This app was mentioned in 52 comments, with an average of 3.42 upvotes
I use Keepass2Android Offline. Open Source, NO internet permission, works using the AutoFill service of Oreo, supports fingerprint, more customizable settings than KeepassDroid.
https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
I'm sure 1Password's features are awesome, but I'm always hesitant to use closed source software for password managers.
Keepass2Android Offline is an open-source implementation of Keepass, which itself is open-source. It uses no permissions that could be abused.
https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet&hl=en
It has an online version if you want to cloud-sync your encrypted database on Google Drive, Dropbox, etc.
https://play.google.com/store/apps/details?id=keepass2android.keepass2android&hl=en
Keepass and Keepass2Android are both free as well.
KeePass2Android. It is based on Keepass which is an open source application. Use their offline version so that app never uploads your database. I sync my database using Dropbox between multiple computers, phones and tablets.
I could not recommend it enough. Linkme: Keepass2android
Edit - Here is the offline version
Not the person you're responding to but check out KeePass. It's open source software. You can store the database locally, or on cloud storage such as Dropbox. I use KeePass2Android Offline on my phone. I'm sure there are versions for iOS as well.
I use [KeePass](keepass.info) on Windows. There is a Linux version too. You could also use the cross-platform version called KeePassXC but it doesn't have all of the features.
On Android I use KeePass2Android .
Tutanota is based in Germany which is a potential threat since Germany is part of "Fourteen Eyes" . Switzerland isn't part of this kind of an agreement.
You don't necessarily have to. If you set a very secure password, no one can break into it. KeePass was originally designed to be a "USB flash drive" kind of application - if you lose your flash drive, oh well - your passwords are still safe and sound. This applies to Dropbox/Google Drive as well - even if someone got access to the password database, everything is still encrypted and safe.
Of course, people that use KeePass tend to be paranoid (including myself) - so not using sync isn't a big deal breaker. You can try using your own "cloud" (OwnCloud comes to mind), and sync with your own hardware.
Or if you don't like the internet, store it on a flash drive, or even just make a copy of the database for each computer! On Android, you can also get an offline (no network access) version of Keepass2Android (here) so that your database will never go online.
You can also use the offline version if you keep your database stored locally (or you have your own sync setup going on)
I have read a few times on this post, that keepass +nextcloud has some issues.
I'm using syncthing with keepass and have one extra folder shared in syncthing, which only holds my keepass files. Changes in keepass files are instantly synced to my android device. This is very useful, if I'm registering for a new service and also want to setup the service on my android device. My work flow is : register for service on computer, with creds from keepass -> open keepass on Android -> login to service on Android.
I use this app : https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
Don't forget that Keepass2Android also has an Offline Edition which does not require network permission, so you can use OneDrive to sync password database, while Keepass2Android only accesses the sync'd local file, i.e., it will not be able to secretly upload your master password/key to its server.
Not sure why you're being downvoted.
Yes the db is encrypted, but if the same app that you enter your password into is also the same one that uploads your db file, there is absolutely nothing stopping it from sending the password you enter to a central server, besides the word of the developer / someone digging through the open source to confirm and then building it from source themselves.
Better off using Keepass2Android Offline and setting up your own sync using a different app / service.
It does have a known security risk: if the owners decide to try to get all your passwords one day, they already got access to them in an encrypted form (I guess).
I use Keepass2android
You could use Keepass2Android Offline which is the same as Keepass2Android but without network permissions and cloud sync capabilities.
And at least the database file would be compatible with KeePass 2 on a PC so you could export/extract them if needed.
If you compare the screenshots of "KeePass2Android Offline" and "KeePass2Android", they are quite different. The offline edition looks more like an old-school Android app while the other edition has a modern looking.
Također. KeePassXC na kompu, Keepass2Android Offline na mobitelu. Postoji i online verzija koja nudi sinkronizaciju putem Dropboxa i sličnog, ali nove accounte uglavnom radim preko kompa pa usput FTP-am databazu na mobitel.
This is the fully offline version of Keepass2Android:
https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
> Keepass2Android Offline is a variant of Keepass2Android for local files only
>They aren't secure and you don't know what they do with your credentials
.... LOL
Completely offline password manager
Google certainly isn't your friend.
If you really worry about Google Drive access (or generic internet access) from KeePass2Android, you should switch to KeePass2Android Offline from the same author, since the latter does not ask for network privilege at all. If you need to database sync over the internet, you'll have to depend on other apps, such as Google Drive App, to do internet sync via Google Drive.
This is the fully offline version of Keepass2Android:
https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
> Keepass2Android Offline is a variant of Keepass2Android for local files only
If you're concerned about copying to the clipboard, you can also use KeepPass2Android's custom keyboard for password entry. Once you enable it in the settings, you can switch to it from the notification bar when appropriate.
Also, if you're worried about phoning home, the author made an offline version to allay those fears: https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet&hl=en
I'm using Keepass on Windows, Linux and Android.
Windows is clear. Ubuntu has keepass too, but only with Mono. On Android I'm using Keepass2Android.
On all devices I have the same keepass-database which will be synchronized daily with FolderSync on Android and the Owncloud-Client on Linux and Windows. Owncloud is installed on my NAS.
don't use Chrome, it spies on you. There's a reason it's the new default browser: To gather the last pieces of information Google didn't have already.
There's this: KeePass2Android Offline which basically has a "share target" where you could share a link from any browser and it automatically searches your database. You still have to copy it yourself though.
I use the offline version instead, since I sync my database with dropbox.
Works very well for me.
There is also Keepass2Android Offline which has no internet connectivity option.
Note that Keepass2Android has a no-internet version as well.
https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
What's wrong with Keepass2Android?
