How To Clean Up and Reduce the Size of Your KeePass Database

Introduction

The file size of a KeePass database is an often overlooked aspect impacting the way that you manage your passwords. A smaller database file translates to faster syncing and improved overall performance, saving you time and ensuring a seamless user experience. We’ve found that databases that are smaller than 4 MB perform the best.

Below are some tips for how to reduce the size of your KeePass database as much as possible, including:

Going From 20 MB to 68 KB

Recently I was experiencing some issues syncing my KeePass database between my Mac and iPhone. After saving a change on my Mac, sometimes that change would not be there when I unlocked the same database on my iPhone.

Data loss is extremely worrying, particularly when it concerns something as important as passwords and personal information.

Like many people, I was syncing my database between devices using a cloud storage provider. I noticed that the sync itself was taking a long time because my KeePass database file size had ballooned to over 20 MB. Every time I changed my database, the entire 20 MB file was uploaded to the cloud. This could sometimes take a minute or more when I was in an area with a poor internet connection.

So, in fact, no data was being lost (and I was confident that I could use Strongbox’s advanced Compare and Merge function to easily address any sync conflicts). But it was inconvenient.

This lead me to experiment with ways to reduce the size of my database. Now my database, containing over 600 entries, is only 68 KB. Syncing is lightning-fast and my experience of using KeePass is vastly improved.

You can do the same to your database by following the steps below.

Why Size Matters

If you’re interested in understanding why reducing the file size of your database can have such a big impact, read on. Or, you can skip straight to the step-by-step instructions below.

A KeePass database is a “flat” file. Every time that you make a change on one device, the entire database file needs to be transferred to your other devices. This is called a “cumulative update”.

Many other online services work differently, allowing individual changes to be pushed and pulled between different databases. So if you make a change on one device, only that specific change needs to be transferred to your other devices. This is known as a “delta update”.

Imagine a large document with many pages. Each page represents an entry in your database. When you change a page in the document, the whole document has to be recreated. If you want to share this updated version of the document with your friend, you have to give them a whole new copy of the document that contains all of the pages, both new and old. This is a cumulative update.

If you instead take a copy of the single page that you changed, give that to your friend and they replace only that one page in their copy of the document, this is the equivalent of a delta update.

Since KeePass is based on a cumulative update model, the overall size of the database file is relevant to its performance and portability.

Smaller Means Faster

Every time that you update your database, the entire file has to be uploaded to the cloud and then downloaded on your other devices. The smaller your database file, the faster this will happen.

And the faster this happens, the less likely you are to inadvertently make a change to an older version of the database on another device and thereby create a sync conflict.

In addition, every time you unlock your database, the entire volume must be decrypted. The smaller your database file, the faster this will also happen.

On many modern devices, the difference in unlock time is relatively marginal, but for older devices, a smaller database can result in meaningful speed improvements. This is particularly true when you consider that you might be unlocking your database multiple times a day over the course of years of usage. Those small time savings can add up.

More interestingly perhaps, reducing the file size could also create more headroom that you could take advantage of to increase the amount of encryption used to protect your database.

With a smaller file to decrypt, it will be possible to increase the number of iterations without creating an inconvenient time delay.

How To Reduce the Size of Your KeePass Database

PSA: Remember to always create a backup of your KeePass database before making any changes, and ensure you have a secure and reliable backup strategy in place!

Remove Attachments (20 MB down to 7.5 MB)

The first step is somewhat obvious but still worth mentioning. File attachments, even small ones, are many times larger than any text-only entry you have in your database.

Some of these you can probably delete. (Remember that any attachments that you delete will go to the Recycle Bin and that, until you empty the Recycle Bin, the size of your database file won’t actually decrease.)

Some of these you could archive in another storage location, such as a separate KeePass database or an encrypted disk image (using a tool such as VeraCrypt).

Strongbox has a dedicated Attachments view which you can select from the left-hand sidebar.

For instance, I was storing some ID documents in Strongbox, like a JPG of my driver’s license, that I didn’t need to have there. What I did instead was to use an app called TextSniper to copy and paste the important data from the JPG into custom fields within a Strongbox entry. I then exported the file to an iCloud Drive folder and deleted it from Strongbox.

In my case, I was able to remove around 14 MB of attachments. Most of these were PDFs and JPGs that didn’t need to be encrypted in my KeePass database. I moved them into folders in iCloud Drive and deleted them from Strongbox.

