전문적인 리뷰
소유권
제휴사 커미션
리뷰 가이드라인

2021년 KeePass 리뷰

7.0
괜찮음
52명의 암호 관리자로부터 31으로 평가됨
52명의 암호 관리자로부터 31으로 평가됨
소피에 앤더슨
소피에 앤더슨
게시 일자: 2021년 9월 12일

KeePass 후기: 전문가 핵심 정리

KeePass Password Safe is a different animal in the password managers’ universe. Although many tools are free, KeePass is also a completely open-source based password manager. This has several implications that are pretty important in deciding whether this is the right tool for you.

KeePass is not a flashy, easy-to-use software. Compared to other free password managers, such as LastPass or RoboForm, which feature a modern and friendly interface, KeePass is lagging behind; in fact, a user with no background (even a basic one) in manual software configuration and putting simple scripts to work might be confused by its design and lack of intuitiveness. However, the real value of KeePass is in its surprising amount of features, security strength and versatility—if you are up for the task of learning how to use it. After looking closely at almost 70 password managers, here’s what I thought you really need to know about this unique tool.

Features

KeePass offers two versions of its tool that vary in the basic features available (see screenshot). 1.x is much leaner and may be a good solution for getting started, as both versions are free.

You will find that the 2.x version offers loads of features that cover a wide range of different scenarios and uses (some via plugins). It is an impressive offering and it matches up very well to other password managers on the market (more than LastPass and Dashlane; only Zoho Vault offers a comparable amount, but remember that open-source evolves faster due to its decentralized nature), but you would be wise to consider the learning curve required for integrating the various plugins (over 100!), or scripts and getting familiarized with them. This is relevant to in-demand features, such as a mobile app (there’s an unofficial version available) and browsers’ extensions that are available only through plugins.

The rule of thumb with this password manager’s features is that whatever is not already in the box has a workaround via a plugin, or a third party unofficial development (a mobile app, for instance). The version I reviewed is 2.41, and as an open-source tool, we can expect that its evolution will consist of more and more features in varying specificity levels.

보안 연구원 & 기자

Remember that by default, KeePass stores the data locally on your device. This is great for security compared to other password managers who sync it to a cloud service (Dashlane, for instance) but if you do want to use such an option you can configure KeePass to do so, but expect to do some copying and pasting manually. A good practice would be to put KeePass credentials database on cloud-syncing folders, like OneDrive, Google Drive, etc. There’s no limit to the number of passwords you can create and KeePass also allows you to create as many sub-folders as you want to manage your databases.

보안 연구원 & 기자

Here are the main features to pay attention to:

Top-notch security

KeePass is not shy about its security strength, and they like to show it (see their awards section). The program checks itself with every run and alerts if any of the algorithms fail the test. For those who are apprehensive about the open-source model in a security context, you may want to read what KeePass says on its home page (see screenshot below).

  • Supports AES and Twofish, compounding a very high-security level
  • SHA-256 encryption, a 256-bit cryptographically secure one-way hash function
  • Complete database encryption: KeePass encrypts the password fields, but also usernames, notes and other details as well
  • KeePass process memory protection: passwords are encrypted while KeePass is running. This feature prevents using the process of dumping memory to disk by your OS as a backdoor to reveal your passwords.

보안 연구원 & 기자

보안 연구원 & 기자

Multiple user keys

  • One master password is used to decrypt the entire database
  • Using a key file (on its own, or in tandem with the master password). Carrying the file in a physical piece of hardware (a flash drive, for example) means it is safe from cyber attacks, but make sure you don’t lose it!
  • You can combine the key file with the master password for stronger 2-factor authentication encryption. The good news is that losing the key file does not compromise your database’s security.

보안 연구원 & 기자

Portable and low-signature version

  • KeePass features a portable version that can be carried on a flash drive and runs on Windows OS without any installation needed (see versions screenshot above)
  • KeePass doesn’t store anything on your system. No new registry keys or INI files are created in a Windows directory.
  • Deleting KeePass (either the ZIP or installer package) doesn’t leave a trace of it in your OS

Import-export standards

KeePass does a good job taking care of its relatively weak point when it comes to browser integration with easily importing and exporting data from other password managers out there (in the pro version). In fact, with over 40 vendors included (LastPass, RoboForm 8, Dashlane 4 and others), it may well be a leader in this category. The downside is that you’d have to do some manual copying and pasting.

  • Password list can be exported to TXT, HTML, XML and CSV formats
  • The XML output can be used in other applications
  • The HTML output employs CSS to format tables for easy layout changes
  • The CSV output is fully compatible with most other password safes
  • The CSVs can be imported by spreadsheet applications like Microsoft Excel

Plans and Pricing

There’s no fine print here: KeePass is totally free, regardless of the version you wish to use. You do have the option to make a donation to support this open-source effort on the website, but it is completely voluntary. As for plans, as I’ve noted in the overview, the difference between the lighter 1.x version and the 2.x (sometimes referred to as “pro”) is in the number of available features. The KeePass website does a good job in comparing the two versions head-to-head according to various categories/use-cases (see screenshot).

