In July 2019, I wrote about another password manager, called “Buttercup”. I liked it enough to switch to it from LastPass, which I had been using as my password manager for years. Today, I switched to KeeWeb, which you can find here.
Relying on a third-party service to manage passwords is a recipe for disaster. Just think of all the data breaches that have occurred over the last few years. If someone gets your master password, that someone gets all of them (all of those in the vault, that is).
I want to keep my password database online, so I can use it with my Android phone as well as my laptop computer. Unfortunately, the Buttercup app doesn’t work on my phone. From what I’ve read, it doesn’t work on many.
I tested alternatives, including every KeePass variation. I settled on KeeWeb for various reasons but mainly because it was easy to connect to the database on my WebDAV share. The web browser extension I’m using to go with it is ChromeKeePass, which works on every Chromium based web browser (I use the Brave Browser).
The extension doesn’t connect directly to the WebDAV password database. It has to connect to KeeWeb while it’s running on my laptop computer. It’s only a minor drawback. The Buttercup web browser extension did, but I had to unlock the database every time I restarted the browser.
There is a version of KeeWeb for Windows, Mac and Linux (which is what I’m using). If I switch to another platform, I can use the correct version and connect to the WebDAV share once again. Using my KeePass2 compatible password database with Android is easy as well.
I examined a few apps before settling on Keepass2Android Password Safe. The KP2A keyboard makes it easy to fill in the blanks for the login forms. Unlike the web browser extension, I can add and edit entries with this app. The security settings are easier for me to understand than those that I was using with the LastPass app.
There are other Android apps that work with KeePass2 compatible databases, but I like this one the best.
There are plenty of security options to make it as secure as you need it to be. The Android app is the same way. The web browser extension is only as secure as the desktop application. Unlike LastPass (which has changed hands at least once), I feel pretty safe with using KeeWeb.
What makes it more secure than a third-party password manager is the two access methods (and a third may show up later on) by one person only. First, the WebDAV share is password protected. Second, the database is encrypted with a master password. Finally, no third party knows anything about any of it.
I’m in the process of checking more than a hundred logins and it’s going to probably take a few days to go through them all. I like the fact that the web browser extension lets me choose from multiple logins for each site. I can choose one of two Facebook accounts, for example, without using different web browser profiles. I think the Android app works the same way.