App sandbox can be easily extracted from phone backup. No jailbreaking, just standard backup and a free tool.
Also, "Please remember this Pass Code" does not fit in smaller screens (iPhone SE 2016). You might want to enable word wrapping on those labels.
Thank you for your view.
>I don't see how calling forks forks belittles forks authors
Calling forks forks is absolutely fine in my book, too. I take issue with independent apps being called forks, though. The term "KeePass fork" implies the app includes a substantial amount of Dominik's code. Which is false for most apps in the sidebar.
>where you got this information that Kee Pass forks don't include Kee Pass code.
I wrote two of them and read KeePass and KeePassXC code while doing that. The only common ground between these apps is the database format (cf. Chrome and Firefox argument above)
>So what is this war of words about ?
Hurt feelings, I guess… Getting called a "KeePass fork" makes me, ahem, aggrieved :) But I don't mean to continue, we both have better things to do.
Hi, KeePassium dev here.
>keepassium doesn't realize I just made a new account or whatever and doesn't ask if I want to save that password as a new entry.
On iOS, only Apple's own iCloud Keychain is allowed to pick up your credentials from a login form. For third-party apps, you would need to open AutoFill and add/generate the entry there. KeePassium does not support this just yet, but this is in my todo list.
> is there another app I can use on iOS that is more like what I'm looking for?
Here is the list of all KeePass apps for iOS I could install and check. They have different priorities on features, aesthetics and pricing, so you can find the one you like most.
>it just feels clumsy to use
Hmm, that's new :) Can you describe what exactly feels clumsy?
Like most things Apple related, privacy is rather difficult to achieve. The only open source KeePass app on Android with autofill and sync is probably Strongbox.
Along my search I found this KeePass tool, with a developer who badmouths a couple competitors ibetween saying he can't release his app's source code and saying "you can't" trust him.
The solution can be found here:
Have a look at: https://keepassium.com/articles/migrating-from-1password-to-keepass-keepassxc-keepassium/
And of course Keepassium is a good iOS app at all.
Some people used iCloud Keychain AutoFill together with KeePassium. This caused quite a bit of confusion and trouble. In the previous release, I blocked input from iCloud Keychain (and other AutoFill apps in general, there is no way to differentiate). In this release, it is possible to enable that back again, for those who really need it.
There is more detail in the blog post.
I sync my KeePass database to Google Drive on my two Windows machines using the KPSync plugin.
On my phone and tablet (iOS) I use KeePassium, which provides supports for syncing the database from the same file on Google Drive.
This allows all of my devices to sync against a common KeePass database file stored on my Google Drive.
Hi, couple suggestions:
KeePassium works with YubiKey and its implementation is compatible with KeePassXC: How to use YubiKey with KeePassium/KeePassXC. So the answer is yes.
I used both KeePassium and Strongbox for quite a long time (after MiniKeePass).
Both are nice. In my opinion, Strongbox has more features while KeePassium feels more polished and "stable".
Whereas none of the addl' features of StrongBox are super important to me. I even have a hard time naming an important one (xcd password generation? Builtin dropbox support? opening file as readonly?) ... except one: Field references. But the Keepassium author has already mentioned he's working on them.
Similarly as for you, subscription is not an option and 41$ for StrongBox is a bit on the too high side for me. Typing in my long master password got too annoying after some time in the free version though.
I think I will stay with KeePassium and get the 1-year subscription with lifetime fallback license. It is less than half the amount of Strongbox and I really like this concept with the fallback. I personally like the layout better as well.
You can find another biased comparison on https://keepassium.com/articles/keepass-apps-for-ios/
> What does it mean to open the list of databases?
You need the screen titled "Databases". KeePassium either starts on this screen, or you can get there by tapping "< Back" or "< Databases" in the top-left corner.
I was going by https://keepassium.com/articles/keepass-apps-for-ios/ where some of the products were listed with questionable ethics (forking without attribution, etc.) - it seemed that if someone was not running squeaky clean in this regard, it appeared a bit risky to trust my data to them unless I was doing the builds and paying Apple $100/yr to publish my own variant. Some day I will decide to pay for KeePassium since I am impressed with their openness but I have been impressed with AuthPass as well and will keep with it for now.
You are right, with safe saving the creation timestamp would have changed.
To be honest, I am running out of ideas. As a last resort, try the beta version — there were some deep changes in how KeePassium works with files. I don't expect miracles, but who knows…
Thanks for the help. Looks like it only works now if I'm saving from keepassXC to Keepassium, but NOT from keepassium to pCloud. When I make a change on the databse using Keepassium, it saves successfully, but when going in the files app, it shows the file uploading then gets stuck on "waiting...". When looking at my cloud provider, it seems that the file hasn't been uploaded and as such, the changes made on keepassium are not reflected on my workstation.
