
KeePass: The enshittification-resistant password manager
I recently read a post on decryption.net about password managers, and the last couple of sentences resonated with me:
My heart wants to use KeePass though. The idea of not having a 3rd party involved in my passwords feels nice.
This is pretty much the main reason that I use KeePass. I figured I might as well send an email and describe it to Anthony:
I’ve just read your blog post about password managers. I’m very much in the KeePass camp. I’ve used it for ~15 years now (my workplace used one to share passwords on a Dropbox shared folder, I replicated the setup). I’ve jumped between cloud syncing providers, I’m currently using pCloud.
I very rarely have issues with conflicts. I don’t update passwords that often, and the KeePass apps I use are good at resolving the conflicts. If worse comes to worst the. I can just do a password reset. I also manage TOTP and passkeys through it. Though Android support for passkeys is lacking, I’m hoping it emerges as a serious replacement for username/password/totp login flows.
I’ve had a play around with pass, which I use for my work passwords. It uses git and is gpg encrypted, so in theory is portable and secure. You could even push the repo to github (but I wouldn’t recommend it!). I haven’t looked at Android/iOS support but it works just fine on my work Mac, and the TOTP extension has worked fine too.
Anyway, this has been a long ramble about password managers from a stranger on the internet. I guess I really just wanted to email because I agree that the KeePass option is enshittification-resistant, and have 15 years of evidence to back it up!
As I said in the email I’ve used KeePass for ~15 years now, and it’s the only password manager I’ve used in earnest. I’ve never liked the idea of trusing a third party with this data, despite any assurances given about security. There have been breaches in the past and I’m not happy to take that risk.
Syncing an encrypted file via whatever system I choose (and I’m thinking of moving that to a self-hosted option) feels a better long term solution. I’ve never felt the need to change this setup in the last 15 years, and I doubt I will in the next 15!
Matthew Simpson.net 
