KeePassium is an open-source KeePass client for iOS- gHacks Tech News

KeePassium is an open-source KeePass client for iOS

About a month ago, I wrote an article about a KeePass client for iOS, called Strongbox. I also mentioned an alternative app named KeePassium and that I followed development of the application on GitHub and Reddit for a while.

KeePassium Password Manager is an application for Apple's iOS operating system.

I looked at the free version of the app exclusively. There is a premium version available for $11.99 per year that lifts the 1 database limit to unlimited and unlocks additional settings.

Let's take a closer look at the app.

How it works

KeePassium is an open-source KeePass client for iOS

KeePassium's interface is clean, minimal and pretty. When you run the app for the first time, you will be prompted with 2 options: add a database or choose an existing one. If you pick the latter, you can use a database that is hosted on cloud services like Dropbox, Google Drive, iCloud Drive, One Drive, Box, NextCloud, or using WebDAV or SFTP.

Database, password generator and more

You will need to install the corresponding cloud service's app on your iOS device for the option to show up in KeePassium. The advantage here is that KeePassium doesn't need to be connected to the service as it can load the KeePass database from the Dropbox folder on the device.

That's quite fantastic as it removes authentication worries from the entire process. Though KeePassium only saves a database that it creates in the KDBX4 format, it can also open/save KDBX3 and KDB formats. Of course, you can use the app to change the master password too.

KeePassium database

Once you add a database, it shows up on the side-bar. Tapping a folder displays all the logins inside it and selecting a login will show the username, password (hidden) and URL on the right pane. You can also attach files and notes to a password entry.

It also hides the actual number of characters in a password so that the information is hidden and is not revealed to others who catch a glimpse of the screen.

KeePassium password entry

You can sort the side-panel by tapping the icon on the bottom left. The search bar on the top of the pane lets you find entries quickly. There is a backup database option which will save an extra copy of the database on your device.

KeePassium sorting

The password generator can be accessed by tapping the + icon on the left panel and selecting "Create Entry". This is also how you add new logins to the database if you create new accounts.

KeePassium can generate random passwords using the following parameters: password length, lower case, upper case, special symbols, digits, and look-alike characters (like 1Il). The autofill option works fine and can be used in Safari or other browsers to securely login to your accounts.

Security

KeePassium is open source and free, though it does have a premium version with some extra features.  The app supports ChaCha20 and AES (like KeePass does) and also supports Argon2, Salsa20, and Twofish algorithms for encryption.

KeePassium free vs premium

When you switch to another app, Keepassium locks the database as it should. Though I did find it annoying when I was testing it by switching to and from Safari to test the manual copy to clipboard and search options. Maybe keeping the database open for 10 seconds or something could help prevent this, an option to enable this would be sufficient.

The App Lock adds an extra layer of security to KeepPassium. When enabled, you will need to enter your device's passcode just to access the app. You will still need to enter your master password to open the database which makes it time-consuming but provides better security.

KeePassium app lock

The "Unlock with master key" option is disabled by default and for good reason. When you enable it, Keepassium will remember the master key (master password) for the session so you don't have to enter the password every time you open the app. When you switch to another app and return you will find an "unlock" button (instead of a password field) on the app's home screen. The master key will be automatically cleared after the database has timed-out.

I personally don't like such options, because if you forget to clear the master key and hand over your iPhone or iPad to someone, or it gets stolen or taken away, the database and all the passwords and information it contains can be accessed (unless you enable App lock).

The Database time-out is linked to the "unlock with master key" setting and Keepassium's default auto-clear time is 60 minutes. That's too much in my opinion but fortunately it can be customized and set to auto-lock from as low as 30 seconds and up to 24 hours or even never. Of course, you shouldn't keep the database open for that long. I'd say keep it to 30 seconds or a minute for maximum security.

You can optionally use a Key File to unlock the database. I get that some of these options may be convenient for some people, but it really should be security over convenience any day.

KeePassium settings

Closing Words

The promise of open source, free, no ads, no analytics, and no in-app browser in KeePassium does seem to be true. I'd say you're getting more than what you're paying for, even with the free version. That being said, I misunderstood the Touch ID/ Face ID unlock option in KeePassium. It doesn't unlock the database, it is one of the app lock options. You need to enable "remember  master key", to get it to unlock the database. Well, maybe I'm expecting too much, but as a longtime user of Keepass2Android, it is one feature which I really like.

I think both apps, Strongbox and Keepassium are equally good. This really is a try it yourself and decide kind of situation.

Summary
software image
Author Rating
1star1star1star1star1star
5 based on 5 votes
Software Name
KeePassium
Operating System
iOS
Software Category
Security
Price
Free
Landing Page
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post:

Comments

  1. Nitro said on August 9, 2019 at 7:04 pm
    Reply

    Thanks for the Free vs Premium overview, but being precise what do “Casual use” and “Heavy use” mean?

    1. Martin Brinkmann said on August 10, 2019 at 6:35 am
      Reply

      Not my review, but where did you see heavy and casual mentioned?

      1. Nitro said on August 10, 2019 at 11:02 am
        Reply
    2. KeePassium-Andrei said on August 10, 2019 at 11:35 am
      Reply

      By distinguishing the Casual/Heavy use, I wanted to make KeePassium a zero-pressure app for beginners: no nagging, no interruptions. Over time, these users would start using the app more actively — and only then it makes sense to nudge them to upgrade (no paywalls, though).

      The “use” is the time the app is active on screen. Less than 8 hours/year is considered “casual use”; that’s ~1m30s or 3-4 auto-filled passwords daily. (The annual usage is projected from the last 30 days.)

      The threshold is not random. 8 hours give a clear reference for business users: “I am to spend more than full work day in the app this year. I can save most of this time with the premium version. Is one day of my time worth that price?”

      If yes, they upgrade and everybody is happy. If no, the user just spends more of their time entering master passwords or switching between databases.

  2. Rob said on August 9, 2019 at 9:09 pm
    Reply

    I’m still using MiniKeePass and it does work well. But it has a some problem with opening newest (v4) kdbx version as far as I read somewhere. Still – it works for me :)

  3. Anonymous said on August 10, 2019 at 1:04 am
    Reply

    Very promising app, now that MiniKeePass isn’t active anymore. Though its still a mobile app on a closed source operating system, so i guess its better not to carry all the passwords with you at all times. My tip? Create a mobile password database having only the passwords you need on the go. Of course that database should have a different password than your main one (use diceware).

  4. Mark said on August 10, 2019 at 6:49 am
    Reply

    Hi Ashwin, Mark here, developer of Strongbox, just to make a small correction, Search is available for all users including on the free version in Strongbox. Could you amend or correct, I think it’s important people are aware of this. Cheers! -Mark

    1. Martin Brinkmann said on August 10, 2019 at 7:17 am
      Reply

      Hi Mark, I made the change, thanks for letting us know.

      1. KeePassium-Andrei said on August 10, 2019 at 11:53 am
        Reply

        So the current differences can be summarized as:

        – Strongbox (Free): without TouchID/FaceID, but multiple databases
        – KeePassium (Free): with TouchID/FaceID, but one database at a time

      2. Mark said on August 10, 2019 at 5:47 pm
        Reply

        Thank you! Great article!

  5. KeePassium-Andrei said on August 10, 2019 at 10:15 am
    Reply

    Thank you for the review, Ashwin!

    Just to clarify, the database timeout is configurable, so there is no need to unlock the database every single time :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.