KeePass 2.61 / 1.43 Classic – Free Password Manager

Secure password manager that protects credentials with encryption, safe storage, and strong privacy.

2026-03-05

442

To request this update, you need to login first.

KeePass - Security tool window displaying password groups, notes, and strong protection

KeePass is a free, open-source password manager that helps you securely manage your passwords. You can store all your passwords in a single database, secured with either a master key or a key file. This way, you only need to remember one master password or select the key file to unlock the entire database.

The databases are encrypted using industry-leading, highly secure encryption algorithms. A password database is stored in a single file, making it easy to transfer from one computer to another.

KeePass encrypts its password databases using the Advanced Encryption Standard (AES, based on the Rijndael algorithm) and the Twofish algorithm.

Both of these ciphers are considered highly secure. For example, AES became a U.S. federal government standard and was approved by the National Security Agency (NSA) for securing top-secret information.

KeePass All Features

KeePass uses the common CSV export format used by various password managers, such as Password Keeper and Password Agent. Exports from these programs might be imported into your KeePass databases. The password list can be exported to various formats like TXT, HTML, XML, and CSV.

The application has a portable edition: you may carry it on a USB stick and run it on Windows systems without installation.

Strong Security

The app uses the Advanced Encryption Standard (AES, based on Rijndael) and the Twofish algorithm for encrypting its password databases. Both ciphers are considered highly secure. For example, AES became a U.S. federal government standard and is approved by the National Security Agency (NSA) for encrypting top-secret information.
The entire database is encrypted, not just password fields. This means your usernames, notes, and all other data remain securely protected.
SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically safe one-way hash function. No assaults are recognized but towards SHA-256. The output is remodeled using a key derivation function.
To significantly bolster security against dictionary and guessing attacks, we implement a powerful key derivation function (KDF), such as AES-KDF or Argon2, to transform the master key component. This critical process makes unauthorized access to your data exceptionally difficult, even for sophisticated threats.
Process memory protection: your passwords are encrypted while KeePass is running, so even when the operating system dumps the KeePass process to disk, your passwords aren’t revealed.
[2.x] Protected in-memory streams: passwords are encrypted using a session key when loading the internal XML format.
Security-enhanced password edit controls: KeePass offers password management with enhanced security controls for editing and maintaining credentials. None of the available password edit control spies work against these controls. Passwords entered through these controls stay protected and are not stored in KeePass process memory.
The master key dialog can be shown on a secure desktop, where almost no keylogger can operate. Auto-Type can also be protected against keyloggers.

What’s New in KeePass 2.61 Professional :

New Features:

Added option ‘Match diacritics’ in the ‘Find’ dialog (turned off by default, i.e., the search is diacritic-insensitive).
If the option “Check for update at KeePass startup” is enabled, KeePass now initiates the update check asynchronously before attempting to open a database. If an update is found while the master key prompt dialog is displayed, a banner in the dialog indicates the update’s availability.
Whitespace characters are automatically removed when pasting a shared secret in the one-time password generator settings dialog if Base16/Hex, Base32, or Base64 encoding is selected.
Added buttons in the one-time password generator settings dialog for copying the current one-time password to the clipboard.
The one-time password generator settings dialog now supports displaying the settings of history entries.
If the active database is saved to a local file during the final phase of synchronization, the saved data is now copied to the other involved files (including URLs), which is usually faster than building and saving new files.
The ‘Synchronize active database with a file/URL’ trigger action now supports synchronizing with multiple files/URLs at once (specify them in the ‘File/URL’ field, each one enclosed in double quotation marks; if different I/O connection credentials are required, use multiple actions instead).
The ‘Synchronize active database with a file/URL’ trigger action now supports two new options: ‘On error – Silent’ and ‘On error – Continue’ (both turned off by default).
When entering an incorrect master key for confirming an export, KeePass now asks for it again, just as often as when opening a database (customizable using the ‘MasterKeyTries‘ configuration option).
MSI setup: added ‘KPS_OPTIONS‘ property, which allows customization of a (silent) installation (whether to create shortcuts, etc.).

Improvements:

Quick searches, searches in the icon picker dialog, field reference searches, filters in report dialogs, and searches in the options dialog are now more tolerant (case- and diacritic-insensitive, current culture rules).
Entry searches now use the rules of the current culture.
Improved activation of an already running KeePass instance.
When switching to a secure desktop, the UAC sound is now played (if the option ‘Play UAC sound when switching to secure desktop’ is activated) at the system sound volume (instead of the application-specific volume).
Improved database tab tooltip (reduced flickering, etc.).
When closing a database, the view of the next database is now restored.
The {TIMEOTP} placeholder is now classified as non-active (which causes it to be replaced in more situations).
Improved time stability of placeholders during searches for duplicate/similar passwords and password quality reviews.
Improved import/synchronization of multiple files at once.
Improved synchronization error messages.
Improved file transaction error messages.
Improved FTP connection error messages.
Improved parsing of the value of a ‘File/URL’ or ‘Key file’ field of a trigger event/condition/action.
Improved workaround for .NET/Windows TopMost/WS_EX_TOPMOST desynchronization bug.
Improved workaround for Mono window minimization bug.
Upgraded installer.
MSI setup: improved shortcut creation/deletion.
Various UI text improvements.
Various code optimizations.
Minor other improvements.

Bugfixes:

In the entry dialog, editing one-time password generator settings does not cause the repeated password to be set to the password anymore.
When synchronizing the active database with a manually selected file/URL, the trigger events ‘Synchronizing database file’ and ‘Synchronized database file’ are now raised as expected.

What’s New in KeePass 1.43 Classic:

New Features:

Added option ‘Prevent certain screen captures’ (in ‘Tools’ → ‘Options’ → tab ‘Advanced’, turned off by default); note that this may also prevent legitimate other software (remote desktop solutions, accessibility tools such as screen magnifiers, etc.) from seeing KeePass windows.
Added {PASSWORD_ENC} placeholder, which is replaced by the password of the current entry in encrypted form (DPAPI/CryptProtectData).
Added ‘-pw-enc:‘ command line parameter.