This app was mentioned in
with an average of
Agreed. I use Keepass compatible Android apps for better security (what does military-grade encryption even mean?), for transparency (because they are open-source which means there is no shady business going on there), for compatibility (due to its huge and awesome community, you can access your database from anywhere, can integrate it with anything - e.g. Firefox), and for affordability (it is free and always will be).
On my PC, I use official KeePass Pro software and on my android I use KeePassDroid. For the latter there are some material design alternatives but honestly KeePassDroid is dead simple and kinda used to it.
Concluding with this nice quote, which I nicked from KeePass's website: "As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice." Bruce Schneier, Crypto-Gram 1999-09-15
I've been using KeePass. It's open source, free and light weight. They don't have an official app but there are apps on the Play Store that you can use.
I use KeePassDroid. Save your file in DropBox and you can have your passwords available anywhere.
It still amazes me that people are using the same passwords, (and to a lesser extent, usernames, email addresses and passwords), and no 2FA despite so many high profile data breaches having happened for so many years.
And that so many of those who do use password managers, use those which store the passwords "in the cloud".
An offline password manager like Keepass Droid, (sync'd over NFC, Bluetooth or LAN rather than the interwebs, or at least encrypted for temporary online transfer and deleted immediately afterwards), and using a different username, email address and password, as well as activating 2FA is the way to go.
It's time that all websites and email providers allowed you to have a separate, private username for authentication purposes only as well, separate from your display name, (so could be your email address but not the username you sign in with).
I use 2.x portable in Fedora and Ubuntu, running in Mono. It works rather well, including appearance (looks pretty), double click passwords to copy to clipboard, and auto type (Ctrl+V). I unzip the portable KeePass 2.x into a folder in Dropbox, and just keep my database in the same folder. On my phone, I use KeePassDroid.
Some instructions for setting up 2.x for Linux are available here: http://keepass.info/help/v2/setup.html#mono
I've always been suspicious of LastPass - keeping all my credentials at someone's server, as good as they say they've encrypted them, somehow defeats the idea of security for me.
So, I've chosen KeePass - it stores everything in a secure, encrypted container file locally. I use its internal scripting functionality to make a copy of that file which is then synced on my own server (running ownCloud) and I can use it on my Android phone with KeePassDroid!
Naturally, you could use other means to keep a copy of the container synced to your phone, such as Google Drive or even periodical manual transfer.
Hope this helps.
KeePassDroid F-Droid | Google Play
Generell aber eher fragwürdig, den Password-Container auf dem Smartphone zu haben weil das meistens einen schlechteren Patch-Stand hat, als z.B. dein ArchLinux und damit einfacher angreifbar ist.
For the password manager I use Keepass (desktop) because it's offline but you can upload the file to gdrive or Dropbox and just install a Keepass app and fetch your passwords. The file is still secured with your main password btw.
Keepass for Android or Keepass2 for Android. If you don't need to share with an existing keepass installation the it's probably wiser to use version 2.
I've been using KeePassDroid for the past two years, having all my passwords available directly on my phone is really convenient.
The database-file is also compatible with all other versions of the applications so I just have to backup the file in case I lose my phone and I'll still be able to access all my passwords on my computer.
I've been using KeepassDroid myself, which is also good. I can't tell you which one is better since I've never used keepass2android, but both are linked from the official keepass.info site so both are probably fine.
Personally, I've just found it better to use. I've used other KeePass forks and I've just settled on XC... Maybe it is because it is maintained a lot more and the devs seem to listen to what the user base wants.
As for an Android app, I use KeePassDroid. It may not be the prettiest, but it does the job. I'd recommend saving a database onto your phone, though. If you're accessing from the cloud, it can be a little hit and miss.
I use Keepass droid for android, the UI also has pretty horrible usability and looks, it's kind of a pain to use, but it's better than nothing.
You can put a portable version on a USB-stick, which you can use at work.
You usually won't know your passwords, so carry around the database with you. Alternatively come up with secure passwords for the services that you need to have access to without using KeePass.
There are also apps (e.g. KeePassDroid for Android) that allow you to open your database on a phone.
I have been using KeePassDroid for almost as long as I have had Android phones. Interface is dated, but the substance is all there.
what KeePass Android client are you using? I don't have the same issue with KeePassDroid. It gives you an ability to access and copy your reddit username and password by a simple swipe from the top of the screen (of course, after you first open the reddit login info in the app itself).
Why not KeePassDroid? It has far more reviews and is listed on the downloads page along with Keepass2Android.
What are the differences between the two? My guess is KeePassDroid is dead since it lists Google Code and that shut down a while ago.
