Intelligent and straightforward password manager: KeePassXC, compatible with Windows, Linux, and macOS systems. The correct choice, storage, and management of passwords are one of the most critical aspects. The risk of exposing yourself to data theft and theft of your digital identity is discernible.
To avoid exposing yourself, it is essential to avoid using short, easily “guessable” or not very complex passwords (which do not also contain numbers and symbols). Also, it would help if you never reuse the same passwords across multiple online services and applications: see Creating a secure password – today is World Password Day.
Some services offer the possibility of activating two-factor authentication or even multi factor authentication: at least on services with which personal information or sensitive data are managed, it would be essential to enable it (see Two-factor authentication active from 7 July on all Google accounts and Google Authenticator: what it is, how it works and how to move it from one device to another ).
As a second factor, to be used with a username and password, it is possible to use the practical FIDO2 USB, Bluetooth, and NFC keys, which can also be purchased cheaply on Amazon Italy: Account security, how to improve it with FIDO2 keys.
Manage Passwords Safely And Efficiently: KeePassXC
In the article Storing passwords and managing them between collaborators with Psono, we presented a solution to be used on-premise in the professional studio or the company.
Professionals and private users can evaluate the use of KeePassXC, a “cross-platform” password manager (i.e., compatible with different platforms: Windows, Linux, and macOS) distributed as an open-source product under the GNU GPL license ( this is the presentation of EFF, Electronic Frontier Foundation ).
KeePassXC is one of the best solutions for password management because, unlike the many products available on the cloud, the user retains complete control over their data and is fully aware of the security measures for protecting the information used locally. Born as a derivative version of KeePass, another software we have presented several times, KeePassXC shows many similarities with the original application.
The main difference is that KeePassXC can count on a much more active community in software development: a plus that translates into more frequent updates, bug fixes, and the addition of many new features. The program allows the creation (locally) of a secure and encrypted database to collect the stored passwords.
KeePassXC allows you to generate, open, and save databases in KDBX format, compatible with the original KeePass software. The database can be used to save usernames, passwords, and other kinds of personal and sensitive data with the possibility of organizing them into groups. The integrated search engine also allows you to find the credentials of interest as quickly as possible.
KeePassXC integrates a password generator that allows you to create, as needed, complex and secure passwords to be used on your favorite websites. The program also allows you to check if the passwords are safe by ensuring that they are not in the hands of cybercriminals following some attack. The well-known and appreciated Have I Been Pwned service is used for verification: Violated or insecure passwords: how to verify your ownership.
This password manager integrates directly with major web browsers, such as Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor Browser. As we saw in the article Account security, how to improve it with FIDO2 keys, KeePassXC also allows you to use the YubiKey and OnlyKey keys as tokens for accessing password databases.
It also allows you to choose between AES-256, Twofish, and ChaCha20 encryption; it can also be managed from the command line (as well as from the practical graphical interface) and can also interface with software that establishes SSH connections by keeping the associated keys and passphrases in total security .
During installation, KeePassXC asos ( Autostart option KeePassXC on login ) if the program should be automatically opened each time Windows is accessed. In contrast, on the first startup, it is asked if you always want to check for any updates. You can then choose whether to create a new database to store your passwords or import them from KeePass, 1Password or a CSV file, for example, whether to export from a browser: How to export and import Chrome passwords.
The process of creating a new database is straightforward: you have to give it a name, choose the security options (even the time required to open the encrypted archive: the longer it will be, the greater the level of protection guaranteed by KeePassXC), the password or master keys used to defend the contents of the database. In addition to the password, it is possible to protect the password database with a “key file,” which must be jealously guarded and which, in any case, will be necessary to access the encrypted archive (make a copy of the “key file” to prevent it from being damaged).
Furthermore, as mentioned above, the KeePass database can be protected with a YubiKey key. Once the KDBX file is stored (the %userprofile% folder is presented by default ), you can start saving all your credentials. Too bad that today KeePassXC is not compatible with Android and iOS mobile devices. As suggested by the developers themselves, on the two platforms, it is possible to use the KeePass2Android and Strongbox apps (both published in the form of open-source products on GitHub).
We talked about Android in the articles Android password management: how to do it and Password management: how to do it safely . To access the KDBX databases from Android and iOS, you will need to share a folder on the local network within the LAN or connect to the same resource remotely through a VPN connection. In both cases, any app that supports the SMB protocol can be used from mobile devices.
Alternatively, you can share the password KDBX file through a cloud storage service such as Google Drive, Microsoft OneDrive, or Dropbox. Most (as we do, on the other hand) will turn up their noses: at the limit, you can store the file inside a volume encrypted with Cryptomator, available not only for Windows, Linux, and macOS but also for Android and iOS.