Remove Custom Icons and Favicons (6 MB down to 1.5 MB)

All of the icons and favicons that you’re using are stored within your database file itself. This means they are encrypted and decrypted regularly and they have to be synced every time you make a change to your database.

I had over 600 entries in my database and most of which had favicons attached, which I had downloaded using Strongbox’s Favicon Downloader.

Personally, I decided that the advantages of a smaller database outweighed the advantages of having attractive, easy-to-recognise icons. By setting all entries to use a single icon, I was able to reduce my database size by a further 4.5 MB.

Setting all entries to use the same icon is less colourful, but more efficient.

To strip out all of the icons from your database, follow these steps:

  1. Open the Strongbox app preferences
  2. Go to the Advanced tab
  3. Make sure that ‘Strip Unused Icons on Save is enabled
  4. Unlock your database
  5. Select All Entries in the left sidebar
  6. Select all the entries in the list (CMD + A)
  7. Right-click them and choose Set Icon
  8. Choose one of the icons from the options provided
  9. Save your database (CMD + S)

Of course, you don’t have to strip the icons from every entry. You could instead choose to only do this for a selection of the entries in your database.

(N.B. you may find that your database doesn’t actually reduce in size until you do the step below. This is because the old icons could still be stored as part of your password history.)

And if you later decide to add favicons back, you can select the entries, right click and choose Find Favicon(s).

If you decide to start using favicons again, it’s easy to add them back using Strongbox’s Favicon Downloader.

Remove Password History and Unnecessary Metadata (1.5 MB down to 68 KB)

Strongbox (and other KeePass apps) will store password history and other metadata in your database file. You can remove all of this by creating a new database file and then copying all of your entries across. This is a “fresh start” for your database.

(This metadata is used to do things like manage sync conflicts and database merges, but it’s not necessary to keep it forever.)

To do this we recommend using Strongbox on your Mac. The steps are:

  1. Create a new database
  2. Unlock your current database in another window or tab
  3. Copy and paste or drag and drop all of your entries from the current database to the new database
  4. Use the new database as your current database, and delete (or backup) the old one

It’s also possible to do this on iOS. The steps are:

  1. Create a new database
  2. Go back to the list of databases and unlock your current database
  3. Select the entries to move (tap the three-dot menu in the top right of the screen and then tap Select)
  4. Select the entries to move (note that it’s easier to move large numbers of entries if they’re inside a group)
  5. Tap Export Item(s)
  6. Choose your new database
  7. Unlock the new database and confirm

This should reduce the size of your database significantly. In my case, I was able to clear out a further 1.5 MB.

Taking It Further

At this point, we’re at the point of diminishing returns. The steps below are mostly focused on removing unnecessary entries from your database, but the entries themselves are tiny in comparison to the attachments and icons that are mentioned above. That said, here are some extra steps that you can take to optimise your database to be as small as possible.

Empty the Recycle Bin

Attachments and entries that you delete go to the Recycle Bin. Until you empty the Recycle Bin, they won’t actually contribute to reducing the size of your database.

You can empty it by right clicking it on Mac or long pressing it on iOS and selecting Empty Recycle Bin.

Delete Duplicate Entries

You can view all duplicated entries in Strongbox on Mac by selecting Duplicated under the Audit Issues heading in the left sidebar. On iOS, tap the search bar and then Audit Issues.

As well as saving a bit of space, deleting duplicates is going to make AutoFill suggestions easier for you to parse.

Spread Entries Across Different Database Files

If you’re currently storing all of your entries in a single database, you might want to consider splitting them across multiple databases instead.

For instance, if you have a group of entries that you rarely use, you could “archive” these by moving them to a different database. This means that your primary database is going to unlock and sync faster because it’s not weighed down by entries that are rarely needed.

This would be particularly effective if you have a lot of attachments. In this case, you could even create a separate database just to store your attachments.

This is less convenient of course, potentially requiring multiple database unlocks to access data when before only one would have been necessary. It can also make configuring AutoFill more complicated.

Make Sure That Compression Is Enabled

Strongbox uses gzip compression by default. It’s worth checking that this is enabled in the Encryption Settings for your database, particularly if you have a lot of attachments.

Gzip is enabled by default when you create a new database in Strongbox, but it might be turned off if you’ve imported your database from another KeePass app.

