KeePassXC is one of the best password managers out there, known for its (intentional) lack of cloud-syncing. But just because it’s offline doesn’t mean it’s light on functionality. Here are some handy extras that will enhance your security and overall experience of KeePassXC.
Secret Key File
You can maximize your passwords’ security by using a “key file” as a multi-factor authentication method to open your KeePassXC database. Once enabled, in addition to your password, you’ll have to provide that key file. Even if you know the password, you won’t be able to login without an unaltered copy of the key file.
You can use any file as a key file, but using KeePassXC’s file generator is best since it’s guaranteed to be unique and isn’t something you’ll be tempted to edit. That’s critical because if the key file ever gets modified, KeePassXC will no longer recognize it as legitimate, effectively locking you out of your database.
If you didn’t create your database with a key file, you can always add one by going to Database > Database Settings and then clicking the “Security” tab. Click “Add Additional Protection” and then “Add Key File,” and KeePassXC will let you either generate a unique key file or browse for an existing one. Be sure to back up your key file with a copy in a secure location so you don’t lose access.
The ability to generate strong passwords rather than leaving you to create passwords yourself (or, worse, reusing old passwords) is a standard feature of any respectable password manager. However, you may not realize how much you can do with KeePassXC’s generator.
Since account logins often require (or don’t allow) specific types of characters, you can choose character sets to apply randomly to your password, like numerals, special characters, and even some baffling ASCII characters. By switching tabs, you can also generate random passphrases (seen in the screenshot above), which is perfect when you need a strong password that’s also easy to memorize.
Password Health Check
If you’ve imported passwords into your database rather than generating them all using KeePassXC’s password generator, chances are you have some less-than-secure passwords that need fixing. Fortunately, KeePassXC can automatically find these for you. With your database open, go to Database > Database Reports, and then click the “Password Health” tab.
As you can see, we had a lot of passwords that needed attention. Each is rated on a scale of 1-100, but it even drops into the negatives for reused passwords. You can double-click each one to open and start securing it.
You can also at any time click “Weak Passwords” in the lower-left corner of your database, or type
is:weak into the search bar. KeePassXC will list all of your accounts whose passwords it’s graded as “weak” so you can get to work securing those accounts with strong passwords.
RELATED: How to Check if Your Password Has Been Stolen
This one comes with a huge caveat: generating your TOTP (timed one-time password) codes in the same database as your passwords essentially defeats the purpose of TOTP secrets. Still, it’s better than not using any two-factor authentication (2FA) method at all since at least you’re protected from anyone who manages to learn your password without accessing your vault.
For maximum security, though, the best approach is to create a separate database for your TOTP codes with a password different from the one for your passwords. If you’re already using an authenticator app you like, you’re probably better off sticking with it. The only benefit it adds is avoiding needing a separate app for 2FA codes.
To start using KeePassXC for your 2FA logins, you’ll need to highlight an entry in your database and go to Entries > TOTP > Set Up TOTP, where you’ll be asked for the secret key provided by the account you’re securing.
RELATED: How to Turn on Two-Factor Authentication on Instagram
If you find yourself opening your KeePassXC database multiple times a day but don’t want to leave it open, you can make your life simpler by enabling the quick unlock feature. Assuming you’ve set up Windows Hello or, on a Mac, Touch ID, you can lock your database when you’re not using and unlock it again in a flash using your authentication method (facial recognition, fingerprinting, PIN, etc.)
Most people have dozens or hundreds of passwords to manage, so finding them all can be a pain. Grouping your passwords, though, makes them not only easier to find, but also easier to apply group rules. For example, you can set every new entry in a group to automatically get a specific icon, or to use a custom auto-type scheme by default.
To get started, just click Groups > New Group in the top menu bar and give it a name, then use the left-hand menu tabs to adjust different settings for the group.
Compared to dedicated password managers like KeePassXC, your browser’s built-in password manager can feel more convenient thanks to its ability to complete website login fields with almost no interaction from you. You can get a similar experience from KeePassXC, though, by installing the official browser extension for Chrome, Firefox, or Edge and connecting it to your database.
You’ll need to make sure each entry in your database you want to use has the correct URL associated with it (for example,
facebook.com for your Facebook entry) The extension relies on those when you visit a website to find relevant credentials to enter.
Third-Party Cloud Sync
This isn’t a feature but a workaround for one of KeePassXC’s biggest drawbacks. The app itself can’t sync your passwords over a network, which means you’re burdened with manually copying or moving databases anytime you need your passwords on another device. You can solve that problem with a cloud storage service you probably already use, like Google Drive or OneDrive.
Save your password database to a cloud-synced folder on your device, and you’ll have instant access to the latest version of your database everywhere else you sync that folder. If you don’t want to move your KeePassXC database, you can easily sync any folder to the cloud using symbolic links. Just make sure the account you’re syncing with is also secure.
- › KeePassXC Password Manager Review: New and Improved?
- › Why You Should Use a Password Manager, and How to Get Started
- › Can ChatGPT Write Essays: Is Using AI to Write Essays a Good Idea?
- › 11 Apple Music Features You Should Be Using
- › System76 Gazelle (gaze18) Review: A Portable Linux Powerhouse
- › Google Chrome 114 Arrives With New Reading Mode
- › 10 Common Backup Mistakes Most People Make
- › The New HyperX Cloud III Headset Works With All Your Devices