How it works
- Your passwords live in an encrypted database file (KDBX).
- Protection via master password + optional keyfile.
- Modern KDF: Argon2 (tune iterations/memory for your machine).
- Optional browser integration (Firefox/Chromium) with KeePassXC-Browser.
Setup (5 minutes)
- Install KeePassXC for your OS (package manager or official site).
- Create a new database → choose a long, memorable passphrase.
- (Optional) Add a keyfile; store it separately (USB, hidden dir).
- In Security → set KDF to Argon2id; increase memory/iterations until unlock time ≈ 200–500 ms on your box.
- Enable auto-lock on inactivity and when the system is locked.
Browser autofill (privacy-respecting)
- Install KeePassXC-Browser (Firefox/Chromium extension).
- In KeePassXC → Tools → Settings → Browser Integration → enable your browser and pair it (random key exchange).
- Use Match URL rules; avoid broad wildcards. Approve connection per-browser profile.
No cloud account; the desktop app mediates all access to your local vault.
Backups that stay yours
- Syncthing between devices (encrypted, peer-to-peer).
- Or store the .kdbx in a cloud folder, but encrypt it (it’s already encrypted) and keep a second offline copy.
- Enable database backups on save inside KeePassXC (versioned).
Hygiene tips
- Use the Password Generator (20+ chars, mixed) and unique passwords per site.
- Enable TOTP where available; KeePassXC can store the seed and show 2FA codes.
- Clipboard: reduce auto-clear time; prefer the browser integration to avoid extra copies.