FOSS Software Review: KeePassXC
Using a password manager is a very effective way to improve your security online. I recently looked at most of the options available for Linux. I wanted to write a small review of KeePassXC which is what I chose in the end. This project doesn't seem to make it on most of the "Linux Password Manger" lists online, so I hope this will help inform the Linux community about their possibilities.
If you're running Linux, there are a number of password managers available. To start with, here were my criteria:
- Linux support
- Free open-source software
- Offline
- Support for security keys (in my case a YubiKey)
The two password managers fulfilling most of these points are Password Gorrilla and KeePassX. Both have Linux support, are open-source, and are not cloud based. They both fall short because they don't support security keys. In addition, neither of these projects are under active development(which might explain the lack of key support).
KeePassXC is a fork of KeePassX, and it's also under active development. The team has been very busy, as we can see from a number of new features listed on their project page:
- Auto-Type on all three major platforms (Linux, Windows, macOS)
- Twofish encryption
- YubiKey challenge-response support
- TOTP generation
- CSV import
- Command line interface
- DEP and ASLR hardening
- Stand-alone password and passphrase generator
- Password strength meter
- Using website favicons as entry icons
- Merging of databases
- Automatic reload when the database was changed externally
- KeePassHTTP support for use with PassIFox in Mozilla Firefox, chromeIPass in Google Chrome and Chromium and passafari in Safari.
- Many bug fixes
I have not had any issues with KeePassXC and it has fulfilled all of my original criteria listed above. It has a lot of available features, yet doesn't seem cluttered and retains simplicity in most use cases. For now, it appears to be a leader in offline password managers with Linux support. I've been impressed so far, and I hope that it will experience some more exposure.
KeePassXC runs on Linux, macOS, and Windows. They have prebuilt packages for Fedora, OpenSUSE, Arch, Debian, Ubuntu, Gentoo, and CentOS. Of course, the source is available if you would rather build it yourself or if your distribution doens't have a package.
Here are some screenshots for your viewing pleasure.
Initial welcome screen on first run
Adding a new entry to the database
Listing all the entries in the database
Sources:
KeePassXC logo is from the project's git repository.
Screenshots were taken by me during my review.
Thanks for this feature. My question is how do we can really measure the security protection of a password manager in the world of software where there is always an issue of bug later on that sometimes used by hackers themselves?