October 1, 2023 update: PCWorld ran a long article praising KeePassXC: “KeePassXC: The friendlier free offline password manager”

My neighborhood held a fun block party last night. While chatting, a neighbor said something like, “God forbid someone gets ahold of my password because I use the same password on every website.”

I immediately thought:

  1. This is a disaster waiting to happen; I must tell him about KeePassXC; and,
  2. There must be MILLIONS of people just like my neighbor who find it too hard to remember or record hundreds of passwords, so they just reuse the same password everywhere (or use a pattern that slightly tweaks their password across websites).

For years, I’ve happily relied on KeePassXC to record passwords and other information for the hundreds of accounts I’ve created. KeePassXC provides many benefits:

  • It’s FREE!
  • It respects your privacy: “Let KeePassXC safely store your passwords and auto-fill them into your favorite apps, so you can forget all about them. We do the heavy lifting in a no-nonsense, ad-free, tracker-free, and cloud-free manner. Free and open source.”
  • It’s cross-platform, runnable on Windows, Mac, and Linux
  • You can use a different password on every website but just remember ONE password… your KeePassXC password. Once you open KeePassXC, you can easily copy any website password with a click of your mouse and paste it into the website you wish to log into.
  • It’s trustworthy: It’s open-source software with a very impressive 16,900 stars on Github. No software is guaranteed to be safe, but popular open-source software is generally safer than proprietary/closed-source software (which relies on its developers to not include dangerous code and to prevent & detect bugs and security holes) or unpopular open-source software (which has few people looking over its code to ensure it’s not dangerous).
  • It saves your passwords in an encrypted file that you can safely make backup copies of and copy to other computers, even computers in the cloud, because others should not be able to break its encryption without your password. (That said, I’m slightly worried by a relatively recent feature which allows opening KeePassXC with your fingerprint, rather than your password, because fingerprints are potentially stealable. I still worry because Disney got a copy of my fingerprint when my family visited Disney World years ago. I’m still furious they refused to let me enter the park without taking my fingerprint!)
  • You can securely store “usernames, …URLs, attachments, and notes” as well as passwords

If you don’t have a good system for recording your passwords, I strongly encourage you to try KeePassXC.

KeePassXC provides a Getting Started Guide and a User Guide, though I’ve found it so intuitive and usable that I’ve never looked at either guide.

If you use the same password (or similar passwords) for many accounts and give KeePassXC a whirl, I recommend you start by changing your most critical accounts’ passwords first. Ask yourself, which accounts could cause the most damage if someone got into them? Bank accounts, frequently used social media accounts, work-related accounts, etc.

And don’t forget to periodically back up your KeePassXC file to at least one other computer. Ideally, you would keep at least one copy of your file in another physical location, perhaps in Drobpox or something, so that if your home burned down you could still access all your passwords.

Finally, while it’s wonderfully kind of the open-source software developers who created and continue to improve KeePassXC to give it away for free, please consider sending them some financial appreciation if you find their software benefits you and you can afford to. Many open-source software developers receive no salary or income for their work, despite their software being extremely valuable to users.

My thanks to Max Bender for his photo on Unsplash