I went through the documentation for pCloud and troubleshooting. Do you know why this happens? Thanks again for the help :)
30-40 MB is way too large. The troubleshooting page gives 5 MB as a reference:
> By default, KeePass apps compress database content before encryption. Thus, even if the file is relatively small (5 MB or more) it will need much more memory to load.
It might still work sometimes (the system enforces the memory limit rather unpredictably), but for stable work you would need to move attachments to a separate database.
>Your database will lock after I think a maximum of 30 Minutes, whereas a few updates back you could still set it to unlimited on the free version
This accusation keeps popping up once in while and it is still false.
Database lock timeout is unlimited by default. Free version has a documented anti-abuse feature which caps the DB timeout when the app is used long and often. This was intended as the main reason to get premium, but proved problematic to explain. As an experiment, I silently lifted that limit in August. Ironically, people still complain about it :)
Just to wrap up: memory protection with Secure Enclave was released in 1.28 on 26 Nov 2021, after a month of beta testing. There were a few other security improvements, too :)
>Face ID is also not free in Keepassium.
This is not true. One can use the free version of KeePassium so that after a Face ID scan it would open the database. Which is what most users want.
For the technical users, unlocking a database with Face ID does not make much sense, so I also clarify how this works behind the scenes. Face ID can only give a binary answer whether the user looks familiar or not. The database, in turn, can be decrypted only with a master key. So KeePassium stores the master key and uses it to decrypt the database when the user unlocks the app (with Face ID).
The caveat u/smarthome_fan refers to is that the database lock timeout options are limited in the free version. By default it is "Never", so that the database is never closed automatically. However, if one uses the app long and often, the timeout is automatically capped to 5 minutes and the user would have to unlock the database manually more often.
This way, the availability of convenience features is not paywalled — it depends on how heavily you use the app. Business and expert users still get a reason to purchase premium, while the app remains obstacle-free for beginners and casual users.
But interestingly KeePassium has full support for pCloud on their iOS App. Why is that so?
And how are they doing it without API provide by pCloud.
Hello!
First of all, good news: you can still extract your data from MiniKeePass even if it does not launch.
As for entry sorting, try the button in lower-left corner of the screen :)
didnt realise you were asking about ios but first hit on ddg for "keepass on ios" is "8 best KeePass apps for iOS" (url: https://keepassium.com/articles/keepass-apps-for-ios/ )
keepass is not just one app; it's more a file specification which many apps adhere to and interoperate with. for example I use keepassXC on linux and keepassDX on android, and their UI is completely different (more than just the obvious difference between desktop and mobile)
>That would be a handy feature to implement (if possible)
KeePassium already makes backups, but only locally on device (which can be lost or broken). The rest is up to system-wide backup (iTunes/iCloud). After all, KeePassium is a password manager and I'd rather keep it focused.
>so people don't have to make manual or scheduled local backups using other means.
I would argue that forcing people to consider backup using several means is probably a good thing. Any single app can fail, so the more failsafes the better...
>Absolutely love it. Thank you for developing a program that helps simplify life. My only regret is not finding out about Keepassium sooner. You guys are excellent developers and hats off to whoever designed the UI, it's wonderfully intuitive.
Thank you! As a one-man band, I am flattered :)
Thank you for your feedback. I understand these features are important for some users.
Since you commented in another topic, you have probably seen my previous reply:
>Unfortunately, I cannot publicly commit to any specific timeline. Life happens, and the best way to keep promises is to make them very sparingly...
All features are added only when they are ready. For the ones you mentioned, the groundwork is underway. To get them as early as possible, feel free to join KeePassium beta.
The general idea is to store your database in a cloud-synced folder (Dropbox, OneDrive, iCloud Drive, etc) and open the file directly from there. This way, whenever you add an entry on one device, the updated database will be synced to your other devices. So the next time you open the database (on any device), it will include the new entry.
An important note: avoid opening/editing the database simultaneously on several devices. This might cause sync conflicts. Nothing severe: you would get your latest entries distributed across several "conflicted copy" databases in Dropbox. Merging them back into the same database might take a few minutes, but prevention is easier.
Related: How to sync KeePassium using Dropbox
> it doesn't require the yubikey at all any more so anyone who has access to my phone could get into the app and access my vault.
2FA is for login only on password managers. It exists to prevent people from downloading and decrypting your vault with just your email and master password and it does a pretty decent job at preventing that.
