I feel like passwords can be way too sensitive to entrust to a third party. Even if you can verify that it is secure, you could still find yourself in a jam if their service goes down or is otherwise inaccessible.
You don't have to worry about any of this with a KeePass database. You just have to deal with the very mild inconvenience of keeping your database synchronized across devices.
> You just have to deal with the very mild inconvenience of keeping your database synchronized across devices.
Which is pretty easy with SyncThing. Other services like Dropbox are also fine if you have a sufficiently high entropy password. The danger isn't in the "online", but a third party being able to decrypt your passwords.
"Other services like Dropbox are also fine if you have a sufficiently high entropy password"
That's why you add that binary key file to the mix that you liberally distribute to all your devices. But that you carefully keep far off your sync platform. The danger of a weak password is when a device falls into the wrong hands, a compromised sync platform is much less of a concern (if the file is in the mix).
I haven't touched KeePass in a while(especially since it always had its quirks outside of Windows, being .NET), but KeePassXC which started as a merger of all the various patches to KeepassX(the QT implementation), has been very active. It has a more secure browser integration than the original had, although it's worth noting that nothing ever came close to the accuracy of 1Password when it comes to website quirk integration[1]. There's also TouchID, OTP, better encryption and Yubikey integration of the top of my list.
I'd suggest using it in conjunction with Keepass2Android and KyPass(on iOS, someone mentioned Strongbox), although the Keepass2Android syncs and merges properly and the iOS does not.
Yes, if you can keep your password local it's still the best option.
Sadly, once your use case becomes complicated and you need to share between devices, and potentially have partial sharing between people (e.g. your spouse, your parents etc.), it becomes a nightmare to manage. In particular trying to explain how sync is supposed to work with a third party on iOS is just pain.
I'm eyeing at self-hosted BitWarden instances, but then I kinda fear to someday be the one shooting myself in the foot and nuking everyone's literally life critical credentials...
> you could still find yourself in a jam if their service goes down
This is true for many password managers that sync with the cloud. I use 1Password and I've made sure that I install apps on at least a couple of devices because the apps a local copy of the password data that can be accessed offline.
I've done that with another password manager that I used in the past too.
I used KeePass in the past and would likely still be using it if I didn't get 1Password free (free family account if your employer has a business account) and if I didn't need to have secure sharing with my wife.
Let me know if you know of a secure, convenient way to share password entries with another person using KeepPass that doesn't involve you sharing the your whole password database. I know you can have yet another password database that only contains shared records... but that definitely fails the convenience factor.
I use a combination of a local only solution for the "master list" of passwords that I backup to cloud storage (which is not synced to my phone) in conjunction with the saved passwords & sync capabilities of Firefox for accessing it on my phone. Occasionally I'll be in a position where I'm on my phone and Firefox doesn't happen to have my latest password saved, so I just initiate a password reset for whatever that service is, set it to a new password, and then circle back later when I'm back on my machine to update my local only storage solution. It's not the most streamlined and user friendly, but it works well enough.
As mentioned throughout this thread, Syncthing can seamlessly sync between Android phones and Windows/Linux hosts. There are apps for iOS as well, but they can be a bit more finicky due to Apple's app sandbox implementation.
This, very much so. I use KeepassXC (Strongbox on iOS) with Seafile to sync the database files. It's only gotten better over the years, and I'd rather see my donation money go directly to the developers than get slurped up into some SaaS that doesn't care about me or security anyway.
Does your sync setup work in realtime in the background? Earlier this year I was evaluating iOS devices and a showstopper was the apparent inability to have keepass database updates push-synced: the closest I got was a scheduled copy of the file at a given time daily, but my nightmare was making a change on one device, needing that change on the iOS device, having it not be there, and not having network to go fetch it. It'd be neat if you've got a way to make this work more like Syncthing on Android.
No, that's a limitation in the setup but it's something I am willing to live with. I can make edits on my computer and "pull" them onto my phone, but not the other way around.
However I think this is a limitation of the app itself more than a limitation of the system in principle. As far as I can tell, the developer decided to only support a couple of the most popular cloud sync platforms. Maybe guess there is no consistent API for that sort of thing in iOS.
I feel like passwords can be way too sensitive to entrust to a third party. Even if you can verify that it is secure, you could still find yourself in a jam if their service goes down or is otherwise inaccessible.
You don't have to worry about any of this with a KeePass database. You just have to deal with the very mild inconvenience of keeping your database synchronized across devices.