How To Use KeePass on Your iPhone, iPad & Mac

An iPhone and a MacBook Pro next to one another, both displaying the Strongbox app

What is KeePass?

KeePass is a password manager that can securely store passwords, login credentials and other personal information that you need to remember. It’s also an open source file format that many other password manager apps support.

Why Use KeePass?

Unlike with many other password managers, storing your information in a KeePass database means that you have full control of your data and you’re not locked in to one specific app or company. 

In today’s world, it’s not uncommon for apps and services to go out of business, increase their prices, change their privacy policies, or stop developing new features. Using a KeePass database means that you have a high degree of freedom to choose where your data is stored and which apps you use to access it.

This means that you can:

  • Switch to a different password manager at any time, without having to go through a complicated export/import process
  • Store your database anywhere you like, either in the cloud or locally on your device
  • Easily backup your database

And, because there are a variety of different KeePass compatible password manager apps out there, you’re not locked into paying an annual or monthly subscription fee if you don’t want to. If you’re unhappy with the app you’re currently using, it’s easy to try out a different password manager app. It’s even possible to simultaneously use different apps to access the same database on different devices.

How To Setup KeePass on Your iPhone, iPad & Mac

Step 1: Choose an App

The first step is to choose which KeePass compatible app you’re going to use on your Apple device. There are various options available with different benefits and drawbacks.

We’re biassed and think that Strongbox is the best KeePass app out there 😉 And you can get started for free.

If you want to consider all of the available options, there are some key factors that you might want to look out for:

Easy To Use, Modern Design

You don’t have to sacrifice good design and convenience for security and functionality. Choose an app that looks like it was designed in 2023 and not 2003.

Well designed KeePass apps will be intuitive to use and will save you time and hassle by offering convenience features like Face ID unlock and password AutoFill when you’re browsing the web.

Cloud Sync Support

If you want to use your password database across multiple devices, e.g. on your iPhone and your Mac, then you might want to sync it with a cloud storage provider. If so, you’ll want to choose an app that is compatible with the cloud storage service or services that use.

Open Source Codebase From a Trusted Developer

It’s crucial that you trust the app that you’re using to manage your passwords and other personal information. 

The KeePass format itself is open source, which means that it is open to being inspected for vulnerabilities by anyone and everyone.

You should expect the same from your password manager. Check to see if the source code is open source and available to review online–like Strongbox’s.

Helpful and Responsive Customer Support

KeePass allows for a lot more customisation compared to mainstream password managers. More power can mean more to learn and master. Consequently it can be helpful to use an app that offers great customer support, so you can easily contact the developer if you have any questions or issues. 

Step 2: Create Your KeePass Database

Now you’ve chosen the app you’re going to use, it’s time to create your password database.

If you’re starting from scratch then you can simply create a new database and start adding entries.

It’s likely however that you have login credentials already stored somewhere else, like in your browser or another password manager. If that’s the case then you can import them into your new KeePass database.

Export Your Passwords From Your Existing Password Manager App

Begin by exporting your existing passwords from your current password manager. Here are some guides for commonly used password managers:

Most password managers will allow data to be exported in CSV format. Be careful where you store this file as it is unencrypted, which means there is no protection should someone else get access to it.

Import Your Passwords to Your New Database

The import process will differ based on the app you’re using. For instance, here’s our guide for importing a CSV file into Strongbox. If you’re using a different KeePass app, check their support articles for guidance.

Once you’ve imported your data, it’s worth doing a manual check to make sure that everything has been transferred across successfully. And, once you’re satisfied, delete the file that you imported.

Sync Your Database Across Your Devices

If you’re using multiple devices, such as your iPhone and your Mac, you’re probably going to want to keep your passwords and other personal information up to date across them all.

Mainstream password managers, like 1Password or LastPass, sync your databases on their own servers. The advantage of this is that there’s no set up required. The disadvantage however is that you do not have control of your data and it’s vulnerable to attack if the password manager in question suffers a data breach.

KeePass databases are single encrypted files that you can store wherever you like. Most KeePass users choose to move their database file to a cloud storage service such as OneDrive or Dropbox. This allows them to easily sync their passwords between devices.

If you move your database to a cloud storage service, you’ll need to give your password manager app access to this service so it can read your database and make changes.

Next Steps

Remember: now that your information is stored in an open source file format, you can try different KeePass compatible apps without having to constantly export and import your data. Try a few out and see which one is best for your needs.

You can also find out more about KeePass through the KeePass subreddit.

About Strongbox

Strongbox is a premium KeePass based password manager for iPhone, iPad and Mac. It’s easy to use and includes powerful features like Face & Touch ID unlock, browser AutoFill, automatic auditing, and much more.

You can use Strongbox for free. And we have a handy Getting Started guide. Check us out on the App Store!

Syncing with a Synology NAS

It seems that Synology released an update (version 5.15.0 on April 13th 2021) to their DS File App which appears to be problematic for users who use the “Files” method to sync their databases with Strongbox. Unfortunately we don’t know exactly what Synology have done here, and there’s little we can do to fix things. So we would like to make sure everyone is aware of the best way to perform sync with a Synology device.

Update 13-Sept-2021: We are receiving reports that Synology have now fixed their App. We continue to recommend the methods below.

Recommended Methods

We always recommend users use either WebDAV or SFTP to sync their databases with their Synology NAS devices as it appears to be a much more reliable method and isn’t prone to getting things out of sync or randomly failing. You can also access your NAS via SFTP/WebDAV using the MacOS version of Strongbox.