It does not make sense to have 2FA every time you unlock your vault, it will get annoying very soon and even then the apps you log in to will save your login information until you manually log out. Such inconvenience makes it tedious and therefore less secure (e.g., like how people use sticky notes for passwords when annoying polices like expiring passwords are implemented).
The way most YubiKeys are set up, it is not easy to encrypt and sync passwords with a YubiKey. In the case of Yubico OTP based 2FA, the LastPass server just verifies the OTP, and does not use it for encryption. But your biometrics are actually used to "unlock" (i.e., decrypt) the encryption keys stored in the Keychain in phones (Secure Enclave in Apple, StrongBox in Android and TPM in PCs). It is in fact 2FA since your device itself is one factor and your face another.
Now, if you want a solution that actually uses the YubiKey for encryption and decryption, you'll have to use something more advanced (without online features) like Keepassium, but as their FAQ says, you cannot use a YubiKey for autofill at all unless you cache the decryption key - which is basically what FaceID does. So it's really not useful, you'll need to copy the password to your clipboard - not really ideal.
Thanks for building a macOS app. Seems to be working even on my old 2012 MacBook Pro with unsupported Big Sur installed. Right now I am testing KeePassium on iOS and macOS since I want to get rid of having my passwords in the cloud. I am using Windows and macOS, that's why I wanted to work with KeePass. At the moment, KeePassium is not working that good with Synology Drive on iOS, but you already mentioned that (https://keepassium.com/articles/sync-ios-keepass-with-synology-nas/).
Now a question for this topic. Since I am testing and also having my passwords in iCloud Keychain I want to turn off the iCloud passwords like you can on iOS. Is it possible to do this on macOS? I only see an option for turning off Autofill completely.
>When rclone will be added ??
As soon as rclone has an iOS app that integrates with the Files app. KeePassium does not implement any service-specific synchronization, it integrates with the Files app.
Thanks. Yeah, YubiKey is firmly an "advanced user" territory which requires premium...
There are two points that might be helpful:
>Why does it happen?
Having multiple copies of the database is a symptom of sync conflicts. Which usually happen when the database is simultaneously opened/edited on several devices. Or if the database was edited on a computer and a phone, while the phone was offline. As a result, your cloud provider has several versions of the file, all claiming to be the next "database.kdbx".
KeePass is not well-suited to handle simultaneous multi-device editing, hence the sync conflicts. The best solution to avoid them is to open your database on one device at a time.
>otherwise Keepassium just kept using some old cached datebase
I guess Dropbox devs expected this, because there is a "Clear Cache" button in Dropbox settings. Try it, it might fix the issue.
>So in theory the concept of Keepassium to let the dedicated apps in combination with ios files handle the syncing is nice, but in practice it seems so lead to issues at least for me.
Yes, unfortunately the concept of delegating synchronization to specialized apps has issues. Quite a few cloud apps have specific quirks (no caching, broken caching, no background sync). And since their quirks end up in KeePassium, I receive complaints about every breaking update in OneDrive, Google Drive, Synology apps...
There is not much I can do about bugs in other apps, except to catalogue and document them. Here's the list of supported sync providers (and their known issues).
Here's a step-by-step guide for Google Drive sync.
There is also the full list of supported storage providers. (Make sure to check their known limitations.)
Most of apps that integrate the WebDAV server to the Files app. Boxcryptor seems to be the most reliable in terms of background sync, but it does ask you to create a (free) account.
And just for completeness: How to sync KeePassium via WebDAV
> I find it frustrating that there are only two clients (Keepassium and StrongBox) that are using a paywall for basic features like login with Biometrics without having to type your master password every hour.
There are many more KeePass apps for iOS. Those that are free are long abandoned (MiniKeePass, iKeePass, etc). With cheaper ones, you pay with your privacy (Google ads), peculiar usability or non-existent support.
Quite a few users were happy to pay for an ad-free, well-polished and maintained app. Until a couple of years ago, there were no such apps. Now there are.
> if there are any plans to build an iOS App either from the team or from someone else that is open source and allow users to have full control over the functionalities of the App?
The "team" of KeePass is Dominik Reichl, he is not planning a mobile app. KeePassXC team also does not plan a mobile app. "Someone else" have produced KeePassium and Strongbox. They are open source, you can build your own copy with whatever functionality you like. Or you can save yourself the time, purchase a premium version — and even support further development and maintenance of these apps.
Key file extension does not matter. At all.
If the file looks like XML, the app will try to parse it. If it looks like a hex string with 64 characters, the app will try to parse them, too. Any other content is considered to be raw data, which is hashed into the required 32-byte array using SHA-256.
