Here are some "selling points" of KeePass. To get a first impression, you can also have a
look at some of the screenshots. If you don't know which
edition to choose (1.x or 2.x), have a look at the
editions comparison page.
Items prefixed with [1.x] only apply to KeePass 1.x, [2.x] only applies to KeePass
- KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish
algorithm to encrypt its password databases.
Both of these ciphers are regarded as being very secure.
AES e.g. became effective as a U.S. Federal government standard
and is approved by the National Security Agency (NSA)
for top secret information.
- The complete database is encrypted, not only the password fields. So, your user names,
notes, etc. are encrypted, too.
- SHA-256 is used as password hash. SHA-256 is a 256-bit cryptographically secure one-way hash
function. Your master password is hashed using this algorithm and its output is used as key for
the encryption algorithms.
- In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.
- Protection against dictionary and guessing attacks: by transforming
the final master key very often, dictionary and guessing attacks can be made
- In-Memory Passwords Protection: Your passwords are encrypted while KeePass
is running, so even when the operating system caches the KeePass
process to disk, this wouldn't reveal your passwords anyway.
- [2.x] Protected In-Memory Streams: When loading the inner XML format,
passwords are encrypted using a session key.
- Security-Enhanced Password Edit Controls: KeePass is the first password
manager that features security-enhanced password edit
controls. None of the available password edit control spies work against these controls.
The passwords entered in those controls aren't even visible in the process memory of KeePass.
- The master key dialog can be shown on a secure desktop, on which almost no
keylogger works. Auto-Type can be protected against keyloggers, too.
- Also see the security information page.
Multiple User Keys
- One master password decrypts the complete database.
- Alternatively you can use key files. Key files provide better security than
master passwords in most cases. You only have to carry the key file with you, for example
on a floppy disk, USB stick, or you can burn it onto a CD.
Of course, you shouldn't lose this disk then.
- For even more security you can combine the above two methods: the database then requires the key file
and the password in order to be unlocked. Even if you lose your key file, the database would
- [2.x] Additionally, you can lock the database to the current Windows user account. The
database can then only be opened by the same person who created it.
- Also see keys information page.
Portable and No Installation Required, Accessibility
- KeePass is portable: it can be carried on an USB stick and runs on Windows
systems without being installed.
- Installer packages are available, too, for the ones who like to have
shortcuts in their Windows start menu and on the desktop.
- KeePass doesn't store anything on your system. The program doesn't create any new
registry keys and it doesn't create any initialization files (INI) in your Windows directory.
Deleting the KeePass directory (in case you downloaded the binary ZIP package) or using the
uninstaller (in case you downloaded the installer package) leaves no trace of KeePass on your
- [1.x] KeePass requires GDI+ (which can be downloaded for free
at Microsoft's website). Windows XP and higher already include GDI+;
for Windows 2000 you need to install it, if it's not installed already.
No .NET framework is required.
- [2.x] KeePass requires the Microsoft .NET Framework (which can be downloaded for free
at Microsoft's website) or Mono. Windows Vista and higher already include the .NET framework;
for Windows 98 / ME / 2000 / XP you need to install it, if it's not installed already.
With Mono, KeePass also runs on Linux, Mac OS X, BSD, etc.
- Ports for other systems like Linux, Mac OS X, PocketPC, Smartphone, etc. are available!
See the downloads page.
- [2.x] Accessibility: KeePass 2.x features an advanced option that
explicitly optimizes the user interface for screen readers.
Export To TXT, HTML, XML and CSV Files
- The password list can be exported to various formats like TXT, HTML, XML and CSV.
- The XML output can be easily used in other applications.
- The HTML output uses cascading style sheets (CSS) to format the table, so you can
easily change the layout.
- The CSV output is fully compatible with most other password safes like the commercial
closed-source Password Keeper and the closed-source Password Agent, also the CSVs
can be imported by spreadsheet applications like Microsofts Excel or OpenOffice's Calc.
- Many other file formats are supported through KeePass plugins.
Import From Many File Formats
- KeePass uses the common CSV export format of various passwords safes like Password Keeper and
Password Agent. Exports from these programs can be easily imported to your KeePass databases.
- KeePass can parse and import TXT outputs of CodeWalletPro, a commercial closed-source password safe.
- KeePass can import TXT files created by Bruce Schneier's Password Safe v2.
- [2.x] Out of the box, KeePass supports importing more than 35 formats (see
- Many other file formats are supported through KeePass plugins.
Easy Database Transfer
- A password database consists of only one file that can be transferred from one computer to another easily.
Support of Password Groups
- You can create, modify and delete groups, in which passwords can be sorted into.
- The groups can be arranged as a tree, so a group can have subgroups, those subgroups can have
subgroups themselves, etc.
- Also see this screenshot.
Time Fields and Entry Attachments
- KeePass supports time fields: creation time, last modification time, last access time and
- You can attach files to password entries (useful to store PGP signature files in KeePass for example).
- [2.x] KeePass has a powerful internal viewer/editor for text files, images and documents.
You don't even need to export attached files to view/edit them!
For security considerations, see
Auto-Type, Global Auto-Type Hot Key and Drag&Drop
- KeePass can minimize itself and type the information of the currently selected entry into
dialogs, webforms, etc. Of course, the typing-sequence is 100% user-customizable, read the
documentation file for more.
- KeePass features a global auto-type hot key. When KeePass is running in the background (with
opened database) and you press the hot key, it looks up the correct entry and executes its auto-type
- All fields, title, username, password, URL and notes can be drag&dropped into other
Intuitive and Secure Windows Clipboard Handling
- Just double-click on any field of the entry list to copy its value to the Windows clipboard.
- Timed clipboard clearing: KeePass can clear the clipboard automatically some time after you've copied
one of your passwords into it.
Searching and Sorting
- You can search for specific entries in the databases.
- To sort a password group, just click on one of the column headers in the password list, you can
sort by any column.
- KeePass can be translated into other languages very easily.
- Over 30 different languages are available!
- See the translations page.
Strong Random Password Generator
- KeePass can generate strong random passwords for you.
- You can define the possible output characters of the generator (number of characters and type).
- Random seeding through user input: mouse movement and random keyboard input.
- Other people can write plugins for KeePass.
- Plugins can extend the functionality of KeePass, like providing additional import/export methods for
other file formats.
- Go to the plugins page for more information and plugin downloads.
- KeePass free and you have full access to its source code!
- Open Source prevents backdoors. You can have a look at its source code and
compile it yourself.
- You can yourself check if the security is implemented correctly, you can, if you want,
use any other encryption algorithm.
- Opening the sources also encourages other people to port the application to
other systems (PocketPC version already in development) or write translations.
- KeePass is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.