Keepassium used to be listed (I think), should I now prefer alternatives?

question

  • I’m reasonably certain Keepassium was previously listed somewhere on the Guides. The reason being, I hadn’t heard about it before coming across the app in recommendations and adding it to my notes. But I failed to find mention of it in Internet Archive snaps of the Password Manager page.
  • I don’t see Keepassium in recommendations now. Is there new information to factor in, when considering using this app?

context

  • Shortlisting options for my transition from Authy where I currently manage some TOTP.

  • Other TOTP also managed in a .KBDX.

  • Authy has, until now, housed those TOTP which I could use on-the-go (thus needing client on mobile), or for those services which only display QR codes during TOTP setup (not giving me a secret key which can be plugged straight into KeepassXC :roll_eyes:)

main criteria to be improved

  • make data portable: Authy data is not portable

candidates

  • Bitwarden
    • already use it
    • supports TOTP
    • reluctant to break some MFA by including TOTP alongside their passwords. Risk may be mitigated by protecting Bitwarden with hardware key.
  • Keepassium:
    • can combine TOTP from Authy into existing TOTP/recovery key storage .KBDX file
    • syncing will need infra that wouldn’t be necessary using Bitwarden.

FYI Recommendations can change a lot here. So, wouldn’t be surprising if it was removed.

I was able to find this discussion;

We compared Strongbox and Keepasium and decided that Strongbox offered more features both in the free and paid versions (such as not being restricted to one database).

At this point, I think Strongbox is enough, as it fits the niche that we wanted to cover (KeePass compatible app for iOS).

I can’t comment on that as I haven’t used those apps.

2 Likes

Yep, that discussion is the extent of what we’ve looked at with Keepassium I think.

We could look into Keepassium further if you could share specifically what you don’t like about Strongbox.

1 Like

Thanks for finding and sharing this :100: I was not aware Github’s Discussions were also used as a channel by this project.

I find that, especially when few options exist which satisfy privacy and security criteria, exclusions are implied to not be trusted.

From the above discussion, I understand that options aside from Strongbox are not listed because Strongbox was deemed more feature-complete compared to alternatives on the iOS platform.

But, once a minimum privacy and security criteria is satisfied, I would prefer to choose my own user experience. I see this preference reflected in another thread about Mullvad Browser:

At this point, I’ve used neither Keepassium nor Strongbox. I have usecases and am using privacyguides.org to find trustworthy candidates that may satisfy these requirements. If Keepassium is known to be privacy-friendly, then I’ll be able to consider it a potential alternative to Strongbox Zero. Otherwise, my candidates are just Strongbox and Strongbox Zero.

We don’t review every app with privacy marketing, because time is a finite resource. Exclusions are weakly implied to not be trustworthy, unless you can prove it is. Inclusions are strongly implied to be trustworthy.