Source: I am developing KeePassium for iOS.
Thank you for the follow-up! This is a relief :)
> Still it is strange that it happened on both phones at the same time.
Well, the passwords were probably changed a while ago (you can test this on backup files). So the question is why KeePassium asked them both to enter the database password.
I can offer two hypotheses:
Anyway, I am glad this ended well!
Hi, thanks for reaching out!
The reason is that current KeePassium version does not process .keyx files correctly. It takes them as a generic "raw binary" file, instead of parsing the actual key inside.
Support for .keyx files has been added in the latest beta, which is in beta testing at the moment. If everything goes well, it should be released on the App Store in about a week.
In the meanwhile, you can switch to a non-keyx key file or go beta (but make sure to backup your database, just in case).
"CR mode" stands for challenge-response mode.
Here's how to use KeePassium with YubiKey.
NFC can be grayed out if NFC is not available (iPhones before 7 and all iPads).
Synology Drive is a special case, they have a known issue with caching.
I have reported the bug to Synology (ticket 2604475). On 1 Sep 2020 they replied:
>Upon further inspection, our developer confirmed that on some occasions, when using the iOS Files app to browse files on Drive, it does not show the latest version of the files.
>
>They are currently working on a fix that will be released on a later date.
This is a common issue after iOS 14 update — it breaks KeePassium's links to files. So if you updated recently, this would explain the "why".
If you store your database in On My iPhone(iPad) / KeePassium, the problem is likely limited to AutoFill. The app itself should work just fine. (The main KeePassium app and its AutoFill module have separate/independent file lists, due to a technical limitation on iOS.)
The solution is listed in the error message: re-add your database. That is, go back to the list of databases, tap Plus button → Open Database, and select your database. This will re-link the file to KeePassium and it should work again.
If you cannot find your database in your folders, you can try to restore the file from KeePassium's backup copy:
Not sure what else to say. It uses the files app. Here is a blog post on the error. Maybe it will help.
Just to be clear: I am KeePassium's developer.
Of course, classical "rent" type subscriptions are unfair to the users: once you stop paying, you lose all the premium benefits.
That's why KeePassium has a special perpetual fallback license. Whenever you purchase an annual subscription, you also buy the current version of the app. So instead of renting the app, you periodically buy premium updates. The difference is that if you cancel the subscription, you get to keep what you paid for.
There is also a lifetime version (KeePassium Pro). Its license covers both the current app version and all the future ones, so it costs like several years of subscription.
I believe the subscription version is a better option both for users and the app. (Again, with KeePassium's subscription you buy the app and then, if you want to, keep buying updates.)
Nextcloud sync is a hit-or-miss experience: it works just fine for some users, for others it's pure frustration. That's why in KeePassium's AppStore description Nextcloud is mentioned with a "(with hiccups)" disclaimer.
>it's just that it appears to require the IOS NextCloud client to be opened, to do the sync.
Yes, this is a known issue of the Nextcloud app. There is nothing I can do about this on KeePassium's side...
>Maybe I just need to enable the NextCloud client as a background app
This would be the necessary condition. Background sync might have its issues, but it will certainly not work if disabled :)
Hi, sorry about that... I have replied to your email.
P.S. All the official contacts are listed on https://keepassium.com/contacts/ And the Twitter account should accept all direct messages now.
This pretty much covers all the aspects.
u/dev_jp, here's a brief guide on how to sync KeePassium with Dropbox. And there's also a nice KeePassium review + setup guide.
If something does not work as expected, can you please describe what you do, what you expect to get and what happens instead? Thanks!
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
For iOS check out https://keepassium.com/articles/keepass-apps-for-ios/. It's from one of the available apps developer but quite fair and unbiased. I personally use KeePass touch which does what I need
Not 100% sure that this will fit the bill, but KeePassium works with both OneDrive consumer and Business as per this.
I have not used it with OneDrive for Business, but for consumer account, you need to have sync established first via the OneDrive app and then no problems. In other words - the app does not make it's own connection to OneDrive; it hinges on the connection that OneDrive app creates (hence I'm not sure if this will do what you need).
Most Keepass clients on iOS don't even implement syncing due to the restrictions. There's only one which does a version of syncing and it's implementation is well, not very smooth. Read it yourself: https://keepassium.com/articles/cloud-sync-sandboxing/
iOS certainly has a filesystem. How else would it function? But most of it is inaccessible to the user. Compare this to macOS or Android.
There are some good alternatives. Take a look at this article.