보안 연구원 & 기자

Ease of Use and Setup

Installing KeePass to my Windows 10 system was smooth and easy; downloading the desired version was quick and the site is informative and helpful. KeePass was designed to operate in a windows environment and covers even ancient legacy versions (even as far back as Windows 7, via… plugins), but it is compatible with Mac iOS, Linux and other OSs out there.

The major issue with KeePass is the overall UX/UI, namely, the grey Windows 95-style screen that welcomes you once the program is opened. There are no pop-ups, tool-tips or any indication of what you should be doing to actually start putting this tool to good use. This is the downside of the open-source nature of KeePass, as much work was put into the technical security functionalities, but the design obviously suffered major compromises.

보안 연구원 & 기자

It’s hard to imagine a non-techy user being comfortable using this password manager. Other then the main menu ribbon, there’s nothing out there to prompt any action. The first thing you want to do is to create a new database by clicking the somewhat obscure icon (see screenshot). From there on you could choose which folders to work with.

The password generator interface is equally old fashioned, yet clear and offers the most configurable, detailed password creation out there (see screenshot). You could set and configure virtually every aspect of your master password as it is rated in real time by the generator. As you noticed with KeePass, the level of features and configuration stands up to the paid competitors in the password management universe, but an ordinary user probably wouldn’t find a use for most of them.

보안 연구원 & 기자

Security

As I mentioned earlier, KeePass employs the SHA-256 encryption standard, which is considered the highest in the industry and has shown no major weakness so far. Paring that with the key-file option creates a very powerful 2-factor authentication that incorporates a physical aspect (a flash drive carrying your key-file) that is less vulnerable to cyber attacks. As an out-of-the-box feature, this is very nice (and free!).

As far as I know, the KeePass password management system did not show any critical weakness that is prone to breaches—so, in terms of security, it is a very powerful tool.

If you ‘d like to backup your password database, KeePass doesn’t offer a built-in option, but it is possible to do a manual backup.

Customer Support

KeePass is an open-source venture, as such there’s no major corporate-level support as users have come to expect in password management (and in any other services). The website offers a help page with an FAQ section, but this will not benefit a user that finds technical reading tedious and just needs a helping hand in real time. To their credit, KeePass’s help is very well organized and detailed.

Learning how to perform manual processes and getting around the somewhat bleak interface is done through a wiki that is referred to from the help page (see screenshot).

보안 연구원 & 기자

The program does support a vast number of languages, thanks to the open-source contribution from many individuals from all over the world. In that respect as well, no other password manager has such extensive language support, which would make a lot of users happy around the globe.

보안 연구원 & 기자

KeePass의 제품 및 가격 책정

결론

As the only open-source password manager on the market, KeePass does present a unique set of pros and cons. As for its main objective, security, it certainly delivers a very high level of encryption that meets the highest standards of its competitors. It includes many features and integrations that cover most of the scenarios and use cases for encrypting databases and storing passwords and is actually the most customizable tool out there.

But, and it’s a big but, KeePass has placed all their firepower on the technical abilities of the program and very little on its user-friendliness. As I reviewed above, KeePass’s flexibility and customizability are dependent directly on the user’s willingness and ability to learn and employ functions that are out of the box, i.e. plugins, scripts and third-party integrations. A techy tinkerer would delight in the options to personalize just about anything in this tool to their liking. However, your average Joe looking for a friendly password manager would most likely run for cover after staring at the home screen for 5 minutes.

True to open-source ethics, KeePass is completely free and constantly evolving with more (and more) plugins and languages available to augment its functionality. If you are a user that is willing to take the time to learn what KeePass can do for you—and accept what you must do manually—you will benefit in the long run. For those who are looking for a smoother, friendlier tool that goes the extra mile to make the user’s life easier—probably best to choose a different vendor and not get blinded by the non-existent price tag.

저자에 대한 정보

소피에 앤더슨
소피에 앤더슨
보안 연구원 & 기자

저자에 대한 정보

원래 소프트웨어 엔지니어로 지난 10년간 보안 연구원 및 기자로 근무했습니다.

Password Managers Comparison

상위 3개의 변경 가능한 암호관리자들를 확인하세요

KeePass 사용자 리뷰

17 0
17 개 리뷰에 기반함. 2 언어에서 9.9
언어
현재 KeePass 한국어에 대한 리뷰가 없습니다. 해당 서비스에 대해 경험이 있으신 경우, 한국어(으)로 리뷰를 작성하는 첫 번째 사용자가 되십시오.
사용자 신뢰도가 우리의 최우선 순위입니다! 백신 회사는 비용을 지불하여 리뷰를 변경하거나 삭제할 수 없습니다.

사용자 리뷰가 없습니다. KeePass의 첫 리뷰어가 되십시오!

후기 작성

KeePass에 대한 리뷰 쓰기

0.0/ 10.0

리뷰를 제출하려면 이메일 주소를 입력하십시오.