Open in app

Sign in

Write

Sign in

KeePassXC for Beginners

Martin Shelton
7 min readOct 6, 2016

Passwords are often the only thing standing between a hacker and your online accounts. This guide will introduce you to using KeePassXC to create strong, unique passwords. As a bonus, we’ll show how password managers can also help you save time when filling out login screens and online forms. It’s an easy way to make browsing the web easier, faster, and more secure.

Why it’s a good idea to use unique passwords

I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. But hackers also know this.

If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. The number of massive data breaches keeps growing by the day.

Imagine if an attacker used your single, easy-to-remember password to access your health care records, your home address, credit card numbers, or your social security number. To minimize the damage from a breach, you should use unique passwords on each account. But it can be a challenge to remember each password.

Enter password managers

Password managers make it easy to remember a single password, and still have long, unique passwords on all of your accounts. How is this possible? You use just one password to unlock your secure password “vault.” From your vault, you can quickly fill out login forms on all of your devices.

A few password managers are usually recommended by security specialists, including Bitwarden, KeePassXC, and 1Password.

What is KeePassXC?

KeePassXC is a free and open source password manager, based on the official build of a piece of software called KeePass, for Windows. In practice, KeePass isn’t really one application — it’s more like an ecosystem of compatible software created by open source developers. KeePassXC is one of the friendliest versions of KeePass under active development.

It’s got some great security options not seen elsewhere, and can be found on most platforms and browsers. KeePassXC isn’t quite as pretty as 1Password or Bitwarden, but it does its job well.

Get KeePass for all of the devices you want to use

KeePassXC can be downloaded for desktop operating systems, while mobile devices can use interoperable versions of KeePass. Download it for the devices you want to use.

Windows, Mac, and Linux users: Download KeePassXC here.

Android users, consider KeePass2Android.
iPhone users, consider Strongbox.

Create your KeePass database

After you’ve installed KeePassXC, open it up on your computer. The very first thing you’ll need to do is create your password vault, or a password database. Click “Create new database” to continue.

Next you’ll create the master password that unlocks your password database. This is the only password that you need to remember. It needs to be a *really* good one, so it’s much more difficult to guess.

Consider using a long password with upper- and lower-cased letters, numbers, and symbols. Alternatively, use a passphrase — a phrase that only you are likely to remember. Unusual passphrases can help to make them more memorable. Take national security whistleblower, Edward Snowden’s example: “Margaret Thatcher is 110% sexy.” It’s long, has upper- and lower-cased letters, numbers, symbols, and spaces. And it’s hard to forget. The more random your passphrase is, the better.

After choosing your master password, you need to make a decision: do you want to use a key file?

A key file is an additional file that will be required, along with the password, to unlock your database. This can be a very powerful defense if a remote hacker manages to get access to your database. Key files can be inconvenient, because you will regularly be asked to find your key file before you can access your passwords. If you create a key file, be careful to keep it in a safe place where you can access it on each device.

Save your database somewhere convenient, because you’re going to want to find it so that you can have it automatically update on all of your devices. When you open the database in your desktop application it will look something like this.

A screenshot of an empty KeePassXC password vault.

Sync across devices

If you want to sync your passwords across all of your devices, you will need to put your password database on a service, such as Google Drive, Dropbox, or a tool of your choice. You will need to download sync software on all of the devices you want to use.

Sign up and download Google Drive here.
Sign up and download Dropbox here.

Log into your app on all of the devices you want to use. Find and open the folder for your new sync app. By default, those are found here:

Google Drive
Windows: C:/Users/username/Google Drive
Mac: /Users/username/Google Drive
Linux: /Users/username/Google Drive

Dropbox
Windows: C:/Users/username/Dropbox
Mac: /Users/username/Dropbox
Linux: /Users/username/Dropbox

Animation of a user dragging the KeePassXC database file into Dropbox, as an example sync service.

Move the database over to the sync application of your choice. It will update across all of your devices automatically. Don’t forget to have your mobile device use the new location for your database as well.

Plug KeePass into your browser

You can manually copy and paste logins from your password database into your online forms, but browser extensions would allow you to fill out forms automatically.

Download the browser integration for Google Chrome or Firefox. A small handful of other browsers are supported as well.

Because KeePass represents a large ecosystem of applications, each is slightly different, but the idea behind each browser extension is similar. Let’s walk through one example using the KeePassXC integration for Google Chrome.

You’ll need to import your database so the browser extension will recognize it. First, to allow KeePassXC to share files with the browser extension, open the app and change your settings:

Mac & Linux users: Preferences > Browser Integration > Enable KeePassXC browser integration
Windows users: Tools > Settings > Browser Integration > Enable KeePassXC browser integration

From here you can choose your browser.

Animation of a user choosing their preference for browser integrations within their KeePassXC settings.

Click on the KeePassXC integration icon in your browser, usually next to your search bar. From here, click “Connect” and add a name for the connection between your browser and KeePassXC.

KeePassKC browser integration permission screen. The user clicks on their browser extension’s “new key association request” screen, clicks “Connect,” types on their password, and clicks on “Save and allow access.”

Now you can access your passwords from your browser.

Begin adding logins to your database

Click the icon with the key highlighted in green. Under “Title” at the top, give the website a label, and then enter the login credentials for the website. Notice that you can also generate passwords from this page. KeePassXC will create a random password using whatever length and characters you like.

Enter the URL for the website you want to access. After you’re done, click “OK” at the bottom.

A user customizing a random password in KeePassXC’s password generator.

KeePassXC will automatically update your password database in your browser.

From now on, you can automatically fill out websites you’ve added to your database by right-clicking on the login field, or by using keyboard shortcuts:

Windows users: Alt-shift-U
Mac users: Ctrl-shift-U
Linux users: Ctrl-shift-U

A user auto-filling their passwords using the KeePassXC browser extension, which overlays previously saved passwords on the login field.

Changing passwords

You can use KeePassXC to save your existing passwords and automatically fill them out. But the real benefit of password managers is to allow you to generate long, randomized passwords that you don’t need to remember. Consider changing passwords on the websites you visit most often, and updating them in KeePassXC. Be sure to use the application to randomize your passwords when possible.

The main downsides of KeePassXC

Once you’ve set up KeePassXC, it can also be very annoying to log in without it (e.g., if you want to log in on your friend’s computer). If you know you’re going to frequently use a password on a computer that does not have your password manager information, you may want to commit the password to memory rather than randomizing it.

You’re caught up!

Now you’re caught up with KeePassXC. I hope this has been helpful! If you have any questions, feel free to reach out here, or on Twitter at @mshelton. I’ve also written two separate guides on 1Password and Bitwarden, for those who are looking for alternatives.

Edit: Changed much of the article to include more well-supported KeePass applications, including KeePassXC, Strongbox, and KeePass2Android.

Last updated March 8, 2021.

Security
Passwords
Privacy
Authentication
Open Source

--

--

Martin Shelton

Written by Martin Shelton

1.6K Followers

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams