KeePassXC: The Password Manager That Never Talks to a Server

Go to keepassxc.org/download — the official site will automatically detect your operating system.

• Windows: Download the .msi installer and run it. Follow the setup wizard — the defaults are fine.
• macOS: Download the .dmg file, open it, and drag KeePassXC to your Applications folder. On first launch, macOS may warn you it was downloaded from the internet — click Open to proceed.
• Linux: Use the Flatpak or Snap version from your app store (more sandboxed, therefore more secure), or install via your package manager.

1. Open KeePassXC. On the welcome screen, click "Create new database".
2. Give your database a name (e.g. "My Passwords") and optionally a description. Click Continue.
3. You'll see encryption settings. The defaults are strong — but increase the decryption time to 1–2 seconds. This makes brute-force attacks significantly harder without being noticeable to you when you unlock the database.
4. Click Continue, then choose where to save the .kdbx file. A sensible location is your Documents folder.

Your master password is the single key that unlocks everything. It should be strong — but also something you can actually remember, because there is no recovery option.

What makes a good master password:

• Use a passphrase, not a single word — four or five random words strung together (e.g. correct-horse-battery-staple) are both strong and memorable.
• Aim for at least 20 characters.
• Don't reuse a password you already use anywhere else.

Click Done. KeePassXC will create and open your new database.

The left sidebar shows Groups — essentially folders. KeePassXC comes with a few defaults (Email, Internet, etc.). You can rename, delete, or create new ones.

Grouping is optional, but it's worth setting up a structure you'll stick with: for example, Work, Personal, Finance, and Social. You can drag entries between groups at any time.

1. Click the + button in the toolbar, or go to Entries → Add new entry.
2. Fill in the Title (e.g. "Netflix"), Username, and Password.
3. Add the URL of the login page — this is what allows the browser extension to match the entry to the right website automatically.
4. Click OK, then save the database with Ctrl+S (or Cmd+S on Mac).

When creating a new entry, click the dice icon next to the password field to open the password generator. KeePassXC will generate a cryptographically random password for you.

Recommended settings: at least 20 characters, uppercase, lowercase, numbers, and symbols all enabled. Since KeePassXC remembers the password for you, the length and complexity don't need to be memorable.

Install the KeePassXC-Browser extension for your browser:

• Chrome / Edge / Brave
• Firefox

After installing, pin the extension to your toolbar so it's easily accessible.

1. Make sure KeePassXC is open and your database is unlocked.
2. In KeePassXC, go to Tools → Settings → Browser Integration.
3. Check "Enable browser integration" and tick the checkbox for your browser.
4. Click the KeePassXC-Browser icon in your browser toolbar. A connection dialog will appear — click Connect.
5. KeePassXC will ask you to name the connection (e.g. "My Browser"). Click Save.

1. In Chrome: go to Settings → Autofill → Password Manager → Saved Passwords, click the three dots, and select Export passwords. Save the file.
2. In KeePassXC: go to Database → Import → Import from CSV.
3. Select the exported file and follow the import wizard to map the columns.

1. In Firefox: go to Settings → Privacy & Security → Logins and Passwords → Saved Logins.
2. Click the three-dot menu (top right of the logins panel) and choose Export Logins. Save the .csv file.
3. Import into KeePassXC the same way as above: Database → Import → Import from CSV.

Most password managers can export to CSV or JSON. In KeePassXC, you can import any CSV file by manually mapping the columns in the import wizard. Bitwarden specifically exports to a format that KeePassXC handles well.

For Bitwarden: log in at vault.bitwarden.com → Tools → Export Vault. Choose CSV, export, then import into KeePassXC as above.

• Android: KeePassDX — free, open-source, well-maintained. Available on F-Droid and the Play Store.
• iPhone / iPad: Strongbox (free version available) or KeePassium. Both are polished, reputable, and support biometric unlock.

Your .kdbx file is just a regular encrypted file — you can sync it any way you like. The file stays encrypted at all times, so even if someone intercepts it, it's unreadable without your master password.

Options for syncing:

• Nextcloud (recommended if you followed our Nextcloud guide): place the .kdbx file in your Nextcloud folder. It syncs automatically to all your devices.
• iCloud Drive / Google Drive / Dropbox: also works. The file remains encrypted regardless of where it's stored.
• Manual transfer: copy the file via USB cable or AirDrop if you prefer not to use any cloud service.

Open your mobile app, point it to the synced file, and enter your master password. Enable biometric unlock (Face ID / fingerprint) so you only need to type the master password once after a restart.

A simple backup strategy: keep 3 copies of your database, on 2 different types of storage, with 1 copy off-site.

• Copy 1: Your main computer (working copy)
• Copy 2: A USB stick or external drive at home
• Copy 3: A cloud service (Nextcloud, iCloud, or similar) — the file is fully encrypted, so this is safe

1. Go to Tools → Settings → General.
2. Enable "Create a backup file before saving".
3. KeePassXC will automatically save a .kdbx.bak backup each time you save, in the same folder as your database.

This protects you against accidental data loss from a corrupted save — not against hardware failure, which is why the off-site copy matters too.