The very best thing about keepass is that defines a standard and publishes a reference implementation that anyone can build a compatible client for. I like KeepassXC on MacOS and Keepassium on iOS and I keep the DB in sync between them with NextCloud. If I was working on Linux/Android next week I would pick the best clients there and arrange syncing myself, again, without a third party.
And that would be Keepass2Android for Android. I love it, it's perfectly simple and like you, I sync via my own means but there are "easy" options available.
On the desktop there is even a CLI app for interacting with the database, though I also use KeepassXC.
keepassxc is incredible, truly slept on. I use safari keychain as well, as a copy. But my master store is keepass. It boggles my mind that people pay for 1password.
Btw, is keepassxc on Android now or are you referring to one of the many Android keepass apps? I use keepassium on iOS.
I pay for protonmail and also store a copy in protonpass. Proton pass has a nice web interface and doesn’t require me to copy a keepass file or logon to iCloud on my work computer so I use that sometimes too.
> It boggles my mind that people pay for 1password.
I’ve payed for 1Password for 4 years and am a happy customer. But I would also be willing to try KeepassXC if it really offers feature parity.
These are some features important to me, are they supported by KeePassXC?
- Easy password sharing with my wife. We have separate private vaults and a shared vault, and moving a passwords between these vaults is seamless.
- Sync has been seamless for years. I don’t have to worry about e.g. iCloud corrupting my password database and having to restore from off-site backups.
- Integration with many platforms. Currently, that means autofilling/autosaving/generating passwords in common browsers, on MacOS, and on iOS.
- Generating and filling TOTP tokens (no need for Google Authenticator or similar apps).
- Storing and syncing SSH certificates, including acting as an SSH agent (so I have to scan my fingerprint to allow a new SSH authentication).
- Storing non-password items in the encrypted store, e.g. pictures of passports.
- TouchID or FaceID for quick unlocking with everyday use.
> - Easy password sharing with my wife. We have separate private vaults and a shared vault, and moving a passwords between these vaults is seamless.
Not sure about this one. I don't even collaborate passwords in Apple keychain with my own family.
> - Sync has been seamless for years. I don’t have to worry about e.g. iCloud corrupting my password database and having to restore from off-site backups.
Sync with iCloud Drive, Dropbox, Google Drive have been fine for a long time. Plus theres also the option to just keep a password database copy handy.
> - Integration with many platforms. Currently, that means autofilling/autosaving/generating passwords in common browsers, on MacOS, and on iOS.
KeePass is usable on more platforms than 1Password sorry. You could probably get one keepass app or another running on some ancient power PC box running netbsd..
> - Generating and filling TOTP tokens (no need for Google Authenticator or similar apps).
KeePassXC does this
> - Storing and syncing SSH certificates, including acting as an SSH agent (so I have to scan my fingerprint to allow a new SSH authentication).
I have not tried this one, but would be surprised if KeePassXC doesn't do this as well
> - Storing non-password items in the encrypted store, e.g. pictures of passports.
KeePassXC definitely does notes, not sure about photos etc. This is definitely the realm of an encrypted Apple Note for me though.
> - TouchID or FaceID for quick unlocking with everyday use.
KeePassXC has this on Mac, KeePassium does it on iOS really well...
Keepassxc has zero collaborative features and no online sync. I’m a big fan of keepassxc but these reasons are why I pay for 1P. I can add colleagues, guests, family members and have it run on all my devices.
I would instead jokingly say that you would have to pay me to use 1Password.
KeepassXC does have collaborative features and online sync if you just drop the Keepass file in a shared cloud - I use it this way and it's easy to set up. Also, more importantly, the password database is not stored in some server God knows where.
It's not perfect, but keepass does have keeshare, basically one or many sub-dbs on different files that integrates into the main one seamlessly, so in my home we have a 'shared' db each and we can read it and update it from our main dbs.
