We all know about the existence of KeePass and talk about it. But I was surprised to see that it isn’t mentioned in the recommendations as password manager. Only some forks are listed (KeePassX, KeePassDX).
Although KeePass is mentioned in the Guides about MFA.
Why isn’t KeePass listed?
KeePassXC is mentioned, not KeePassX. But I think that the reason why KeePass isn’t mentioned is probably because most people prefer XC over the basic KeePass. It’s just a better client overall.
The other thing is that KeepassXC is in the Microsoft Store on Windows:
Which is a requirement of Windows S mode:
Latest version 2.53.1 of Keepass and possibly its fork are affected. Keepass 1.0, KeepassXC, and StrongBox do not appear to be impacted.
Another reason not to use KeePass:
This CVE from January 2023
So an attacker with write access to the KeePass XML configuration file, can trigger a cleartext password export on startup. And the lead developer refuses to fix it.
https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/
https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
That is probably the most useless piece of information I’ve read this week. Why would anyone want to install it from there?
PrivacyGuides aims to give people of all computer knowledge, the keys to better behave online and protect their privacy.
It’s useful for them to not only, get as many people enrolled, but also, for covering as many people which, as pointed out, could be stuck with a Windows 10/11 S operating system which restricts software from the Microsoft Store.