KeePassium is an open-source KeePass client for iOS
About a month ago, I wrote an article about a KeePass client for iOS, called Strongbox. I also mentioned an alternative app named KeePassium and that I followed development of the application on GitHub and Reddit for a while.
KeePassium Password Manager is an application for Apple's iOS operating system.
I looked at the free version of the app exclusively. There is a premium version available for $11.99 per year that lifts the 1 database limit to unlimited and unlocks additional settings.
Let's take a closer look at the app.
How it works
KeePassium's interface is clean, minimal and pretty. When you run the app for the first time, you will be prompted with 2 options: add a database or choose an existing one. If you pick the latter, you can use a database that is hosted on cloud services like Dropbox, Google Drive, iCloud Drive, One Drive, Box, NextCloud, or using WebDAV or SFTP.
Database, password generator and more
You will need to install the corresponding cloud service's app on your iOS device for the option to show up in KeePassium. The advantage here is that KeePassium doesn't need to be connected to the service as it can load the KeePass database from the Dropbox folder on the device.
That's quite fantastic as it removes authentication worries from the entire process. Though KeePassium only saves a database that it creates in the KDBX4 format, it can also open/save KDBX3 and KDB formats. Of course, you can use the app to change the master password too.
Once you add a database, it shows up on the side-bar. Tapping a folder displays all the logins inside it and selecting a login will show the username, password (hidden) and URL on the right pane. You can also attach files and notes to a password entry.
It also hides the actual number of characters in a password so that the information is hidden and is not revealed to others who catch a glimpse of the screen.
You can sort the side-panel by tapping the icon on the bottom left. The search bar on the top of the pane lets you find entries quickly. There is a backup database option which will save an extra copy of the database on your device.
The password generator can be accessed by tapping the + icon on the left panel and selecting "Create Entry". This is also how you add new logins to the database if you create new accounts.
KeePassium can generate random passwords using the following parameters: password length, lower case, upper case, special symbols, digits, and look-alike characters (like 1Il). The autofill option works fine and can be used in Safari or other browsers to securely login to your accounts.
Security
KeePassium is open source and free, though it does have a premium version with some extra features. The app supports ChaCha20 and AES (like KeePass does) and also supports Argon2, Salsa20, and Twofish algorithms for encryption.
When you switch to another app, Keepassium locks the database as it should. Though I did find it annoying when I was testing it by switching to and from Safari to test the manual copy to clipboard and search options. Maybe keeping the database open for 10 seconds or something could help prevent this, an option to enable this would be sufficient.
The App Lock adds an extra layer of security to KeepPassium. When enabled, you will need to enter your device's passcode just to access the app. You will still need to enter your master password to open the database which makes it time-consuming but provides better security.
The "Unlock with master key" option is disabled by default and for good reason. When you enable it, Keepassium will remember the master key (master password) for the session so you don't have to enter the password every time you open the app. When you switch to another app and return you will find an "unlock" button (instead of a password field) on the app's home screen. The master key will be automatically cleared after the database has timed-out.
I personally don't like such options, because if you forget to clear the master key and hand over your iPhone or iPad to someone, or it gets stolen or taken away, the database and all the passwords and information it contains can be accessed (unless you enable App lock).
The Database time-out is linked to the "unlock with master key" setting and Keepassium's default auto-clear time is 60 minutes. That's too much in my opinion but fortunately it can be customized and set to auto-lock from as low as 30 seconds and up to 24 hours or even never. Of course, you shouldn't keep the database open for that long. I'd say keep it to 30 seconds or a minute for maximum security.
You can optionally use a Key File to unlock the database. I get that some of these options may be convenient for some people, but it really should be security over convenience any day.
Closing Words
The promise of open source, free, no ads, no analytics, and no in-app browser in KeePassium does seem to be true. I'd say you're getting more than what you're paying for, even with the free version. That being said, I misunderstood the Touch ID/ Face ID unlock option in KeePassium. It doesn't unlock the database, it is one of the app lock options. You need to enable "remember master key", to get it to unlock the database. Well, maybe I'm expecting too much, but as a longtime user of Keepass2Android, it is one feature which I really like.
I think both apps, Strongbox and Keepassium are equally good. This really is a try it yourself and decide kind of situation.
Hello there, I am very new to Apple and just bought first iPad. I tried to download keepass various times but it did not appear on the home page…I was going to insert data manually from the data I have on windows laptop…but too complicating to grasp instructions online! I am a Luddite…so now will try keepassium or strongbox. Can you please tell me where I go to download them and where is best place on iPad to save it…apps seem to automatically go to home page. Is this as good a place as any? Thanks.
KeePassium looks really good but the monetization sucks tbh. I’m using KyPass which is premium, but they charge for updates which also sucks.
I’ll check Strongbox, if price is reasonable and it’s a one time purchase might do the trick for me.
Thanks great article!
Thank you for the review, Ashwin!
Just to clarify, the database timeout is configurable, so there is no need to unlock the database every single time :)
Hello Andrei, I have a question about your Keepassium app. So far I have used MiniKeePass. Since this app is no longer supported, I downloaded your app. MiniKeePass saved the databases locally on the iOS device. With your app there is also the possibility. But what’s the difference? If I want to save the database locally at KeePassium, I am only offered to save it in the app files. Not on the local device. This was not the case with MiniKeepass.
Best regards
Hi Ashwin, Mark here, developer of Strongbox, just to make a small correction, Search is available for all users including on the free version in Strongbox. Could you amend or correct, I think it’s important people are aware of this. Cheers! -Mark
Hi Mark, I made the change, thanks for letting us know.
Thank you! Great article!
So the current differences can be summarized as:
– Strongbox (Free): without TouchID/FaceID, but multiple databases
– KeePassium (Free): with TouchID/FaceID, but one database at a time
Very promising app, now that MiniKeePass isn’t active anymore. Though its still a mobile app on a closed source operating system, so i guess its better not to carry all the passwords with you at all times. My tip? Create a mobile password database having only the passwords you need on the go. Of course that database should have a different password than your main one (use diceware).
I’m still using MiniKeePass and it does work well. But it has a some problem with opening newest (v4) kdbx version as far as I read somewhere. Still – it works for me :)
Thanks for the Free vs Premium overview, but being precise what do “Casual use” and “Heavy use” mean?
By distinguishing the Casual/Heavy use, I wanted to make KeePassium a zero-pressure app for beginners: no nagging, no interruptions. Over time, these users would start using the app more actively — and only then it makes sense to nudge them to upgrade (no paywalls, though).
The “use” is the time the app is active on screen. Less than 8 hours/year is considered “casual use”; that’s ~1m30s or 3-4 auto-filled passwords daily. (The annual usage is projected from the last 30 days.)
The threshold is not random. 8 hours give a clear reference for business users: “I am to spend more than full work day in the app this year. I can save most of this time with the premium version. Is one day of my time worth that price?”
If yes, they upgrade and everybody is happy. If no, the user just spends more of their time entering master passwords or switching between databases.
Not my review, but where did you see heavy and casual mentioned?
Here, in the Security paragraph: https://www.ghacks.net/wp-content/uploads/2019/08/KeePassium-free-vs-premium.jpg