Én KeePass-t használok OneDrive-on keresztül megosztva, van KeePassDroid androidos kliensel.
A banki és e-mail jelszavakat nem tárolom benne, csak minden mást.
I use https://play.google.com/store/apps/details?id=com.android.keepass with the Google Drive app and it works good. Basically, go into your Google Drive app and mark your database as "available offline", and then it will store a local copy that you open with keepass.
I would definitely be weary of sync issues and time conflicts if you're editing it multiple times while offline, etc. It's never been an issue for me because I'm never making new accounts anyways without internet connection (for obvious reasons).
It's definitely possible to do what you're attempting to do, so hopefully you're able to get it to work!
Keepass is an offline manager and is both on PC and mobile which you can use the same database for each device, save the database in your cloud storage of choice to keep them all synced up. I personally use keepassDX from f-droid on my phone and keepass on my PC.
Keepass is opensource so you could go to KeePassDroid.com and download the source code and compile it yourself or follow the link to the PlayStore
KP for android. we're not really having any trouble here. we did this in late 2018 though, so it may have been a worse experience prior.
EDIT: sorry it's KeePassDroid (https://play.google.com/store/apps/details?id=com.android.keepass&hl=en)
Seems there's a (fork?) called KeePass2Android where they rewrote it in Mono instead of Java, haven't tried this but good reviews and interface looks nicer. And seems to be a 3rd one in developpment with more features, but with a paid option so the free might get locked down upon release. All of them support kbdx files.
There's apps for KeePass too, such as KeePassDroid: https://play.google.com/store/apps/details?id=com.android.keepass
Remember though, with KeePass your passwords are saved LOCALLY to a file. It's not a password manager in the cloud.
Bitwarden has mobile, desktop, and browser apps. Authy has both mobile and desktop.
I've never found the need to access the passwords from KeePass on mobile, but you could use something like KeePassDroid if you needed it.
I, with virtually no knowledge of decryption, can bypass an Excel sheet's password protection within a few minutes.
Keepass has Android and iOS third party apps.
I use Keepass2Android.
Before I moved to LastPass, I was using KeePass Droid
It looks barebones, but it functions exactly how you'd want it to function.
I do the same, with keeping my file on my dropbox. From there I can access it on all my pc's, as well as my phone where I have KeePassDroid where I can access my passwords for logins on that device. Works splendidly.
I use KeePass on my machines for password management and password generation. I don't for sure the Android version generates passwords as well but it's worth a look.
>Or something that can just keep track of what accounts I have for different sites.
I use KeePassDroid. Free, minimal permissions, and as far as I know completely safe.
It doesn't sync to the cloud, but to me that is a feature not a deficiency.
I use KeePassDroid. Updates aren't exactly frequent, but that's also the case with KeePass and KeePassX on the desktop. It's also available on F-Droid.
This list is very partial, but those three are being used everyday, all day.
AdAway - Adblocker for Android. Works best with root.
KeePassDroid - Password manager, able to work with KeePass volumes
Greenify - ~~Intelegentally~~ Intelligently closing apps while i'm not using them. Works best with root.
Edit: Spelling. Because i'm so 'intelegenat'
There is dropbox integration!
I use KeePassDroid, I haven't really had any issues.
If you absolutely must encrypt your seed digitally, because you are too afraid someone might steal it or it burns down with your house and you're too poor to afford a bank safe deposit box, then at least use open source software specifically written to encrypt data.
On Windows, use Keepass. On MacOS and Linux, use KeepassX.
Also, let Keepass/KeepassX create your password for you and write that down on paper, twice, and secure it in two different locations, independent of the encrypted keepass-file. So if someone steals the paper with the password, he can't do anything with it, if he gets his hands on the keepass-file, he can't do anything with it either.
However, the risk of a layman, you know, someone who thinks that MS Word is an adequate program to encrypt data, fucking this up somehow, is at least 1 million times larger, than someone breaking into your house and stealing your 12 word seed on a piece of paper with your other documents, instead of the jewelry, prescription medicine and cash.
Edit: A little addendum: Don't use Keepass or KeepassX on your desktop computer. Use MiniKeePass on your iOS device, or KeepassDroid on your Android device. It's the same sort of software, even follow the same standards, but smartphones and tablets are much more secure than standard desktops.
Use http://www.passwordcard.org/en for a proper big master password (remember that you can go in a circle, backwards, diagonally or anything else, not just left to right). With this master password set up http://keepass.info/ and use different passwords that are as long and complex as you want (it has an integrated password generator and a huge amount of additional plugins) for everything. Now put the DB on dropbox or something similar and get https://play.google.com/store/apps/details?id=com.android.keepass&hl=en for android or an equivalent for iOS. Give it one or two weeks and you'll be able to type the master password for keepass without looking, even if it's 25 characters and includes special characters and numbers.
