KeePassXC review — offline password manager without cloud
KeePassXC stores your passwords locally in an encrypted file. No cloud, no synchronisation unless you arrange it. The choice for those who want complete control.
KeePassXC review
KeePassXC is an open-source password manager that stores an encrypted database file locally. No cloud, no account, no synchronisation service. You manage everything — and that is exactly why part of the privacy community prefers this over Bitwarden.
How KeePassXC differs from Bitwarden
Bitwarden synchronises your vault to the Bitwarden cloud (or your own server). KeePassXC doesn’t. The database file (.kdbx) sits on your device. You decide where it lives, how it’s synchronised and who has access to it.
Advantage: No dependency on an external service. Even if KeePassXC stops existing tomorrow, your database still works — any compatible KeePass programme can open the file.
Disadvantage: Synchronisation across multiple devices must be arranged yourself — via Syncthing, an encrypted cloud folder, or a USB drive.
Specifications
| Property | Value |
|---|---|
| Platform | Windows, macOS, Linux |
| Database format | KDBX 4.0 (AES-256) |
| Open-source | Yes (GPL-3.0) |
| Cloud sync | No — local file |
| Browser extension | Yes (KeePassXC-Browser for Firefox, Chrome, Brave) |
| YubiKey / hardware key | Yes — as second factor for the database |
| Biometric | Yes (Windows Hello, Touch ID on macOS) |
| Mobile | No — use KeePass2Android or Strongbox (iOS) |
| Price | Free |
Database security
KeePassXC encrypts the database with AES-256 or ChaCha20. Access requires a combination of:
- Master password — required
- Key file — optional extra file stored separately (on USB drive)
- Hardware key (YubiKey/Nitrokey) — optional, strongest option
The combination of password + key file + hardware key makes brute-force attacks practically impossible. Even if someone steals your database file, they need all three factors.
Synchronisation across devices
KeePassXC doesn’t synchronise automatically. Options for using the database across multiple devices:
Syncthing: Peer-to-peer synchronisation without cloud. The database is synchronised encrypted between your devices. Most privacy-friendly option.
Encrypted cloud folder (Proton Drive, Cryptomator + Dropbox): Store the .kdbx in an encrypted cloud folder. KeePassXC opens it locally — the cloud only sees an encrypted file.
USB drive: Copy the database manually. Simple, no automation, suitable for minimal use.
Browser extension
KeePassXC-Browser connects the extension to the desktop app via a local socket. The extension recognises login fields and fills in automatically — comparable to Bitwarden’s extension. Works on Firefox, Chrome, Brave and Edge.
Requirement: KeePassXC desktop must be running for the extension to work. No browser-only use like Bitwarden.
Mobile use
KeePassXC itself has no mobile app. Compatible alternatives:
- Android: KeePass2Android — opens
.kdbxfiles, including sync via WebDAV, Dropbox or local storage - iOS: Strongbox — modern interface, supports KDBX 4.0, paid (one-time ~€20)
KeePassXC vs Bitwarden
| KeePassXC | Bitwarden | |
|---|---|---|
| Cloud dependency | No | Optional (cloud or self-hosted) |
| Automatic sync | No — arrange yourself | Yes |
| Open-source | Fully | Fully |
| Mobile app | Via third parties | Own app |
| Hardware key | Yes (YubiKey/TOTP) | Yes (YubiKey/FIDO2, premium) |
| Difficulty | Higher | Lower |
| Price | Free | Free (premium €10/year) |
Choose KeePassXC if:
- You don’t want data in a cloud, even encrypted
- You want complete control over the database file
- You already have a synchronisation solution (Syncthing, NAS)
- You want to use a YubiKey as a database key
Choose Bitwarden if:
- You want easy synchronisation across multiple devices
- You want a mobile app without extra configuration
- You prioritise ease of use
Conclusion
KeePassXC is the most privacy-friendly password manager for users willing to manage a bit more themselves. No cloud, fully open-source, excellent hardware key integration. The price for that control is that you need to arrange synchronisation and mobile access yourself.
Beginners choose Bitwarden. Advanced users who prefer control over convenience choose KeePassXC.
See also:
- Bitwarden review — the cloud-based open-source choice
- YubiKey vs Nitrokey review — hardware keys as second factor for KeePassXC
- Two-factor authentication guide — 2FA alongside your password manager