KeePass is probably the best solution in terms of convenience and security, which is why it is my personal favorite. > What's to stop an app from intercepting the copy / paste function and sending my login details somewhere?
Nothing will stop it and KeePass app developer can't do anything about it. Although there is an alternative - you can switch to a special keyboard that pastes username/password without using such an insecure data storage as clipboard. This one has it. > I'm probably overanalyzing things
Indeed you probably are. I would recommend you to check out the Assesing Your Risks article from EFF and threat model your particular case. If there is a critically high risk of hackers actively trying to get your passwords then paper and pen might be a solution for you, though a password card would be even more secure because even if someone gets a physical access to it they wouldn't be able to figure out what your passwords are.
You kind of have to balance between convenience and security based on your threat model, quite often too much security is just overkill and as a result inefficient use of your time.
Linkme: keepass2android offline Edit: stupid bot!
https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
The best one is up to you, try them all and decide for yourself, I'll link a few apps down below.
If you don't want keepass2android to use data, switch to Keepss2android Offline from the same author.
You can use Syncthing to sync your keepass db between devices and open open the keepass db on your phone using Keepass2Android Offline for exemple.
​
Edit: Another option is to use Bitwarden, it has browser extensions, but they are optional there are desktop apps for all the major OS's and apps for mobile, they store the passwords in the cloud, but there is the option to self host, they have recently been audited and are open source, so a secure option as far as I know at the moment.
Also, Keepass2Android offline: https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
Why not KeePass? KeePass2Android Offline version does exactly what you're looking for.
You mean Keepass2Android? There is an offline version.
Keepass has several recommendations, I use Keepass2Android Offline (screenshots are outdated, see online version on play to see how it is today)
This, especially because there is also an offline version that doesn't request Internet permissions. https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
Its been a while since I've had a google-only phone (I've used lineage in the past and calyxos more recently), but my recollection was that the google backups do usually work, but I also know its failed for me. As such I just don't trust opaque data stores.
So my key stuff I keep in a specific folder on my phone and use a tool called syncthing:
https://privacyguides.org/software/file-sharing/#sync
This automatically keeps my phone and my desktop/laptop in sync, so this includes my password manager file, my 2fa file [I use Aegis specifically because it lets you manually create your own backup -- and in the case of aegis, it automatically exports a backup to a folder you choose whenever you add a new login], and my Signal backup [auto-export when you plug it in to charge at night, I don't use SMS so this covers all of my messages]. None of this requires any management from me, I just configure those apps to save to the sync location and everything works more or less seamlessly. Resetting my phone would be a pain, but with those three saved (and replicated in several places) I don't really need to worry.
Google photos etc. are a bit more obvious, and I think the google instant-upload functionality is more reliable than most third parties, so I'd just use that if you're fine with google having your pics.
De mon côté
Keepass2Android Offline doesn't have any internet permission.
It's never been a problem for me... that's why I like it so much. I've never had to remember to sync, etc.. it just does it automatically. There are two different keepass apps however... and the person complaining about it is using the app that only edits a local file. It sounds like he was manually moving it back and forth to/from his Google Drive, thus how he was ending up with mismatched copies (I suspect). I did it this way for a while and never had a problem, but I can see how this would be an issue for the OP if he forgot to manually move his database file to whatever cloud service he uses.
Free one https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet&hl=en_US
Not sure if this one still costs money, but I paid like $3 for it a few years ago: https://play.google.com/store/apps/details?id=keepass2android.keepass2android&hl=en_US
I don't think a local copy is stored on my phone, thus my joke about Google drive going down. I do have a local copy on my laptop (I access Google drive via Insync).
I actually see now the new version of the app has support for Nextcloud, which I've got running on my NAS. Might have to try that, but the biggest issue is I don't have local access to my Nextcloud on my laptop, and the Linux version of keepass doesn't access cloud services to my knowledge.
https://i.imgur.com/XE2rwX0.jpg
Edit: I stand corrected, there is a Nextcloud Linux desktop app... Gonna check it out.
As for KeePass, I like (and use) the implementation of Philipp Crocoll KeePass2Android (Offline) which only works for local files (there's a version with online capabilities (sync to Dropbox, Google Drive, etc), but I haven't used it for over a year).
It's not natively on F-Droid, but by using Izzy's repo it could be managed by F-Driod without any hazzle. It's also available on Google Play Store, and on the linked repository.
I use a YubiKey Neo and the KeyChallenge plugin. For my phone I use Keepass2Android Offline. This keeps the 'something you have' part of two-factor on a hardware device instead of a file on my PC. I keep a spare YubiKey in a safe location as a copy of the original in case the original gets snapped.
Keepass2 comes with a secure, Open Source keyboard for handling passwords and not recording what you type: https://play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet
For any specific tracker questions like these you should go to their IRC, nobody can help you with this type of things here.
Nevertheless, I prefer KeePass with KeeOTP plugin for TOTP 2FA, you store the secret key inside the entry of the said site and the plugin generates the token. Keepass2Android without doing anything else sees the key by the PC plugin above and generates tokens if you need it while on mobile. Also you can configure AutoType so you only press Ctrl+Alt+A and the code is typed by its own on the website, no need to unlock phone, find said website, etc etc
KeePass! - saves all of your passwords and user names and encrypts them.
Really, neither are as safe as keeping all your passwords stored in a local database. LastPass has already been hacked before. If you use something like KeePass2Android Offline and store KeePass on a USB stick, you can sync your KeePass database between your phone and usb and no one would be able to get all of your passwords unless they had physical access to your USB or phone AND got passed the encryption on the database. Both Google and LastPass can theoretically be bypassed over the internet. It's not that tedious to type in the passwords either since there is an auto fill plugin for android and the PC application has autofill built in.