KeePassX: Keeping Your Passwords Safe

Do you use a single password online? Have you have been using a handful of passwords for several years across any number of services? Or worst of all, do you rely on words that are found in the dictionary? Increasingly, these scenarios can not only put your personal information at risk, but they can endanger the information of your friends, employers and trusted network connections.

The solution to these problems is to use a different, hard-to-remember, complicated password for each website, service, or hardware device that you have access to. KeePassX is an advanced password manager for OSX that focuses on security and ease of use. For many I.T. professionals, KeePassX is an ubiquitous tool that allows free and open movement between secure services and devices. Created by Dominik Reichl, the open source KeePassX is the Mac version of similarly named KeePass for Windows.

Read on to find out how KeePassX improves on standard OS X password managing tools and why this free software is important.

One Location For All of Your Passwords

In 2009, Twitter gained headlines not for it’s exponential growth, but for their lack of security. In short, Twitter employees were using insecure, common passwords to access services such as Google Docs, Amazon and PayPal. An enterprising “hacker” (using the lowest meaning of the term), discovered that password and published sensitive financial documentation, company plans and more. Needless to say, Twitter was embarrassed while the Internet industry looked at their own password policies and said “this could have been us”.

This has now become an exceptionally common attack on security. Faced with dozens of login prompts every day, many people think that using a common password based on a dictionary word is their only option. An increasing amount of personal, private and confidential information is stored behind the vales of the password prompts that we are presented with. It can seem time consuming to use a unique password every time that you’re asked to create a new account let alone using a long string of random letters, numbers and characters.


The main interface of KeePassX contains a 2 column layout with an index tree on the left.

KeePassX solves the problems mentioned above and more. This password manager saves passwords in a very secure database and has the ability to generate strong passwords. Relying on a password manager, especially one like KeePassX, ensures that your passwords are strong and unique so that you won’t find yourself in the same limelight as Twitter.

KeePassX Features and Functions

The most important feature of KeePassX is the ability to save all of your passwords securely in one place. On the surface, this seems counter-intuative as Hollywood would have us believe that we should memorize our passwords and eat the paper they were written on. While this may be the best strategy if we lived in a world where we only needed to access a single resource or website, in the world today, we all have dozens of accounts with unique passwords. Collecting and organizing this information into a single, secure database allows us to strengthen all of our passwords by making them each unique and hard to uncover.


The right click context menu gives users the ability to easily launch a website or open a resource while copying the password to the clipboard.

Strong Security

Immediately, when asked to store passwords in a single location, many people question the security of that location and the master password used to access the collection. This is a valid and important concern. In order to use KeePassX properly, one must come up with a single strong password that will not be saved in the KeePassX database. Each time that KeePassX opens a database, it requests that single master password. Alternatively, a Key File can be stored on an external USB drive and inserted to replace or further strengthen the master password.


KeePassX focuses on security by using both AES and Twofish encryption. This software also has the ability to secure passwords with a master password and keyfile.

Cross-Platform, Portable and Lightweight

One of the most interesting and useful features of KeePassX is that both the program and the password database can be stored and ran on a USB drive. Without any software installation, users can have access to their passwords at home, at the office, on a shared computer, on a temporary workstation or even from within BootCamp.


Adding a new password in KeePassX.

Easy Backup, Importing and Exporting

It seems that computer nerds preach strong passwords as often as they do regular backups. While there may be some tape on my glasses, ensuring that your KeePassX password database is safely backed up is an important feature. KeePassX uses a single file to store each database of passwords. This means that by adding one file to your regular backup procedure, you can easily recover your passwords.

Similarly, importing and exporting entire KeePassX databases or groups of passwords stored in KeePassX is easy. I frequently sell domains and entire websites that often require a variety of passwords. By simply selecting a group of passwords and clicking on the Export command, passwords are output in plain-text. This makes sharing passwords extremely easy.


The ability to select a number of passwords to export in plain text simplifies communication.

Open Source With Plugins Available

Credited on the KeePass website, security expert Bruce Schneier is quoted as saying, “As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols, and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.”

Schneier’s quote highlights the fact that KeePassX is secure because the process and algorithms it uses are Open Source. Anyone can view the source code to evaluate how secure KeePassX is and based on the number of security experts who use it, they must like what they have seen.


Generating a password with KeePassX. A variety of options are available to quickly and easily generate strong passwords.

The Open Source methodology also allows programmers to extend the software using plugins. Arguably, the ability to add features and integrate a software package into an existing workflow can make software such as KeepassX infinitely more valuable. However, since KeePassX is a port of it’s Windows counterpart (simply named KeePass), community submitted windows plugins will not work on the Mac.

What’s Wrong With KeePassX?

KeePassX is a port of the Open Source Windows version, KeePass. The Mac version of the software doesn’t support all of the plugins and generally, the user interface isn’t as refined.

When using KeePassX, many people create two separate stores for their passwords. One in KeePassX and the other within FireFox’s built in password manager. There are two workarounds for this: First, an unofficial (and non-functional) FireFox addon could previously read and write KeePassX passwords. Second, there is a complicated workaround that while difficult to setup, works well. LifeHacker has brief step-by-step instructions to integrate FireFox with KeePassX.

KeePassX requires good, basic system administration in order to work well. Passwords are stored in a single file. If users do not properly backup this file, it can become damaged or lost. Using tools such as DropBox or Time Machine can help avoid lost passwords.

Why You Should Use KeePassX

KeePassX is Open Source, Ad Free and Cross Platform. Competing products have proprietary source code, charge for similar functionality, can not be integrated into existing applications or are supported by in-app advertising. In addition, KeePass in addition to supporting OSX, Windows and Linux versions are available so that the same database can be used at home, in the office, or wherever you happen to be.

KeePassX is secure and reliable. Personally, I use both a strong memorized master password along with a keyfile stored on a USB drive. I keep a copy of the keyfile on a second USB drive locked and hidden in an offsite personal safe. This, along with support for both AES and TwoFish encryption algorithms with rolling encryption rounds make me feel confidant that my important passwords are locked down.

While it isn’t nice to think about, recording all of your passwords in this way can make things easier on those who become responsible for your accounts if you die. I know that if something happens to me, my digital life and importantly my work can be accessed by someone I trust. Without any additional work, KeePassX forms a hierarchical list of accounts that need closed, passwords that need relayed, domains that need renewed or sold, etc.

Having an easy way to generate a strong, unique password for every account you have access to ensures that if one of your passwords is compromised, none of your other accounts are in danger. It is very common for bank accounts to share the same 4 digit pin as a voicemail system, or for an e-mail password to be the same as the password used for websites such as Flickr, Facebook and Twitter. Generating a strong, unique password for each resource is very important.

Leave a Reply

Your email address will not be published. Required fields are marked *