Password Managers - KeePassXC
KeePassXC is an free and open source offline password manager running on Linux, BSD and proprietary operating systems like Windows and macOS.
Database creation
To start users need to create a database in the KDBX 4 format using AES-256 bits for encryption and Argon2d for key derivation. Others encryption algorithms (ChaCha20 256 bits, Twofish 256 bits), key derivation functions (Argon2id, AES-KDF), and tuning parameters (transform rounds, memory usage, parallelism) are available. Most users should keep the default at the exception of the decryption time which could be increased up to 5.0 seconds for higher protection but slower database opening time.
Authentication
Master password
Then they have to choose a master password and optional additional protections such as a key file or a challenge response with hardware authentication devices. These information need to be properly remembered and stored. Without them it would be impossible to decrypt the vault and access its content.
Keyfile
Users may use a static keyfile with random data generated by this application to increase security. The file should be without an extension or end with .bin otherwise it could be modified unbeknownst to the user. Any change in its content and consequently its hash value would render it obsolete.
Hardware Key
They may also use physical keys as an extra layer of protection using SoloKeys for hmac-secret FIDO2 extension (not yet implemented) or YubiKeys for HMAC-SHA1 challenge-response.
Add Entry
Once created users can now add new entries by adding a title, username, password or passphrase, tags, expired date, notes and additional attributes and attachments.
Templates
Contrary to other keepass compatible applications templates for different entry type are not yet available.
Attachments
Text files containing PGP, SSH keys and images for important documents can be added. But files with complex format like PDF and ODT should be avoided or have their textual and image information extracted. Users should be mindful of the size of the documents. The heavier the database is the longer it will take to be decrypted.
Password & Passphrase generation
Passwords or passphrase should be generated using the application builtin functionalities. As a default passwords have 20 characters of types A-z a-z 0-9 /*+&… and passphrases have 7 space-separated lowercase words from the EFF large word-list.
Statistics and Security check
Useful information can be found in the statistics page showing among others things the number of non/unique, shorts/weak passwords and potential compromised password using "Have I Been Pwned".
SSH integration
Users can also manage their SSH keys by enabling the ssh agent, creating an entry add their password and their private key as an attachment.
Form filling
Browser integration
User should prefer copying login information manually but may benefit from the KeePassXC-Browser extension. For it to work, they need to enable browser integration, choose the correct web browser and enable the database connection from the extension.
Syncing
No synchronization features are available to reduce code complexity and avoid being tied to a specific provider. Since the vault is a single file users should simply put it inside their shared cloud folder.
Similar software
The password database is readable by several applications. Even if created with KeePassXC it can be access and modified using KeePass2Android Offline, KeePassDX on Android or KeePassium on iOS.