Yes. I do this. The Android App (there are multiple available, but I have used this one for years) will open the db file, and key file should you use one, from any location on your device. I cannot comment on iOS, but there are options to try.
Edit: I may have misunderstood you. I do not currently use the extension so I don't know how it plays with using mobile and desktop apps elsewhere. I hope I have not confused the issue for you.
What I do is to put the keychain file on Dropbox, and then it synchronises to my phone and all my computers. If strangers get the file, it's totally fine - it's encrypted by your strong password.
I run Keepass (please don't be put off by the not-so-modern website...) on Windows, and KeepassX on Mac/Linux. On my iPhone I use MiniKeePass. I've heard KeePassDroid is a good Android program for this file.
> Assuming I end up needing to use a 3rd party computer to access my info (for some odd reason) I assume I would be SOL w/o the program to remember my password correct?
Yeah, that is a problem. For me, it's pretty ok to use things on my iPhone when I'm on the go. Haven't really had the need to use other peoples computers for this. Still it is worth it though. Reusing the same password is the worst possible solution. That's because online services get hacked all the time, and you don't want to put all your eggs (data) in one basket (the online services database). Storing it locally is 100x better.
Encrypted database is synced with Dropbox (can use pretty much anything really), desktop client supports super easy synchronization when database is updated elsewhere. On iOS MiniKeePass is absolutely fantastic (and also open source), Android is where it's kind of crap though.
KeePassDroid is about the only app that exists (although Keepshare looks interesting), and is also open source.
As far as integration though, ctrl-alt-a works quite well for autotyping. There are browser extensions if you really want them, but they aren't needed.
Those are noble goals and agreed about Apple's closed source ecosystem.
However, counterpoint: iOS is actively in use by something just shy of a billion handsets. So the amount of attention paid to potential vulnerabilities of components in iOS (e.g. Keychain) is extremely intense. Because (a) that's a lot of eggs in one basket -- Apple users stay updated and most run the same iOS version exactly (b) iPhone users are the highest per capita income users (c) if you breach something like Keychain you get more than just site passwords.
Keepass (no fault of its own) has a user base that is a drop in the ocean compared to iOS. I'm not sure to what extent that it's fuzzed or been looked at by an org like project zero. Adding to this, "Keepass" is more of an ecosystem than a product. It's generally referring to a database format. The ecosystem consists of two different official Keepass branches (1.x and 2.x), and roughly some 30-odd unofficial ports.
So let's say, you've got a MacBook, an Android device, and a Chromebook. Official Keepass binaries only exist for Windows.
Prima facie, in that arrangement, a scenario where you have to install 3 apps from 3 different parties -- out of a total of 8 options -- and none of them officially associated with KeePass. That's 3 parties you have to trust with all of your passwords.
I've been downvoted before for generally pointing this out about KeePass. People seem to think I'm talking shit about KeePass, I'm just pointing out the risk assessment. I'm not saying the KeePass ecosystem is bad, or that any of the authors might have bad intent. But mistakes do happen, and a lack of oversight may lead to bad results.
You could do that scenario above differently: you could go with something like https://masterpassword.app. I'm not advocating anything ... but basic aspect of risk assessment means limiting your exposure by limiting the number of third-party dependencies.
Is it this one?
> Îmi schimb parolele des și le uit după
https://www.keepassx.org/ (sau https://keeweb.info/ - UI may fancy)
L'app principale è per PC, ma c'è anche la versione per Android.
Entrambe sono OpenSource e quella per PC ha passato anche audit di sicurezza.
C'è anche una versione stand-alone web, cioè un'unica app HTML+JS, sempre opensource, da usare su dispositivi in cui non puoi o non vuoi installare applicazioni.
I'm storing my database in my Dropbox so it is synced between all my devices.
Apps: KeePassDroid, MacPass, KeePassX (Ubuntu)
keepass set it up on my pc, then moved the database over to the phone. https://play.google.com/store/apps/details?id=com.android.keepass&hl=en
Using an offline password manager like keepass is a no brainer.
Companion mobile app
Write the master password in a paper diary and never in an electronic form anywhere.
Use diceware to generate strong, but readable passwords;
Use ironvest to have 1 masked email per website with which you register. The emails will get forwarded to your real email. If any website spams you, you can disable the email forwarding, or even delete the masked email.
PS: back up your kdbx file on an air-gapped storage medium like a USB stick and/or an external hard drive.
KeePass is free -- a great deal! There are many alternatives that can also use the KeePass database, like AuthPass, KeePassDX or Keepass2Andoid.
