(1 of 3) Open Source Software Review and Comparison: KeePass Password Manager

Today we will review Keepass, an open source password manager mainly for Windows with some other ports available such as Android, iPhone and Mac for example (KeePass, n.d.). Some of the features that make this program attractive are that KeePass uses current algorithms, the Advanced Encryption Standard (Rijndael) (AES) and Twofish (KeePass, n.d.). AES (Rijndael) is currently approved for government usage and in accordance with the Federal Information Processing Standard (FIPS) (FIPS Pub, 2001). In other words, it uses the standard of strong encryption to encrypt its entire database and this is the same algorithm that the government uses for top secret information (KeePass, n.d.). When the program is running, the passwords remain encrypted, and it uses techniques to fight keyloggers, dictionary and guessing attacks (KeePass, n.d.). You can also use a type of two-factor authentication meaning you can opt to use a master password and a “Key File” which is kept on separate media such as a thumb drive or cd etc. (KeePAss, n.d.). It is also portable and can be kept/operated on external storage media and does not have to be installed on the operating system, you can use plugins for additional features, as well as KeePass being compatible with many of the file formats that other password managers use (KeePass, n.d.). Last but not least, one feature that I find highly valuable and in my opinion a bit more secure is the fact that KeePass only stores the passwords and hashes locally, it does not send passwords, hashes or anything over the internet as well as possessing a strong password generator (KeePass, n.d.)

Comparison to Paid Versions

            We will use Dashlane which is a popular password manager, but it is not open source and they have 4 plans: Free, Premium, Premium Plus, and Business whereas KeePass is completely free no matter how you use it. Dashlane does offer some features that could prove useful that most if not all open source password managers do not offer. One of these features is that Dashlane monitors security and will notify you if any of your accounts are affected by a data breach and have you change your password (Dashlane, n.d.). It uses a VPN to protect your Wifi activity, it has an emergency contact list incase you need to let someone else access your accounts (Dashlane, n.d.). Another feature that the security conscious might not find so appealing is the fact that Dashlane can be synced across multiple devices and operating systems (Dashlane, n.d.). This is of course accomplished by transmitting the synced information over the internet. So, it appears that KeePass is more than sufficient but if you are looking for some extra, nifty features, then a paid program such as Dashlane might be the choice for you.

References

Dashlane. (n.d.). All the tools you need for a simpler, safer life online. Retrieved from https://www.dashlane.com/features

Federal Information Processing Standard Publication 197. (2001). Announcing the Advanced Encryption Standard. Retrieved from https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf

KeePass. (n.d.). KeePass features. Retrieved from https://keepass.info/features.html