KeePass is a free, open-source password manager that helps you securely manage your passwords. You can store all your passwords in a single database, secured with either a master key or a key file. This way, you only need to remember one master password or select the key file to unlock the entire database.
The databases are encrypted using industry-leading, highly secure encryption algorithms. A password database is stored in a single file, making it easy to transfer from one computer to another.
KeePass encrypts its password databases using the Advanced Encryption Standard (AES, based on the Rijndael algorithm) and the Twofish algorithm.
Both of these ciphers are considered highly secure. For example, AES became a U.S. federal government standard and was approved by the National Security Agency (NSA) for securing top-secret information.
KeePass All Features
KeePass uses the common CSV export format used by various password managers, such as Password Keeper and Password Agent. Exports from these programs might be imported into your KeePass databases. The password list can be exported to various formats like TXT, HTML, XML, and CSV.
The application has a portable edition: you may carry it on a USB stick and run it on Windows systems without installation.
Strong Security
- The app uses the Advanced Encryption Standard (AES, based on Rijndael) and the Twofish algorithm for encrypting its password databases. Both ciphers are considered highly secure. For example, AES became a U.S. federal government standard and is approved by the National Security Agency (NSA) for encrypting top-secret information.
- The entire database is encrypted, not just password fields. This means your usernames, notes, and all other data remain securely protected.
- SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically safe one-way hash function. No assaults are recognized but towards SHA-256. The output is remodeled using a key derivation function.
- To significantly bolster security against dictionary and guessing attacks, we implement a powerful key derivation function (KDF), such as AES-KDF or Argon2, to transform the master key component hash. This critical process makes unauthorized access to your data exceptionally difficult, even for sophisticated threats.
- Process memory protection: your passwords are encrypted while KeePass is running, so even when the operating system dumps the KeePass process to disk, your passwords aren’t revealed.
- [2.x] Protected in-memory streams: passwords are encrypted using a session key when loading the internal XML format.
- Security-enhanced password edit controls: KeePass is the primary password manager with security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren’t even visible in the process memory of KeePass.
- The master key dialog can be shown on a secure desktop, where almost no keylogger can operate. Auto-Type can also be protected against keyloggers.
Changes in KeePass 2.60 Professional :
New Features:
- Added option ‘Search for group paths in quick searches’ (in ‘Tools’ → ‘Options’ → tab ‘Interface (1)’, turned on by default).
- Added optional main entry list columns ‘Group Path’ and ‘Group Name’ (both turned off by default, can be turned on in ‘View’ → ‘Configure Columns’).
- In list views that support selecting multiple items, all items can now be selected by pressing Ctrl+A.
- In list views that have a corresponding ‘Delete’ button, the selected items can now alternatively be deleted by pressing the Delete key.
- Added empty state messages for list views.
- The placeholder confirmation dialog now contains links to the help pages on placeholders and security.
- When the global auto-type hotkey is Ctrl+Alt+A and the new French Standard AZERTY keyboard layout from Windows 11 24H2 is in use, KeePass displays a warning that the shortcut conflicts with a system key that generates a character, along with instructions on how to change it.
- Added ‘More information’ link in the Ctrl+Alt+A conflict warning dialog.
- The clipboard clearing countdown bar now includes a tooltip displaying the number of seconds left.
- When the optimization for screen readers is active, the clipboard clearing countdown bar is now an alert.
- When the optimization for screen readers is active, quality progress bars can now be focused (using the Tab key).
- Added support for importing Mozilla Firefox 143 passwords CSV files.
- Bitwarden JSON import: if the value of a ‘totp’ field consists only of Base32 characters, it is now treated as a shared secret for time-based one-time password generation.
- Added support for parsing Unix timestamps in milliseconds.
- Added workaround for focus bug after returning from a secure desktop.
- ShInstUtil is now built using Visual Studio 2022.
- ShInstUtil: added support for generating native ARM64 images (NGen) on ARM64 systems.
- When using the MSI file for installing KeePass, native images (NGen) are now generated, and the start-up performance is optimized (as the regular installer does by default).
Improvements:
- It is now possible to select an item in the drop-down list of the quick search box using the keyboard (the quick search box can be focused by pressing Ctrl+E, and the drop-down list can be opened by pressing Alt+↓).
- Disabled auto-completion of the quick search box (because the auto-completion causes a bug when trying to search for a new text while the drop-down list is being displayed).
- The commands ‘Show HMAC-Based OTP’ and ‘Show Time-Based OTP’ now display the generated OTP with a larger font (on Windows Vista and later).
- To resolve selection and Ctrl+A problems, the entry name auto-completion now stops appending suggestions and displays a list for manual selection.
- In the entropy collection dialog, the number of bits generated using the mouse is now displayed on the quality progress bar.
- The value of a ‘File/URL’ or ‘Key file’ field of a trigger event/condition/action may now optionally be enclosed in double quotation marks.
- When shutting down the system, KeePass now saves the configuration immediately.
- Improved parsing of floating-point numbers in some places.
- When the Windows user account is selected as part of the master key and KeePass cannot decrypt the ‘ProtectedUserKey.bin’ file, it now shows an error message and avoids overwriting the file.
- Improved handling of unsupported custom icons.
- Improved handling of invalid handle values.
- Improved plugin loading error messages.
- Improved native structure tests.
- ShInstUtil: improved command line handling.
- ShInstUtil: improved uninstallation of native images (NGen).
- ShInstUtil: improved .NET check.
- Upgraded installer.
- MSI setup: Shortcuts that users created themselves, including Start menu and taskbar pins, should remain functional when updating from KeePass 2.60.
- Various code optimizations.
- Minor other improvements.
Changes in KeePass 1.43 Classic:
New Features:
- Added option ‘Prevent certain screen captures’ (in ‘Tools’ → ‘Options’ → tab ‘Advanced’, turned off by default); note that this may also prevent legitimate other software (remote desktop solutions, accessibility tools such as screen magnifiers, etc.) from seeing KeePass windows.
- Added {PASSWORD_ENC} placeholder, which is replaced by the password of the current entry in encrypted form (DPAPI/CryptProtectData).
- Added ‘-pw-enc:‘ command line parameter.
Improvements:
- Improved database save confirmation dialog text.
- Improved behavior of the translation system for untranslatable strings.
- Improved project cleanup script.
- Upgraded installer.
- Various UI text improvements.
- Various code optimizations.
- Minor other improvements.
Bugfixes:
- Fixed a Windows version detection bug.
Supported Operating Systems: Windows 7, 8, 8.1, 10, 11 (32-bit, 64-bit).
