Introduction to KeePassXC
KeePassXC is a community fork of the popular KeePass, designed specifically to provide a modern, cross‑platform experience, with a special focus on Linux users. Its interface is built with Qt, giving it a native look on desktop environments such as GNOME, KDE, or XFCE, and its code is available under the GPL license, allowing security audits and community contributions.
Installation on major distributions
In the official repositories of the most widely used Linux distributions, KeePassXC can be installed with the usual package manager. Here are a few examples:
- Ubuntu and derivatives:
sudo apt install keepassxc - Fedora:
sudo dnf install keepassxc - Arch Linux:
sudo pacman -S keepassxc - openSUSE:
sudo zypper install keepassxc
For those who prefer to always have the latest version, it is also available as a Snap or Flatpak package, which guarantees updates independent of the distribution’s release cycle.
Main features
KeePassXC combines the robustness of the KDBX database format with a set of functionalities that make it very practical for daily use:
- Password generator with options for length, special characters, and customizable patterns.
- Secure storage of notes, attached files, and identity data.
- Browser integration via official extensions for Firefox, Chrome, and Chromium, which allow automatic form filling.
- Support for two‑factor authentication (2FA) using YubiKey, challenge‑response devices, or TOTP applications such as Google Authenticator.
- Automatic locking of the database after a period of inactivity or when the system is suspended.
- Integrity check of the database using SHA‑256 hash.
Basic usage: creating and opening a database
When launching KeePassXC for the first time, the wizard will guide you to create a new database. You must choose a secure location on your disk, set a strong master password, and optionally add a key file or a hardware device as a second factor. Once created, the database is opened by entering the master password (and the second factor if you configured one). Inside the interface, you can organize your entries into groups, add custom icons, and use the search bar to quickly locate any record.
Security best practices
Although KeePassXC is very secure, its effectiveness depends on user behavior. Some recommendations are:
- Use a master password of at least 20 characters, combining uppercase, lowercase, numbers, and symbols.
- Make a backup of the database on an encrypted external medium or a trusted cloud storage service, but never store it unencrypted.
- Keep the operating system and Qt libraries up to date to benefit from the latest security patches.
- Periodically review the browser extension and ensure it comes from the official repository.
- Consider using a key file stored on a separate device (e.g., a USB drive) to increase resistance against brute‑force attacks.
Desktop Linux integration
KeePassXC integrates natively with the most popular desktop environments. In KDE Plasma, it can appear as an entry in the system tray and offer quick access via customizable keyboard shortcuts. In GNOME, the shell extension allows locking the database when you log out and unlocking it when you log in. Moreover, thanks to DBus support, other applications can request credentials securely without exposing the master password.
Conclusion
KeePassXC represents one of the best options for managing passwords on Linux, combining open‑source code, proven security, and a polished user experience. Its easy installation, extensive feature set, and active community make it an indispensable tool for both home users and professionals who need to protect their credentials in work environments.
This post is also available in ESPAÑOL.