>8 Best KeePass apps for iOS: An overview Finding a good KeePass app for your iPhone or iPad can be challenging. Some apps are no longer maintained, others lack necessary features. This article will give you an overview of the current options.
>Well I mean, it’s already got all my passwords :P
Sure, any password manager app requires some trust. But it should be limited to the minimum required to do the job.
For example, your password database might include your online banking accounts. But would you explicitly allow the app to access your bank for any reason? Of course not — a password manager should manage passwords, full stop.
The same with your server — a password manager can know the account details, but has no business accessing any of your files (maybe except a couple of .kdbx).
For KeePassium, this separation of concerns is a key design principle. KeePassium works offline. If you use a remote database, KeePassium asks for the bare minimum it needs — a permission to access that one file via the cloud provider's app (in contrast to full access to your whole cloud).
I'm not sure I understand the question, but maybe this would help:
Exactly! Touch ID is a shortcut for the AppLock, just like in MiniKeePass. This ensures you will have the access to the app if the fingerprint scanner fails.
Great job on figuring out the locking logic! Indeed, it can be confusing — there is even a FAQ page on how to unlock your database using Face ID/Touch ID (and it was the first FAQ article written for KeePassium :)
> I can’t seem to find keepassxc on ios. Do you have any recommendation for ios app?
Check out this comparison https://keepassium.com/articles/keepass-apps-for-ios/
> Should i keep password manager and authenticator separate?
Personally i would. The whole point of 2FA is that if your password is stolen then they still dont have access to your accounts. Bitwarden offers to save OTP in the password manager for paid users, idk about keepass. What you could do is keep the important accounts in a dedicated authenticator, that way you are secure, and less important accounts like Steam in bitwarden so its more convenient. But ideally you would want to keep them separate.
>Do you have any recommendation for authenticator?
For android, Aegis and andOTP. for iOS Tofu seems the most recommended one. FreeOTP is another one thats available on both platforms.
Be sure to backup your tokens every once in a while in case you loose acess to your device you are not completly locked out.
I guess, you are using MiniKeePass; it does not support custom icons. Moreover, it has been discontinued by the developers.
The good news: there are many MiniKeePass alternatives, and most of them have a free version.
Happy to be the first app to unlock this milestone for KeePass users!
Here's a "getting started" guide: How to use YubiKey with KeePassium/KeePassXC
Happy to be the first app to unlock this milestone for KeePass users!
Here's a how to guide for the initial steps: https://keepassium.com/articles/how-to-use-yubikey/
There's an overview of KeePass apps for iOS, feel free to try them all and pick the one you like more. (Disclaimer: it's written by KeePassium dev, that is me.)
Regarding the "one guy" argument... The truth behind Open Source apps is that most of them are a one-guy shop. Including vanilla KeePass itself. (KeePassXC is a nice exception).
If you need a safe long-term perspective, you'll have to look at commercial projects, as only they can afford a stable team. But then their product won't be open source...
> Keepass all the way.
If you're going to keep using KeePass, then I would recommend looking at KeePassium.
Here's two useful links:
I maintain a brief overview KeePass apps for iOS.
Disclaimer: I am making KeePassium, so my opinion is definitely biased. But there are direct links to all the apps, so you can install them and choose the one you like :)
If you have OneDrive Personal, that would be an obvious choice. If all your devices are made by Apple, then iCloud Drive. Otherwise, any of the supported clouds (except Nextcloud, it is a bit unpredictable at the moment).
>is there a possibility to buy KeePassium directly for 50$? If I have to buy it over in app, I have to pay 150$ for my family.
Not yet (in-app purchases don't work with Family Sharing), but I'm working on it. This should take a few days (more if Apple reviewers will need more convincing)
>I have installed nextcloud and can choose it with iOS folders, but I can't open the file. I can only open the file directly in nextcloud. But if I create a new login, it will not been shown in all vaults.
What happens when you select the Nextcloud-based file in iOS Files app? Do you get any error messages?
In general, Nextcloud sync is a bit problematic — make sure to check the known issues. The iOS 13 probably added a few yet-unknown ones, too...
Privacy policy of KeePassium (KeePass app for iOS) fits into one sentence:
>KeePassium does not collect any personal data.
Maybe that's how all of them should be? :)
Hey! Thanks for the suggestion. As I already mentioned, local caching will be surely considered as the app evolves over time. For the time being, you can copy the DB directly from the GDrive app, even offline (more details).
MiniKeePass doesn’t fully support the new iOS feature where it’ll fetch the password based on the site you app you are using. I’ve been beta testing this new app that has been really good https://keepassium.com/