Conclusion

Hopefully, you can apply some or all of the steps above to reduce the size of your database, making your experience of using Strongbox even faster.

If you have any other tips or tricks to reduce database size, let us know in our subreddit or on Twitter.

The Most Secure Password Manager, Now Available on macOS (Strongbox Zero)

Strongbox Zero, the local-only version of Strongbox previously only available on iOS, is now available on macOS as well!

Strongbox Zero is a completely separate version of Strongbox that provides the absolute maximum level of privacy and security. All the networking code and as many third party libraries as possible have been stripped out of Zero. It is designed for the most extreme privacy and security conscious users and we don’t recommend it for most people!

With the release of the macOS version of Strongbox Zero, it’s now possible to use the app on Macs, iPhones and iPads for a single price. And all future updates will be included at no extra cost. The license even works with Apple’s Family Sharing.

And if you previously purchased Zero on iOS, you can download the new Mac app for free.

You can download Strongbox Zero here.

And for more details about Strongbox Zero, check out our help articles:

Move From 1Password to Strongbox: Import File Attachments, Custom Fields and More

Strongbox is now more reliable than ever when importing 1Password databases, with improved handling of file attachments, custom fields, tags, and folder structures.

Introduction

When you migrate from 1Password to another password manager, like Strongbox, you want to be confident that all of your data has come across without anything being lost.

Most password managers will only import your usernames and passwords from 1Password, ignoring or mishandling file attachments, custom fields, tags and folder structures. This means that you will need to check what data is missing and move it across manually. This is time consuming and error prone. With Strongbox you can import your entire 1Password vault in one go.

And we’ve recently improved Strongbox’s import functionality for 1Password, LastPass and Apple/iCloud Keychain. Read on to find out how we’ve made our 1Password import more reliable.

1PUX Support

With the update to 1Password 8, it’s now possible to export your 1Password data to a new file format called 1Password Unencrypted Export (1PUX). 1PUX includes a new data structure. It’s more logically structured than the previous 1PIF format and preserves far, far more data than CSV.

In order to parse 1PUX files, we built a dedicated new importer which preserves as much metadata as possible, copying attachments across and trying to maintain field ordering and Archived items.

1PIF Improvements

We’ve also revamped the way that we import 1PIF files. 1PIF was the file format previously used when exporting databases in older versions of 1Password.

These improvements mean that the entries in the Archive and Trash folders in your 1PIF file will now be imported into Strongbox. We’ve also improved the general reliability of 1PIF imports.

Custom Sections in 1Password

In 1Password, custom fields can be grouped into sections and those custom sections can be named.

This is one aspect of your 1Password database that Strongbox is not able to interpret and import. All custom fields will be imported but they will not be grouped into sections (as they appear when viewed in the 1Password app).

If you have entries that contain a lot of different sections and custom fields, we recommend checking that the custom fields within an entry don’t have duplicate names. And, if that is the case, consider prefixing the custom field name with its section name in the 1Password app before you export your database to a 1PUX file. If you don’t, the custom fields could be difficult to identify once they’ve been imported into Strongbox.

Conclusion

For step by step instructions on how to move your data from 1Password to Strongbox, check out our guide here.

If you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com

CVE-2023-24055 Vulnerability Update

Security researchers have recently discovered a vulnerability in the Windows KeePass app that could allow attackers to obtain stored passwords in cleartext. The bug has been dubbed CVE-2023-24055.

The Strongbox app is not affected by this vulnerability. Which means that if you use Strongbox to work with your KeePass databases you’re protected.

The exploit is based on an attacker being able to edit a configuration file and set up a trigger that silently exports entries from the KeePass database. Strongbox is architected so that configuration files can not be edited by an attacker in this manner.

The Strongbox team is monitoring the situation and will respond if there are any further developments.

How To Use KeePass on Your iPhone, iPad & Mac

What is KeePass?

KeePass is a password manager that can securely store passwords, login credentials and other personal information that you need to remember. It’s also an open source file format that many other password manager apps support.

Why Use KeePass?

Unlike with many other password managers, storing your information in a KeePass database means that you have full control of your data and you’re not locked in to one specific app or company. 

In today’s world, it’s not uncommon for apps and services to go out of business, increase their prices, change their privacy policies, or stop developing new features. Using a KeePass database means that you have a high degree of freedom to choose where your data is stored and which apps you use to access it.

