this post was submitted on 20 Mar 2025
35 points (100.0% liked)
Ask
395 readers
67 users here now
Rules
- Be nice
- Posts must be legitimate questions (no rage bait or sea lioning)
- No spam
- NSFW allowed if tagged
- No politics
- For support questions, please go to [email protected]
founded 3 weeks ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
KeePass2 as a pasword manager. Less convenient than online, but so much safer, there's also Kee, a browser extensions that connects to the database locally and autofill passwords in sites
Keepassxc
It's not bad, but there aren't all the useful addons that keepass has
I actually hadn't realised keepass was still maintained.
I had a quick look and it seems keepass is a .net thing while keepassxc is cross platform.
What plugins do you use? Xc does everything I need.
Mainly otp generation (which I believe XC implements natively), ssh key agent, to lock ssh private keys inside databases and the Kee integration for browser completion from the database.
Then other small things I have just for fun, like generating QR code from some secrets because certain apps only take the secret as a qr code and plugins to generate passphrases
Hmm, all of that is available with xc. Even QR codes.
If's been a while I haven't used xc, I will look into it and see if that works for me. The only real benefit of xc compared to keepass is hidpi support because it doesn't use Mono on linux
What are the advantages over saving the passwords directly in the browser, or using a paid service?
What is more conveniente for a hacker? Finding a vulnerability in Last pass, accesding millions of users and possibily billions of passwords, or trying to get your keepass database file that at best contain a thousand passwords? Not relying on an external service grants you protection just on that. Also offline databases don't carry passwords over the net, so one must steal files from your computer or physically access it
I would say your attack surface area is reduced. Last pass and bitwarden are huge targets for state sponsored cyber attacks.
Also no lock in. I use the same password db with multiple browsers simultaneously.
There is no paid tier. All features available. Storing SSH keys for example.
I use my db to store all sorts of information, not just passwords. For example, I need to manage heaps of physical keys. I stamp them with a serial like k23 and store details about the key in my db.
Keepassxc also does TOTP. Some aren't into that which is fine but I don't see any benefit in using a separate app.
If stored in a browser, your passwords become very obvious targets for stealer malware (the stuff that does account takeovers). Using keepass or other similar software won't make it impossible for malware to get them, but the likelihood malware will target it is significantly lower.
Paid services put your passwords in the hands of the service. In the case of a data breach (see LastPass), all your passwords will get out.
Note: Password manager services should encrypt your data such that a data breach does not instantly pwn every single account of every single customer. However it is not possible for you as the customer to know until they get breached.
Note 2: When storing your passwords in the browser, they may also end up stored in Google or Mozilla's (and so on) servers, resulting in the worst of both worlds for security: Passwords are in a well-known location on your PC and a well-known location on the internet.