 KeePass Help Center
|
 KeePass Home |
 Downloads |
 Translations |
 Plugins |
 Donate  Help Center Home |
 Forums |
 Awards |
 Links |
 |
TrustSome arguments for trusting KeePass. |
Open Source
KeePass is open source. For some thoughts on why open source is a requirement for good security software, we recommend to have a look at this article by Bruce Schneier (a well-known security expert): Crypto-Gram: Open Source and Security.
Reviews
The KeePass code has been reviewed by many people.
- There are various KeePass-compatible applications and ports for other operating systems (Android, iPhone/iPad, Windows Phone, etc.). These are created by other developers and most of them do not use the KeePass code directly – they have written their own code to load and save KeePass database files. These developers would have noticed design errors in the database format and bugs in the load/save routines of KeePass, if there would be any.
- Similarly, some plugin developers have deep KeePass knowledge.
- Up to February 2019, KeePass 2.x has been downloaded over 45 million times and KeePass 1.x has been downloaded over 15 million times from the official website. It is likely that a few users were developers who also examined the source code.
Recommendations/Certifications
- KeePass is the recommended password manager in the
BSI Cyber Security Recommendations BSI-CS 003 2.0
by the German Federal Office for Information Security
(Bundesamt für Sicherheit in der Informationstechnik). - KeePass is
recommended
by the Swiss Federal Office of Information
Technology, Systems and Telecommunication (FOITT/BIT) and the
Federal IT Steering Unit (FITSU/ISB).
It is installed by default on all PCs of the federal administration of Switzerland. - KeePass has received the
Certification de Sécurité de Premier Niveau (CSPN)
by the French Network and Information Security Agency
(Agence Nationale de la Sécurité des Systèmes d'Information, ANSSI). - KeePass is on the list of recommended free software for the public sector of the French Etalab (public administration).
- The European Commission has sponsored bounties for finding security vulnerabilities in KeePass 2.x (EU-FOSSA 2 project, details on the Intigriti page) in 2019-2020. A few minor issues were found and fixed.
- KeePass has been audited in the European Commission's Free and Open Source Software Auditing (EU-FOSSA 1) project. No security issues were found, see the Project Deliveries (KeePass Summary and the full Code Review Results Report).
More links to ratings and awards can be found on the Ratings page.
This shows that security experts trust KeePass.