This means that you can:

  • Switch to a different password manager at any time, without having to go through a complicated export/import process
  • Store your database anywhere you like, either in the cloud or locally on your device
  • Easily backup your database

And, because there are a variety of different KeePass compatible password manager apps out there, you’re not locked into paying an annual or monthly subscription fee if you don’t want to. If you’re unhappy with the app you’re currently using, it’s easy to try out a different password manager app. It’s even possible to simultaneously use different apps to access the same database on different devices.

How To Setup KeePass on Your iPhone, iPad & Mac

Step 1: Choose an App

The first step is to choose which KeePass compatible app you’re going to use on your Apple device. There are various options available with different benefits and drawbacks.

We’re biassed and think that Strongbox is the best KeePass app out there 😉 And you can get started for free.

If you want to consider all of the available options, there are some key factors that you might want to look out for:

Easy To Use, Modern Design

You don’t have to sacrifice good design and convenience for security and functionality. Choose an app that looks like it was designed in 2023 and not 2003.

Well designed KeePass apps will be intuitive to use and will save you time and hassle by offering convenience features like Face ID unlock and password AutoFill when you’re browsing the web.

Cloud Sync Support

If you want to use your password database across multiple devices, e.g. on your iPhone and your Mac, then you might want to sync it with a cloud storage provider. If so, you’ll want to choose an app that is compatible with the cloud storage service or services that use.

Open Source Codebase From a Trusted Developer

It’s crucial that you trust the app that you’re using to manage your passwords and other personal information. 

The KeePass format itself is open source, which means that it is open to being inspected for vulnerabilities by anyone and everyone.

You should expect the same from your password manager. Check to see if the source code is open source and available to review online–like Strongbox’s.

Helpful and Responsive Customer Support

KeePass allows for a lot more customisation compared to mainstream password managers. More power can mean more to learn and master. Consequently it can be helpful to use an app that offers great customer support, so you can easily contact the developer if you have any questions or issues. 

Step 2: Create Your KeePass Database

Now you’ve chosen the app you’re going to use, it’s time to create your password database.

If you’re starting from scratch then you can simply create a new database and start adding entries.

It’s likely however that you have login credentials already stored somewhere else, like in your browser or another password manager. If that’s the case then you can import them into your new KeePass database.

Export Your Passwords From Your Existing Password Manager App

Begin by exporting your existing passwords from your current password manager. Here are some guides for commonly used password managers:

Most password managers will allow data to be exported in CSV format. Be careful where you store this file as it is unencrypted, which means there is no protection should someone else get access to it.

Import Your Passwords to Your New Database

The import process will differ based on the app you’re using. For instance, here’s our guide for importing a CSV file into Strongbox. If you’re using a different KeePass app, check their support articles for guidance.

Once you’ve imported your data, it’s worth doing a manual check to make sure that everything has been transferred across successfully. And, once you’re satisfied, delete the file that you imported.

Sync Your Database Across Your Devices

If you’re using multiple devices, such as your iPhone and your Mac, you’re probably going to want to keep your passwords and other personal information up to date across them all.

Mainstream password managers, like 1Password or LastPass, sync your databases on their own servers. The advantage of this is that there’s no set up required. The disadvantage however is that you do not have control of your data and it’s vulnerable to attack if the password manager in question suffers a data breach.

KeePass databases are single encrypted files that you can store wherever you like. Most KeePass users choose to move their database file to a cloud storage service such as OneDrive or Dropbox. This allows them to easily sync their passwords between devices.

If you move your database to a cloud storage service, you’ll need to give your password manager app access to this service so it can read your database and make changes.

Next Steps

Remember: now that your information is stored in an open source file format, you can try different KeePass compatible apps without having to constantly export and import your data. Try a few out and see which one is best for your needs.

You can also find out more about KeePass through the KeePass subreddit.

About Strongbox

Strongbox is a premium KeePass based password manager for iPhone, iPad and Mac. It’s easy to use and includes powerful features like Face & Touch ID unlock, browser AutoFill, automatic auditing, and much more.

You can use Strongbox for free. And we have a handy Getting Started guide. Check us out on the App Store!

🇬🇷 Καλώς ήρθες Ελλάδα!

You can now use Strongbox in Greek. Update your app to version 1.58.3 to take advantage.

A big thank you to John Spiropoulos for providing the Greek localisation.

Let us know which language you would like to see Strongbox support next.