
KeePassXC 2.5.2 - varjolintu
https://keepassxc.org/blog/2020-01-04-2.5.2-released/
======
arminiusreturns
XC is where it's at imho. It's not perfect, but it improves upon KeePassX a
KeePass improvement itself. It's fast, cross platform, and has decent
encryption options. It's probably not for sharing with a team of any size,
though I have done it and fought with locking via outside communication, but I
just hate all the enterprisey cloud password managers that live so close to a
browser, and find myself going back to keepassxc (and gpg and ansible vault).

There is room for growth in the business passman market.

~~~
politelemon
I've reached similar conclusions; its inclusion of the SSH Agent as well as
TOTP and browser integration made it a good choice for Linux. On Windows I've
got a team still sticking to normal KeePass on a shared drive; not the
greatest solution but it does work well with multiuser scenarios

~~~
vbezhenar
What's wrong with KeePass for Windows? I'm using it and it works for me. I
actually prefer it to C++ version, because .NET is a managed runtime and
provides defense from some common vulnerabilities which is important for
security software.

~~~
earlINmeyerkeg
The single thing that keeps me from sticking with KeePassX is simply because
it doesn't have the auto-type feature. I love that it's open source and works
on all OS, but that is such a convenient hotkey that it's hard to give up.

------
photonios
I used the original KeePass 2 client for a long time but at some point I
looked for a more stable and good looking client. Since I am mainly a macOS
user, I found MacPass [1]. I highly recommend it for any mac users. Its been
nothing but stable and good for me.

[1] [https://macpassapp.org/](https://macpassapp.org/)

Disclaimer: Not affiliated with MacPass in any way.

~~~
sir_brickalot
My problem with MacPass: When sharing a database in i.e. Nextcloud.. I get
regular syncing issues. Keepass has a workaroud for that. [0]

[0]
[https://keepass.info/help/kb/trigger_examples.html#dbsync](https://keepass.info/help/kb/trigger_examples.html#dbsync)

------
newscracker
Is there a good “secrets manager” or “encrypted information manager” that’s
free (preferably also open source) or quite cheap (not subscription based), is
multi-platform (including mobile) and supports auto-fill in other applications
(especially browsers)?

Password managers with password generators and 2FA code generators are ok for
work related use, but they usually may not cover other pieces of information,
like credit/debit cards, software licenses, identification cards,
hardware/appliances, etc. Adding custom fields in each entry by oneself isn’t
a great option. Perhaps it’s not a great idea (even with a very strong master
password) to put all the information in one database, but I see value in being
able to store, retrieve and auto fill different kinds of information (even if
some may seem too complex to define in a generic schema).

I already tried Bitwarden, but it covers only passwords, cards and identities
(plus secure notes).

~~~
upofadown
Boring old Unix Pass?

* [https://www.passwordstore.org/](https://www.passwordstore.org/)

It's just a bunch of gpg encrypted files with as much stuff as you want in
them, in any format you want (password on first line). Easy to share/sync to
whatever you want. Lots of interfaces on lots of platforms but you really
don't need an interface.

Has git support...

~~~
iudqnolq
Highschool me fucked up pass and exposed a lot of data. It was entirety my own
fault, but there are footguns if you don't fully understand the model.

Essentially, I accidentally publicly exposed my private key. I thought I was
clever for writing a Python script to dump all my passwords and then re-add
them after setting up pass with a new key.

A year later, when I accidentally deleted my private key (reformatted laptop,
phone bricked before set laptop back up), I spent a few hours trying to figure
out if I made a mistake that would let me recover my passwords. I was very
motivated :)

Eventually, I realized that since I'd been using git to sync pass between my
phone and computer (the recommended setup) I could access versions of my
encrypted data for every account more than a year old and decrypt them with
the private key I leaked. I got back almost all my data.

Luckily I was using a private git repository for defense in depth, but many
guides recommend a public reposity because they say gpg is very strong.

It all works, but only if you don't do something dumb like I did. Now I'm on
1password and happy knowing that experienced people are paid to make it and
smart security researchers like Troy Hunt (of haveibeenpwned fame) have said
it's the most secure password manager they've looked into.

(I said the same thing earlier in a different post)

~~~
upofadown
I take it that you had no passphrase on your private key?

~~~
iudqnolq
I did, but I presumed that I should still change the key once it was exposed.
IIRC it was a nonrandom long passphrase (the first letter of every word in a
20-30 word sentence, I think. I've since moved to memorizing random
passphrases). I was able to remember that password when I needed to recover
the data later.

------
swejo
I use XC for passwords I'm not allowed to store in the cloud.

My favorite cloud provider is BitWarden[1], which I believe was the first
cloud password service supporting hardware keys.

[1] [https://bitwarden.com/](https://bitwarden.com/)

------
wufocaculura
Looking for some advice here. I am generally happy with KeePassXC (switching
from browser-remembered passwords was a big step forward for me), but I have a
feeling that it might not be a perfect solution for me.

I have four devices that are being used on almost-daily basis: \- work PC \-
home PC, \- laptop, \- smartphone

work and home PCs are often on at the same time leading to a situation where I
have KeePassXC database open - it happens I just leave home/work without
closing / locking the database (or it prompts database modified - save?) which
might lead to some desync scenarios (it already happened to me).

So I think I need something that will not keep local database as KeePassXC
does, but will use online store. I am not a big cloud fan, so would prefer to
host in on my own infra.

