KeePass Review 2026

KeePass is the classic local-only password manager. No account, no cloud, no subscription: you keep a single encrypted .kdbx file and sync it yourself (Dropbox, NAS, USB, or nothing). First released in 2003, it has remained the reference for users who want zero dependency on a vendor. We use it for a fully offline vault and tested it on Windows with KeePassXC, plus the official Android app (KeePass2Android) and browser integration via plugins.

Who is KeePass for?

If you want no account, no cloud and no subscription—ever—KeePass is the one. You own the database file. You choose where it lives (local only, Dropbox, Nextcloud, USB). No company can see your data, lock you out or discontinue the service. The trade-off: you manage sync and (optionally) plugins yourself. There is no official family or business tier; sharing means sharing the file or using a third-party sync. Ideal for technical users, privacy maximalists and anyone who prefers files over SaaS.

Setup and import test

We created a new database with KeePassXC on Windows, chose AES-256 (ChaCha20 is also available), set a master password and an optional key file. Import from CSV was straightforward: we had a 80-entry export from another manager; KeePassXC mapped title, username, password and URL. A few entries needed manual URL cleanup. Total time: under 5 minutes.

We then copied the .kdbx to a Dropbox folder and opened it on another PC and on KeePass2Android. No conflict in our tests; we made changes on one device and re-synced. For true multi-device you need a sync method (Dropbox, Syncthing, NAS) and discipline to avoid editing the same file from two places at once without sync.

Autofill and daily usage

On Windows we used KeePassXC with its built-in browser integration (custom protocol). After enabling the integration, clicking the KeePassXC icon in a login field populated username and password. It worked on most sites we tried; a few with non-standard forms required manual copy from the vault. The workflow is less seamless than 1Password or Bitwarden: you often click once to focus the field, then trigger KeePass. No background autofill like cloud managers.

On Android, KeePass2Android offers an Autofill Framework integration. We enabled it and tested on 10 sites; autofill triggered in about 1–2 seconds. For banking apps we used the in-app keyboard or copy from the vault. Search in the vault was fast even with 80+ entries.

Security and encryption

KeePass supports AES-256 and ChaCha20 for the database. The master password (and optional key file) never leave your device. There is no server; no one can reset your password or access your data. The source code is open and has been audited. Plugins are community-maintained—stick to well-known ones (KeePassXC, KeePass2Android) for the best security.

No 2FA in the classic sense (no TOTP stored in cloud). You can use a key file as a second factor: store it only on devices you trust and never in the same sync as the .kdbx.

Plugins and variants

KeePassXC (Windows, Mac, Linux) adds browser integration, TOTP, YubiKey and a cleaner UI. We used it as our main desktop client. KeePass2Android is the most popular Android client; it supports the Autofill Framework and key files. On iOS, Strongbox or KeePassium open .kdbx files; sync is via iCloud, Dropbox or local. There is no official KeePass app from the original author for Mac/Linux/mobile—only community ports. This fragmentation is a downside if you want one vendor and one support channel.

Pricing and ecosystem

KeePass is free. Donations are welcome; there is no premium tier, no account and no upsell. You can use it forever without paying. The ecosystem (KeePassXC, KeePass2Android, Strongbox, etc.) is also free or donation-supported.

Where KeePass falls short

• Sync is manual. You must set up Dropbox, Syncthing, NAS or similar. Conflicts can occur if two devices edit the file before sync.
• No official family or business features. No shared vaults, no SSO, no admin console. For teams, 1Password, Bitwarden or Dashlane are built for that.
• UX is less polished than 1Password or Bitwarden. More clicks, more configuration. Non-technical users may find it daunting.
• No built-in breach or dark web monitoring. You would need to check haveibeenpwned or similar yourself.
• No official support. Community forums and documentation only.

How KeePass compares

• KeePass vs Bitwarden: Bitwarden is cloud-synced (or self-hosted) with an account; KeePass is local-only with no account. Bitwarden has a free tier on unlimited devices with zero sync setup; KeePass has no cloud, so you manage the file yourself. Choose Bitwarden for ease and multi-device out of the box; KeePass for maximum control and zero vendor dependency.

Our verdict

KeePass is the best option if you want full control of your password database and no dependency on a vendor. No account, no subscription, no cloud—just a .kdbx file and your chosen sync (or none). The learning curve is steeper than with 1Password or Bitwarden, and sync is your responsibility. For most users, Bitwarden or Proton Pass offer a better balance of ease and privacy. For technical users and privacy maximalists, KeePass remains unmatched.