KeePassXC - Cross-Platform Password Manager

[Carding]

https://keepassxc.org

Never forget a password again.
Securely store passwords using industry standard encryption, quickly auto-type them into desktop applications, and use our browser extension to log into websites.

Encrypted
Complete database encryption using industry standard 256-bit AES. Fully compatible with KeePass Password Safe formats. Your password database works offline and requires no internet connection.

Cross-Platform
Every feature looks, feels, works, and is tested on Windows, macOS, and Linux. You can expect a seamless experience no matter which operating system you are using.

Open Source
The full source code is published under the terms of the GNU General Public License and made available on GitHub. Use, inspect, change, and share at will; contributions by everyone are welcome.

The Project

KeePassXC is a modern, secure, and open-source password manager that stores and manages your most sensitive information.

You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions.

For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted in customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.

Quick Start
The QuickStart Guide gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the downloads page. Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the User Guide.

Features List
KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.

Basic

• Create, open, and save databases in the KDBX format (KeePass compatible to KDBX4 and KDBX3)
• Store sensitive information in entries that are organized by groups
• Search for entries
• Password generator
• Auto-Type passwords into applications
• Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
• Entry icon download
• Import databases from CSV, 1Password, and KeePass1 formats

Advanced

• Database reports (password health, HIBP, and statistics)
• Database export to CSV and HTML formats
• TOTP storage and generation
• Field references between entries
• File attachments and custom attributes
• Entry history and data restoration
• YubiKey/OnlyKey challenge-response support
• Command line interface (keepassxc-cli)
• Auto-Open databases
• KeeShare shared databases (import, export, and synchronize)
• SSH Agent
• FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
• Additional encryption choices: Twofish and ChaCha20

Requirements
KeePassXC has the following runtime requirements:

• Qt5 (5.6 or newer)
• libgcrypt (1.8 or newer)
• libargon2
• libquazip5
• libqrencode
• libsodium
• zlib1g
• zlib
• libxi, libxtst, qtx11extras (optional, for Auto-Type on X11/Linux)
• libyubikey, libykpers-1 (optional, for YubiKey support)

When using the AppImage or Snap Package release, these dependencies are already bundled with the application.

For building KeePassXC from source code, the following build-time dependencies are also required:

• make
• cmake (3.1 or newer)
• g++ (5.3 or newer) or clang++ (4.0 or newer)
• headers for all runtime dependencies (*-dev or *-devel packages)

For detailed and up-to-date build instructions (also for other platforms), visit our GitHub wiki https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC

 

[Carding 4 Carders]

How hackers create secure passwords​

Secret 1. Use special characters to protect against password guessing.
This part will be devoted to additional protection of your password from brute-force attacks (password matching) by adding special characters to it. When we talk about special characters, we usually mean keyboard characters &^%^$#@)_|/, but in fact, there are many more special characters, and some of them can only be entered using the special characters table (so-called non-printable characters).

Most password matching programs use only standard special characters, so they will be obviously powerless against your password. But even if the program can check the characters you use, this is hardly feasible in practice: this is too rare a phenomenon and makes the process of sorting through all possible options too complicated.

We recommend using a zero-width sign, which is almost invisible to the human eye, but most systems are sensitive to it. Add a zero-width character to your password and it becomes almost impossible to match. Zero-width sign

The main disadvantage is that not all systems are sensitive to the zero-width sign, so your trick will not work everywhere.

Tip: Add a zero-width character to your passwords.

Secret 2. False clicks.
Imagine a situation: you are typing a password, and at this moment a camera located on the ceiling is closely monitoring every movement of your hand, every keystroke; and no matter how complex your password is, do not doubt - it will be in the hands of intruders.

You can protect yourself from this threat by covering your hand that enters the password with something. This is done by many specialists who work with special information and this is a reasonable step. we also recommend that you cover your hand with an object or, in extreme cases, with the other hand when entering important passwords in unfamiliar places.

Tip: When entering an important password, cover the input data with an object or a second hand, so that it is impossible to see them.

You can go further: they say that Edward Snowden, while in Hong Kong, entered passwords under the covers. Admittedly, this is a great way to go, but it's hard to imagine that when you walk into an unfamiliar office, you'll crawl under the covers and start typing in your password.

For such situations, there is an easier way to protect yourself from spying - add false clicks to the password. A false press is when you touch a key without actually pressing it. When you quickly enter a password, it is almost impossible for a person from the outside to make out whether there was a press, and even if they see the keys you are pressing, they will receive an incorrect password when playing them, since one or more clicks were false.

We recommend that you add two or three false clicks to particularly important passwords, but never in a row. Do not forget to tilt the laptop screen to avoid showing everyone around the number of characters entered, and at the same time cover the keyboard from prying eyes.

Tip: Add two or three false keystrokes to particularly important passwords.
Tip: When entering important passwords, tilt the laptop screen to the keyboard.

Secret 3. password entry speed.
I have often seen users enter their password as if they are seeing it for the first time. However, the speed of input directly affects security the inability to spy on the entered data. You need to bring the password entry to the fastest possible speed, this can be achieved by training. Practice entering your password: type it until you are surprised at how quickly and easily you type it and how difficult it will be for an outsider to understand what you are entering. Speed is especially important when using false keystrokes in a password.

Tip: Learn how to enter your passwords as quickly as possible.

Secret 4. the secret part of the password.
Imagine the situation: ill-wishers gained access to your password Manager or a text document with passwords by force or trickery. The attacker rubs his hands, copies the password, tries to log in and .the password doesn't fit. Copies another one and it also doesn't fit, the third one and again an error.

How is this possible? It's very simple: come up with a static part of the password that will always go at the beginning or end of any of your passwords. It should be simple and easy to remember for you, such as "qwerty1960". Without introducing this secret part, no saved password will work. It may be a little difficult to constantly enter the secret part of your password, but believe me, in return, you will receive an impressive level of security for your passwords.

Tip: Add a secret part to all your recorded and saved passwords.

If you save passwords in the browser, you will need to first save the original password, then change it in your account settings by adding the secret part. When the browser prompts you to update your saved password, you should opt out. When you open the site, the browser will offer you a saved password, to which you will need to add a secret part.

Secret 5. Secure password transmission.
Many of you periodically send passwords from one device to another. Someone uses a one-time note service for this purpose, someone sends it via messenger - all this, of course, is not very correct, but if necessary, there is one secret that will make the transfer process safer.

When transmitting the password, do not copy it completely. remove the first or last 2-4 characters. Entering them manually is not difficult, but if your transmitted password suddenly falls into the hands of intruders, they will not be able to use it.

Tip: When transmitting a password, send only part of it.

If you are already using the secret part of the password that was discussed earlier in this chapter, then you can ignore this advice.