1. 66
  1. 53

    Good to have it said authoritatively instead of the project’s status being unclear.

    1. 13

      Honestly with KeePassXC there is no real reason to use keepassx anymore. They’re so much further head in terms of features and usability.

    2. 21

      I prefer vaultwarden, but KeePassXC isn’t a bad alternative.

      1. 2

        I am a happy user too. Highly recommended!

      2. 5

        I’m glad the project maintainers verified the status quo, but I can’t help but think they are a couple years late and it would have been better if they had allowed some of the energy to go into co-maintainers instead of forcing a fork. Obviously in this case there was enough momentum to keep it going strong, but I also remember the couple years where it was unclear what was going to happen and the fragmentation was a turn off to everybody.

        1. 2

          What do people prefer between KeePassXC and passwordstore.org? Personally I use the latter but mostly because I found it first and have invested effort into setting it up. But I was thinking of switching because since keepass(xc) stores passwords in a single file it seems easier to manage across devices. (As opposed to pass where files for each website are generally separate.)

          1. 12

            I don’t care for passwordstore.org, because as you mentioned, it leaks the accounts you have to the filesystem. If your threat model includes a multi-user system or cloud storage, then this might be a problem. With KeePassXC, this threat is mitigated as every entry in stored a single encrypted database.

            EDIT: typo

            1. 8

              But I was thinking of switching because since keepass(xc) stores passwords in a single file it seems easier to manage across devices

              It’s multiple files with pass but it can be a single git repo, which I’ve found is a lot more useful since it can detect conflicts and stuff. Running pass git pull --rebase otherlaptop fits a lot better with my mental model and existing tooling than “just put it in and the program performs some unspecified merge algorithm somehow”.

              1. 5

                I’m using Strongbox on iOS these days. When I started using it, I was hesitant to pay for the Pro Lifetime version ($60), dictated by how well it would work for at least a year. I’m happy to say that it’s been exceeding my expectations for well over two years now, and I did end up paying for the lifetime version.

                1. 4

                  I used pass for a few years, but recently switched to Bitwarden. I did try KeePassXC, but didn’t like it because:

                  • For some reason it was using 200+ MB of memory. I think that’s a bit much for something that has to run in the background.
                  • Syncing would be a bit clunky. Technically you can stuff the DB in Git, but it’s not great.
                  • Qt applications under GNOME/Gtk WMs always look/feel a bit clunky

                  My main issues with pass were the usual ones:

                  • It’s free-form nature makes it a bit difficult to keep password files consistent
                  • You leak file names. This isn’t the biggest deal for me, but I’d prefer to avoid it if possible
                  • Not necessarily a flaw of pass but more of my setup: I had pass auto-unlock upon logging in. This is great for me, but also means any application can just run pass ... and read passwords.

                  Bitwarden is OK, though I really hate their CLI. There’s an unofficial one (https://github.com/doy/rbw) that’s nicer to use, but it doesn’t support YubiKey logins (https://github.com/doy/rbw/issues/7), so I can’t use it.

                  1. 1

                    Syncing would be a bit clunky. Technically you can stuff the DB in Git, but it’s not great.

                    I do both. I have issues with neither method. My only problem with having the full history available is that there is no rekeying the database, you have to change every password for it to make sense. Or maybe it’s only making me aware of the actual implications of leaking the db.

                    Qt applications under GNOME/Gtk WMs always look/feel a bit clunky

                    Working in a terminal 99% of the time, I have no issue with this. In my barebones i3 setup every GUI is ugly anyway. That irked me at first, but I learned not to care a long time ago.

                    1. 1

                      It depends on your threat model but I sync my KeePass file using cloud sync (Dropbox, Jottacloud, Syncthing).

                      Been doing this for several years and no issues.

                      What I like about KeePass is that it is available on so many platforms. So even using OpenBSD and SailfishOS, I had no issue finding clients.

                    2. 2

                      I’ve found passwordstore to be a great “clearing house” for importing from elsewhere even if it isn’t my final destination. I used it to export from 1Password and the Keepass family (which I tried but didn’t really like). I’m currently polishing off a script to import my password store to Bitwarden.

                    3. 1

                      Anyone have any suggestions for KeepassX/XC CLI’s or TUI’s? I like kpcli but it’d be nice to have better support for newer kdbx file formats. (My solution to the syncing and replication problem is to stick the password safe on a hardened little dedicated server and access it through SSH. Works great, apart from phones which I don’t need often.)

                      1. 1

                        Thank you to maintainers. I have been successfully using it for years.I’m a happy user of bitwarden now.