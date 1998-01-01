Hacker News new | comments | show | ask | jobs | submit login
KeepassXC: Cross platform community fork of KeepassX (keepassxreboot.github.io)
52 points by karlgrz 2 hours ago





If you were curious like I was, about why this fork was necessary, I found this on their About page:

KeePassXC is a community fork of KeePassX which aims to incorporate stalled pull requests, features, and bug fixes that have never made it into the main KeePassX repository.

I haven't tried it yet, but maybe this will address some of my pet peeves. My primary peeve is that, in keepassx, there is no fantastic way to handle password changes. I can generate a new password, but the only way to get it into a webpage without overriding the old password in the database is to show it on the screen and then copy the visible text.

(My second peeve is that the "type the password" feature types the username and password, making it useless for the more annoying disabled-paste password prompts.)

Every entry should have a complete history of all passwords. I'm not sure why you'd be worried about the new password overwriting the old one. It's not gone forever.

You can also customize the auto-type on a per site basis. Only the default types U + P. It can be anything you want it to be.

I tried to stick with KeePass.x for the longest time, but keeping the keepass databases in sync across multiple platforms/devices, while possible, was very much a pain and quite a clunky/messy process which always required me to remember to do something after updating the database anywhere. I eventually gave up and migrated to Lastpass which "Just Works™" on all my devices.

I think KeepassXC includes the "auto-reload" patch, which causes the database to be automatically reloaded whenever the file changes; if you also enable auto-save this allows for fully automatic synchronization if you to store your encrypted database file in Dropbox or similar.

I also like how LastPass can be administered by company / team admins, has 2FA, allows you to share passwords (or groups of passwords) with people (or teams of people), has some built in tools to help automate password updates, and can give you a quick at a glance audit of which passwords are old / insecure / are used more than once / are used for services that have been reported hacked and should be changed.

But... HackerNews hates LastPass for some reason... still haven't quite figured out why. (= It's a great service.

Perhaps because the concept of a cloud keychain is just too tempting for exploits?

If someone gets my keychain they own me completely and can quite possibly ruin my life.

From the text it looks like one of the selling points is integration with apps like browsers so you don't have to copy/paste passwords, as with KeePassX.

Personally, to me that sort of integration has always seemed like a bad idea. I'm glad that my password database can't talk to my browser programmatically. One less thing to go wrong.

Browser integration is one of the major security gains of using a password manager.

It takes passwords and makes them "unphishable", because the manager knows what domain you're on.

Of course it's also the largest attack surface. Personally, I think that tradeoff is worth it - assuming competent development.

You don't have to use it. Also, a recently landed change allows you to exclude that feature entirely from the compiled binary if you want to build it yourself.

Personally the best feature I'm using KeePassXC for is the auto-reload feature. I sync my kdbx file with Tresorit across couple computers, and the auto-reload feature ensures that I'm always modifying the latest version.

This is something lacking in the original KeePassX.

One thing that stands out is usage of Qt 5. KepassX (at least the released version) is still using Qt 4.

Yea, lastpass got burned by it with their chrome extension. After that, I switched from a web password manager to desktop password manager. Less attack surface area.

Why not change the name entirely, then? KeepassX is already a terrible one.

Makes me think of DOS software from 1998.

The FAQ should explain the reason for the fork. I couldn't find anything about that, and that was the first question I had.

What happened to the Windows binaries?

