last time, here's a rough guide on getting started with password management, aimed at readers here who are not currently using a password manager:
I address that at the bottom of my post. Keepass is the original, KeepassX is the Qt rewrite.
KeepassXC got Qt 5 support, a bunch of misc QOL improvement patches, is actively maintained (unlike KeepassX) and also received some nice extra features such as TOTP 2FA support. It's a superset of KeepassX, so there's no real reason to use KeepassX at this point.
The mentioned issue has the following statement which makes me wonder whether concurrent use on sync services is supported atm:
> I was going to add tests for "concurrent" access of the same file in phase 2 of these changes. Phase 2 is refactoring the saving process entirely to make it asynchronous and robust to file sync services.
From my experience, it already works somewhat. Atleast, whenever I overwrote the file in Nextcloud and my desktop pulled the update, it would merge the changes automatically.
KeePassXC can read KeePass2, so it only needs to replace that. That said, I haven't found a Kee replacement I like, so I'm still on KeePass2 (and it's fine for my needs).
Anyway we are following the Debian guidelines.
The full copyright for each component and file is specified in the COPYING file in the root of the repository along side with each author.
Not all parts of the source code are available under the same license. The individual source code files include the applicable license. Doing this is fine for compatible licenses and not unusual for projects, though it can make certain things more complicated. Here's an example of what GNU says about GPL compatibility[1] - roughly meaning the whole work is published as GPL.
> The full source code is published under the terms of the GNU General Public License.
We see open source as a vital prerequisite for any security-critical software product. For that reason, KeePassXC is and always will be free as in freedom (and in beer). Contributions by everyone are welcome!
Well, in my amateurish opinion - there was nothing wrong with the existing AES encryption implementation. But they also had a key derivation function based on running many iterations of AES, which was weird and non-standard, I mean it seemed like it would work, but it's not proven in the cryptographic community. Now they've switched to Argon2 which is a very well reviewed KDF and I have a lot more faith in that.
Readit News
I used KeePassXC for a period, but from these release notes, the UI/UX still isn't great. If you're on macOS, I recommend MacPass, which feels more native to the system, is compatible with existing KBDX databases and most-importantly, is also open-source: https://github.com/MacPass/MacPass
Given that I use multiple computers, and the extensions are synced, I want to use the same mechanism on all of them.
I suppose you meant that MacPass is open source, unlike some other Mac password managers?
I didn't really check until someone downthreads mentioned that KeePassXC is (basically) a superset of KeePassX, which I know is open source because I use it as my password manager. So that means it's time for me to check out KeePassXC :) See what it does for me :)
I do recommend that anyone without PW manager atm either try KPXC or Keepass itself. It's worth it for your security.
Electron apps ...
I've tried the offline versions, but I find myself often on the go - without my laptop.
The tools for mobile don't seem to support updates - read only. Keeweb does both.
https://leclan.ch/password-managers/
TLDR: Download KeepassXC and start using it. :)
KeepassXC got Qt 5 support, a bunch of misc QOL improvement patches, is actively maintained (unlike KeepassX) and also received some nice extra features such as TOTP 2FA support. It's a superset of KeepassX, so there's no real reason to use KeepassX at this point.
If you use Keepass on something like Dropbox it's a blessing.
> I was going to add tests for "concurrent" access of the same file in phase 2 of these changes. Phase 2 is refactoring the saving process entirely to make it asynchronous and robust to file sync services.
KeepassXC doesn't work on iOS. It is just a replacement for KeePass2
Did they just copy paste every different license they could find into the repo?
This comment is really funny and made me laugh.
Anyway we are following the Debian guidelines. The full copyright for each component and file is specified in the COPYING file in the root of the repository along side with each author.
[1]: https://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean
> The full source code is published under the terms of the GNU General Public License. We see open source as a vital prerequisite for any security-critical software product. For that reason, KeePassXC is and always will be free as in freedom (and in beer). Contributions by everyone are welcome!
Deleted Comment
I can finally give this a shot without having to use the weird custom AES-based KDF Keepass used to use. Awesome.
Congrats on the release.
Does anyone knows where is the specification for KDBX 4.0?
EDIT: Found it — https://github.com/keepassxreboot/keepassxc-specs
https://keepass.info/help/kb/kdbx_4.html
Code for the old KDF is here if anyone's interested: https://github.com/keepassxreboot/keepassxc/blob/7a55ab64d83...