Plenty of discussions here (and elsewhere) about those issues, though not organized with each aspect as a top-level post.
I like KeePass related ones, like KeePassDroid, AuthPass, KeePassDX, or Keepass2Android. Right now I'm using the last one, K2A.
KeePassDroid - v220.127.116.11 - https://play.google.com/store/apps/details?id=com.android.keepass
Exodus report - https://reports.exodus-privacy.eu.org/en/reports/184794/
Keepass2Android - v1.08d-r5 - https://play.google.com/store/apps/details?id=keepass2android.keepass2android
Exodus report - https://reports.exodus-privacy.eu.org/en/reports/164850/
Open let update. Than BLOCK - Data & Wifi !!! Than its Safe to use. Passwords to be kept on your Cell or Tablet !!
Can't help specifically, but I can add that I've had trouble using KeepAss w/ Android int he past (I use Dropbox to sync the KP database, but same idea) and the issue isn't with the syncing method so much as KeePass itself. There are some android apps that manage it better than others, but I personally avoid making any changes to the DB via phone just to be 100% sure.
FWIW the app that didn't sync correctly was:
The one that supposedly does (but I don't dare verify...) is:
GENERAL ADVICE: Use a password manager. I use KeePass, it's free, and I just store my password database in my Dropbox folder and keep Dropbox synced across all my devices, (except my ps4 which doesn't support Dropbox, so I use the PlayStation Second Screen app on my phone to type passwords on my ps4,)
You can use subscription services like last.pass, which does the syncing and cloud storing of passwords for you, but with a free Dropbox account, it isn't work the cost in my opinion.
It's seriously worth it. I don't even bother remembering my passwords, (except the one I use to open my KeePass database. Seriously, my Facebook password is like 128 characters, my Netflix password has characters I don't even know how to type.
>KeePassDroid - Android Port
>KeePassXC - for Linux and macOS
> a site that tracks some of the largest known data breaches. Enter your email and it will tell you if it was found in a data breach as well as what other data were compromised.
Obviously you should do a Google search to research all the resources I've provided, but these links are a good place to start.
KeePass Droid https://play.google.com/store/apps/details?id=com.android.keepass
Encrypted password database.
I sync my database for this to the cloud to access all my devices and I use this to access on my phone
I'd recommend KeePassXC for desktop and KeePassDroid or KeePass DX/KeePass DX Pro for Android. I'm not on iOS so I don't know what's best on that platform. KeePass DX is also on F-Droid.
You can use an auto-syncing cloud storage solution like DropBox to sync your DB across devices. For extra security, manually add a keyfile of your choosing to all devices but don't sync it to the cloud.
KeePassDroid or Keepass2Android are your best options. Try both and stick with whichever one you like more. (My preference is actually Keepass2Android Offline.)
Do you have any experience with KeePassDroid?
Is it this app?
What Android app(s) do you use? I've found a few different ones:
KeePass2Android Password Safe
I use this one
Is LP fast to respond to published exploits? Sure. Did they already fix this one? Yes, just today. But how do we know how long this exploit was viable? For all we know, this exploit could have been in the wild for days, months, even years before Tavis Ormandy identified it. If they went through source code audits, and/or shared their source code with the community for review, we would be able to verify their code doesn't have flaws, and identify these exploits much much sooner.
If you want to entirely trust that system, that is your prerogative - but you shouldn't be selling people on how secure it is without proof. Simply stating that it uses encryption, and then repeating their advertising line of "it doesn't store your master key" is misrepresenting the realities.
There is literally no reason for them to not have independent source code audits and/or release their source code for review. And until they do, there is no reason you or anyone else should trust them with your vital information.
I converted my Senior Father to KeePass in under 15 minutes, and he hasn't had any issues using it:
I use KeePassDroid on Android. The UI looks sort of basic, but it works for me just fine
Ik zelf gebruik KeepassDroid. Als je de database file van dropbox download op het apparaat, kan je hem gewoon openen.
I tried your it but it did not work for me. I have to mention that I was using KeepassDroid ARC Welder though.
>This list is very partial, but those three are being used everyday, all day.
>AdAway - Adblocker for Android. Works best with root.
>KeePassDroid - Password manager, able to work with KeePass volumes
>Greenify - ~~Intelegentally~~ Intelligently closing apps while i'm not using them. Works best with root.
>Edit: Spelling. Because i'm so 'intelegenat'
Not sure if it's relevant but the latest update of Google Drive breaks the Keepass app for me, every time I try to open my database within Google Drive it gives me an error about not being able to open/download it, or if I try to open it from Keepass my database in Google Drive is grayed out.
I remove the update and it's working again.