My requirements: \- self-hosted \- online (some API-based), \- cross-platform
(at least Windows/Android but with Linux in mind) \- browser-aware completion
(similar to KeePassXC) - Firefox + maybe chrome,

Is bitwarden a way to go? Or is there something better?

~~~
sir_brickalot
Hi check out my comment right in the thread right above yours... :-D

Don't know if KeepassXC has the same functionality as Keepass, but they
provide an option to use a LocalDB/MasterDB synchronization [0]. This could
help preventing desync problems.

[0]
[https://keepass.info/help/kb/trigger_examples.html#dbsync](https://keepass.info/help/kb/trigger_examples.html#dbsync)

~~~
wufocaculura
Thanks, will have a look at this.

------
novirium
Fixing the browser URL subdomain matching issue suddenly makes this usable
again, which is great news!

I've gotten used to the painless ssh-agent integration KeepassXC has and
really wasn't looking forward to trying to switch to another manager...

------
noisy_boy
I have been using KeePassXC and am quite satisfied with it. Hope they add the
option of being able to specify multiple URLs e.g. for some apps, the URL
scheme is androidapp://... which doesn't work with fetching favicons.

~~~
iszomer
I wish XC implements dark mode some day. It is the only app on my Linux box
that can't be themed yet.

~~~
noisy_boy
I used Qt5 settings editor to make it similar to non-QT apps (I'm using
XUbuntu) but that only takes care of window/toolbar/icon/fonts. Just so
happens that I don't use a dark theme so I'm happy with the results but I can
see that it'll standout in a dark themed desktop.

------
dmos62
I use git to version my Keepass database files. It's not great, because if you
store binary files inside the Keepass database, the git repo's size grows very
fast. I do it because I don't trust the apps I use to not corrupt the file.
Does anyone have alternative solutions?

Something like pass lends itself ideally to version control, but all my
entries' metadata (names, dates) are visible, which is a problem for me. I
want to be able to store my secret database even on untrusted infrastructure.

Currently, I'm pondering storing big or often updated binary data separately
from the passphrases and similar low-footprint data.

~~~
novirium
I've been using SyncThing for years with my KeePassXC database without issues
(including Android for use with Keepass2Android).

On the odd occasion it's been modified on two devices without a sync and
SyncThing produces a sync-conflict file, a simple "Merge from database..."
within KeePassXC happily pulls in the newer data from both databases to merge
them again.

I use the Staggered File Versioning feature on at least one device + a
separate backup mechanism to satisfy my paranoia about losing the database.

~~~
bavell
Love it! I just recently started using Syncthing and may implement what you've
outlined here.

As a fellow paranoid, what mechanism are you using for the separate backup?

------
hannibalhorn
For anyone that's used both, any impressions on how XC compares to BitWarden?

I've been looking to switch from my older copy of 1Password - I don't care
about cloud support, beyond letting me keep the encrypted data in Dropbox or
similar, but I really appreciate a good browser extension and mobile app.

------
JohnTHaller
The new release is available in PortableApps.com Format as well:
[https://portableapps.com/apps/utilities/keepassxc-
portable](https://portableapps.com/apps/utilities/keepassxc-portable)

------
retrobox
I really love all the work that has gone in to XC but I preferred the original
look and feel of Keepass 2. I feel the need to get over that and try XC again.
It’s great to see it continuing to get development and new features.

~~~
vbezhenar
What do you miss in KeePass? It's not abandoned.

~~~
retrobox
Only the look and feel. Meanwhile the cross platform compatibility of XC
appeals to me. I never had much luck running Keepass 2 with mono whereas XC
takes care of all the cross platform woes

------
C14L
I noticed in the screenshots that KeePassXC can show TOTP for an entry.
Doesn't it limit the usefulness of a TOTP, if both the password and the TOTP
seed are stored in the same location? Or am I missing something?

~~~
louib
You can have a separate database file as a backup for your TOTP secrets. This
way you can setup the TOTP with KeePassXC directly, then transfer the secret
to your phone for example. This assumes you can trust the device from which
you setup TOTP with KeePassXC.

------
Brian_K_White
I just wish I could convince them that specifying a monospace font is not the
same as specifying an unambiguous font, and it matters because not everything
is cut & pastable.

In the password fields, I don't know how anyone either writing or using a
password manager doesn't consider unambiguous glyphs to be critical. It's a
password manager not a greeting card designer.

They think they have solved this by specifying the font to be monospace in the
password fields (maybe notes too I don't remember).

I submitted an issue complete with pictures of passowords written in monospace
fonts in KeePassXC where the characters are ambiguous.

It shouldn't even require pictures to convey the problem. Once someone says
"the property "monospace" and the property "unambiguous" are two dufferent
properties. It's an unsafe and in fact broken assumption.", you'd think that
would shed all the light necessary.

But what more do you do when tbey don't see it even WITH pictures? Fork it yet
again? Just to add a config option to let the user or desktop integrator
select an arbitrary font for some display fields?

What really bugs me is, they didn't say "yeah that would be better but it's
hard and we don't know when anyone might get to it" No, they think it's
already done.

Failing to get that idea across really made me wonder about the parts of their
work that aren't so visible.

~~~
csande17
For context, here's the issue report the parent's talking about:
[https://github.com/keepassxreboot/keepassxc/issues/1771](https://github.com/keepassxreboot/keepassxc/issues/1771)

~~~
Dreami
(to GP) I really have to say, this is not how you should ask someone else to
fix a problem. Going at the developers on a personal level is NEVER a good
thing. If it was my project, I probably would have closed the issue completely
after you insulted me this personally.

