KeePassXC for Beginners

Why it’s a good idea to use unique passwords

I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. But hackers also know this.

Enter password managers

Password managers make it easy to remember a single password, and still have long, unique passwords on all of your accounts. How is this possible? You use just one password to unlock your secure password “vault.” From your vault, you can quickly fill out login forms on all of your devices.

What is KeePassXC?

KeePassXC is a free and open source password manager, based on the official build of a piece of software called KeePass, for Windows. In practice, KeePass isn’t really one application — it’s more like an ecosystem of compatible software created by open source developers. KeePassXC is one of the friendliest versions of KeePass under active development.

Get KeePass for all of the devices you want to use

KeePassXC can be downloaded for desktop operating systems, while mobile devices can use interoperable versions of KeePass. Download it for the devices you want to use.

Create your KeePass database

After you’ve installed KeePassXC, open it up on your computer. The very first thing you’ll need to do is create your password vault, or a password database. Click “Create new database” to continue.

A screenshot of an empty KeePassXC password vault.

Sync across devices

If you want to sync your passwords across all of your devices, you will need to put your password database on a service, such as Google Drive, Dropbox, or a tool of your choice. You will need to download sync software on all of the devices you want to use.

Animation of a user dragging the KeePassXC database file into Dropbox, as an example sync service.

Plug KeePass into your browser

You can manually copy and paste logins from your password database into your online forms, but browser extensions would allow you to fill out forms automatically.

Animation of a user choosing their preference for browser integrations within their KeePassXC settings.
KeePassKC browser integration permission screen. The user clicks on their browser extension’s “new key association request” screen, clicks “Connect,” types on their password, and clicks on “Save and allow access.”

Begin adding logins to your database

Click the icon with the key highlighted in green. Under “Title” at the top, give the website a label, and then enter the login credentials for the website. Notice that you can also generate passwords from this page. KeePassXC will create a random password using whatever length and characters you like.

A user customizing a random password in KeePassXC’s password generator.
A user auto-filling their passwords using the KeePassXC browser extension, which overlays previously saved passwords on the login field.

Changing passwords

You can use KeePassXC to save your existing passwords and automatically fill them out. But the real benefit of password managers is to allow you to generate long, randomized passwords that you don’t need to remember. Consider changing passwords on the websites you visit most often, and updating them in KeePassXC. Be sure to use the application to randomize your passwords when possible.

The main downsides of KeePassXC

Once you’ve set up KeePassXC, it can also be very annoying to log in without it (e.g., if you want to log in on your friend’s computer). If you know you’re going to frequently use a password on a computer that does not have your password manager information, you may want to commit the password to memory rather than randomizing it.

You’re caught up!

Now you’re caught up with KeePassXC. I hope this has been helpful! If you have any questions, feel free to reach out here, or on Twitter at @mshelton. I’ve also written two separate guides on 1Password and Bitwarden, for those who are looking for alternatives.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Martin Shelton

Martin Shelton

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training