KeePass Password Safe might be the best solution for an open-source, free password manager, but that doesn’t mean it’s perfect.
Luckily, as with many open-source apps, a slew of add-on tools makes KeePass more powerful and customizable than most competing products.
Creating your personalized application
In the Jan. 9 Best Software article, “Why and how to use an open-source password manager,” I discussed the basics of password managers and why I think an open-source product such as KeePass Password Safe 2.24 is the best option.
KeePass, like any good password manager, can keep track of your sign-in credentials, create new passwords that will take centuries to crack, and store all of that information where no one else can get at it. But KeePass isn’t perfect — at least not the version you initially download and install. It doesn’t, for instance, integrate well with common browsers (unless, of course, you consider Windows’ clipboard a form of seamless integration). And though KeePass runs fine on a Windows machine, it won’t help you on phones and tablets running Android or iOS.
But true to its open-source roots, KeePass does accept third-party plugins, making it relatively easy for developers to build add-on applets that enhance and customize the base application. You’ll find an entire host of useful and interesting add-ons on the KeePass Plugins and Extensions webpage.
Keep in mind that anyone with some coding skills can make and post KeePass plugins. So it should be no surprise that some of the password manager’s enhancements don’t work well — or make sense. For example, you don’t really need a separate tool for backing up your password database; it’ll get saved with the rest of your data when you run your regular backup routine.
That said, here are four free KeePass enhancers that do work — and also fix some of the password manager’s initial deficiencies. The first two let you integrate KeePass with Google Chrome and Firefox. (I haven’t found an Internet Explorer solution worth recommending.) The other two let you access your passwords from a smartphone or tablet.
KeePass and browsers: Just getting along
Many people store their passwords in their browser. It’s convenient — the browser automatically fills in your security credentials — but it can also be risky. Browser-stored passwords are notoriously easy to hack. You’re also vulnerable if you tend to leave your browser up and running for long periods of time.
Non-browser-based password managers provide much better password security, but they can be far less convenient. KeePass, for example, requires that you enter its master password, find a website’s entry within the program, click the button that opens the associated webpage in your browser, click the site’s username field, and then tell KeePass to autotype the sign-in information.
Fortunately, add-ons such as chromeIPass and KeeFox make signing in to sites faster and easier. You still have to open KeePass and enter the passwords — there really is no other way to be truly safe — but once you’ve done that, signing in is almost as convenient as using a browser’s automated password-entry system.
These aren’t perfect solutions. You’re bound to come upon sites that just don’t work with apps such as chromeIPass and KeeFox. In those instances, you’ll have to enter your username and password manually. But if that happens with, say, two out of 10 websites, it’ll still make the task of securely signing in to sites with unique passwords much easier.
(Note: To avoid potential conflicts between password managers, consider turning off your browser’s built-in password-saver before setting up and using these KeePass plugins. In Chrome, go to chrome://settings/ and then scroll down to the Show advanced settings link. Click it, scroll down to Passwords and forms, and deselect Offer to save passwords I enter on the Web. In Firefox, select Tools/Options/Security; in the Passwords section, deselect Remember passwords for sites.)
ChromeIPass: Connecting KeePass to Chrome
Perry Nguyen’s chromeIPass makes Chrome and KeePass work together — at times, to the point of complete transparency. Once the plugin is set up, simply go to a site’s sign-in page; your username and password are then automatically entered — usually.
On some sites, signing in with chromeIPass requires clicking a few buttons and fields. On other sites, it doesn’t work at all (but that’s typically the case with all password-manager automation functions).
Before you can run chromeIPass, you have to download and install the KeePassHttp plugin (site). Save the downloaded file to your KeePass program folder — probably C:\Program Files \KeePass Password Safe 2 or C:\Program Files (x86)\KeePass Password Safe 2. If KeePass is running, close the program and open it again.
That’s how you install most KeePass plugins — but not Chrome extensions such as chromeIPass. Instead, go to the app’s Google webstore page, click the big Free button in the page’s upper-right corner, and then confirm your choice.
You’ll now have a KeePass logo in the upper-right corner of your Chrome window. The first time you click it, you might be told that you need to configure it. Just press the Connect button and then, in the dialog box that opens, enter any text string into the Key name field.
After that, signing in will usually be easy. Again, when you go to a site’s sign-in page, more often than not the username and password will fill in automatically (assuming that KeePass is open, of course). If it doesn’t work properly, click the KeePass icon in the browser, then click Choose own credential fields for this page (Figure 1). An overlay page will help you tell chromeIPass where to fill in the blanks (Figure 2).
Figure 1. The Choose own credential fields for this page button lets you define a website's sign-in fields for KeePass.
Figure 2. ChromeIPass steps you through sign-in field selection.
Occasionally, you’ll find a page that simply won’t work with chromeIPass — but not often.
KeeFox: Simple KeePass/Firefox integration
There’s a chromeIPass work-alike add-on for Firefox called PassIFox (site). It even requires KeePassHttp.
But I think Firefox users have better options for KeePass integration. My favorite tool is Luckyrat’s KeeFox (info). KeePassHttp is not required.
On Mozilla’s KeeFox download page, click the big Add to Firefox button and then click Install Now. After you’ve shut down and restarted Firefox, you’ll find yourself at a KeeFox tutorial website. Don’t worry about it. This program is so simple you don’t need a tutorial. You might also see a request to set up KeeFox. Simply press the big Setup button. You should be done.
KeeFox adds another toolbar to Firefox. If KeePass is closed, you won’t find much there, but if you click the Logged Out button, it will open KeePass and let you enter your password. And once you’ve done that, the Logins menu comes alive. (Initially, you might see a popup bar in Firefox with a Load my password database … button. That should go away once KeeFox is fully set up.)
The Logins menu (shown in Figure 3) provides access to your KeePass categories and items — although it’s limited to those with an entry in the URL field. Select one, and Firefox goes to the appropriate page and fills in the required sign-in credentials. (The URL in KeePass must point to the sign-in page, not the homepage, if they are different.)
Figure 3. In Firefox, the KeeFox add-on makes it quick and easy to access KeePass-stored sign-in credentials.
You don’t have to use those menus. As with ChromeIPass, KeePass often fills in your credentials automatically when you go to the sign-in page.
Another nice touch with KeeFox: You can right-click an item in the Logins menu and select Edit login to open the KeePass entry dialog box.
KeePass for Android and iOS: Passwords on the go
You’re not always at your computer when you need your passwords. If you carry a tablet or smartphone, you’ll want your passwords there as well.
KeePass doesn’t directly support either Android or iOS. But thanks to the program’s open source code, you can find plenty of KeePass-compatible apps for both platforms.
However, with these mobile apps, your password database file will live in two or more devices. Obviously, you’ll want keep them synched. You can solve this problem with a cloud-based storage service such as Dropbox or SkyDrive. When you change a password on one device, it will sync with the others.
Unfortunately, these tools don’t sync as transparently in Android or iOS as they do in Windows. For instance, on both my Windows PCs, all files in my Dropbox folder are always up to date — it just happens automatically. But on my iPad and my Android phone, I must open Dropbox on each device and wait for changed files to upload and download. That’s just asking for trouble when changing an important file on multiple devices.
The solution: Use a KeePass-compatible app that directly supports Dropbox (or your preferred storage service). That way, the app keeps your password database in sync.
Keepass2Android: Up-to-date passwords everywhere
For Android use, I recommend Philipp Crocoll’s Keepass2Android (Google play store page). It’s safe, it works, and it has some extras.
For instance, the app integrates with Chrome. When you’re at a sign-in page in your browser, you can tap the menu, select Share, then select Keepass2Android. After you enter the KeePass password, you’ll be asked to change your input method to Keepass2Android. This adds to the keyboard an icon for pasting in the right information (see Figure 4).
Figure 4. Keepass2Android added to the Android keyboard
You can also use Android’s standard copy-and-paste function, although Keepass2Android doesn’t offer a Copy Password button to make that chore easy. But if you’re comfortable with Android, you’ll know how to copy a password. (Tap the eye icon near the top of the screen so you can see the password; then tap and hold the entry’s password until it becomes selected. Tap the copy icon in the upper-right corner.)
Keepass2Android fully supports Dropbox, Google Drive, and SkyDrive — and does so transparently. The app downloads your database file when you open it and uploads it again automatically when you alter it. Your passwords will remain synched across all your devices.
Keepass2Android contains one convenient feature you probably shouldn’t use: QuickUnlock. This option lets you open the password database with only three letters from your master password. That might make it quicker to open your password vault, but it also makes it easier for someone to break in. I recommend leaving this option unchecked.
MiniKeePass: The best of a disappointing iOS lot
I wish I could recommend an iPhone/iPad/KeePass-compatible app that syncs flawlessly with your cloud storage service. Oh, there are plenty of KeePass-compatible apps that claim to support Dropbox and its competitors. But when you look at them, there always seems to be a problem. Either they don’t really synchronize, or they have some other, serious flaw — such as not supporting KeePass 2.x files.
So I’m reluctantly recommending Flush Software’s MiniKeePass (no pun intended — at least on my part — with the company name). Why? It’s simple, easy, and free — and it works.
And it sort of works with Dropbox. You can open your Dropbox app, select your password database file, and tell Dropbox to open it in MiniKeePass (see Figure 5). This will download the file into MiniKeePass’s own local storage space. But if you add or alter something, your changes will be saved only locally.
Figure 5. Opening the MiniKeePass vault in iOS Dropbox
I handle this shortcoming by pretending that MiniKeePass is read-only. I download the most up-to-date file to MiniKeePass, but I never make password changes within the app. That way, I don’t have to worry about the databases getting out of sync.
Otherwise, this is a simple, workable password manager for iOS devices. Just tap and hold on an entry’s username or password to copy it to the clipboard.
An elusive goal: security with ease of use: When it comes to maintaining passwords, there are no perfect solutions. How can there be? Anything that makes it too easy will make it less secure. But KeePass, mixed with the right supporting programs, can give you the right balance.