A Note on using SMB

Unfortunately there are reports that SMB isn’t very reliable via iOS Files and also suffers from security issues, so using it over the public Internet isn’t recommended.

WebDAV & SFTP – Recommended

So we’ll stick with WebDAV & SFTP. This is all the more pressing now with the release of the broken DS File update. In this article we’ll cover getting WebDAV or SFTP up and running and connecting via Strongbox’s built in WebDAV support.

WebDAV

The authoritative Synology instructions can be found here. In a very short summary you need to:

  1. Log in to the Disk Station Manager or DSM with an account belonging to the administrators group.
  2. Go to Package Center to install WebDAV Server.
  3. Launch WebDAV Server and check Enable HTTPS checkbox. You can customise the port number if you like.
  4. Save the settings.
  5. To access from Strongbox, choose Add Existing Database
  6. Choose WebDAV
  7. Enter the IP address or the hostname of your Synology NAS followed by a colon followed by the port number (usually 5006 but may be different depending on how you have configured it). For example: https://my.host.com:5006
  8. Enter your username/password.
  9. You may not have configured a fully functional certificate (we would recommend that you do, you could use Lets Encrypt for example), if your certificate isn’t valid, then tick the ‘Allow Untrusted Certificate’ checkbox in Strongbox.
  10. All going well you should now be able to browse your file system for your password database.
  11. Finally add that database and you’re all set!

Some tips/tricks from other users who managed to get WebDAV working on their setups. These may or may not apply to you and haven’t been verified:

  • Ensure that the correct WebDAV port number is used in the URL/Address you enter
  • Make sure the WebDAV port is enabled in the Synology’s firewall
  • Make sure the WebDAV port is forwarded on the router if accessing remotely
  • Ensure Synology user account has WebDAV permissions
  • If using your own (untrusted) SSL certificate, ensure “Allow Untrusted Certificate” is enabled
  • In some cases you may need to append /home to your WebDAV URL. See here for more details.
  • Ensure the user password does not have any special characters if you are getting authentication errors
  • TLS/ SSL Profile Levels at “Modern compatibility” seem to work but you may want to change this if you have trouble.

SFTP

The authoritative Synology instructions can be found here. In a very short set of instructions:

  1. Log in to the Disk Station Manager or DSM with an account belonging to the administrators group.
  2. Click on Control Panel
  3. Click on File Services
  4. Click on the FTP tab
  5. Scroll down to the SFTP Section and enable
  6. Now, SFTP is live. We just need to make sure that a user is able to access the SFTP service. You can do this under Control Panel also. Select the Users component and create or ensure your user has SFTP access.
  7. To access from Strongbox, choose Add Existing Database
  8. Choose SFTP
  9. Enter the IP address or the hostname of your Synology NAS.
  10. Enter your username/password.
  11. All going well you should now be able to browse your file system for your password database.
  12. Finally add that database and you’re all set!

There is a good YouTube video which explains the steps to configure your Synology as an SFTP server.

Other Helpful Hints, Tips and Tricks

There is a plethora of information in the below video for how to configure your NAS for external connectivity which you may find helpful. It is presented in a friendly and funny way. Worth a look.

Please let us know if we should any other details, or how your experience was with these instructions, so that we can update this article for others.

Offline Editing

Strongbox on iOS now supports Offline Editing. Previously it was only possible to view your database while offline but now it’s possible to add, remove, edit and reorganise your database while out on that remote hike, on a flight or even just on the Tube.

Offline Editing depends upon our recently released feature Compare & Merge and the ability to maintain an independent local copy of your KeePass (or Password Safe) database with changes, and synchronise with a remote version of your database.

NB: Offline Editing is a Pro only feature (though you can always view a read only copy of your database in the free version).

Strongbox tries to detect when you are offline and immediately offer this option to you, but sometimes you will just want to manually initiate this offline editing process yourself for whatever reason. That’s super easy now. Just long tap on your database and select Open Offline.

You can always edit offline by selecting Open Offline from the context menu
The orange icon indicates that there are pending changes to be sync’d to your remote storage location.

This will open Strongbox in Offline mode. This means you can still make all the changes you normally would, or just search for an entry. However, any changes are stored only locally, ready for sync’ing back to your remote storage location whenever you next come online, or perform a sync. If you do have local changes that need to be sync’d you will see an orange icon next to your database on the main Databases List (“Home”) screen. You can always initiate a sync by pulling down on the Databases List or just tapping to unlock the database in question. Strongbox will manage any synchronisation conflicts and present options to merge if required.

This was one of our most requested features so we’re really happy to have been able to get this one out the door. It took a lot of work and relies on some other features that we’re really proud of. We hope you’ll like it, find it useful and that it makes your life a little bit easier.

Compare & Merge (iOS)

Preview in new tab

A key component required for developing the Advanced Sync feature (coming soon) is the ability to compare databases and then to merge them. It’s quite a big feature and the development work is quite large. Since Advanced Sync is our number one development priority we’ve been deep in the code caves working on it for quite a while. Apologies if it looks like we’ve been slacking off!

With the release of version 1.50.13 on iOS we decided to not only add this functionality but also to make it available in a friendly UI. So no more flying blind when you’ve got 2 slightly out of sync copies of your databases. Just fire up Strongbox, select Compare & Merge from the context menu and let it do the hard work of comparing all entries. Optionally then you can choose to merge the databases so that you have the latest entries, edits and moves from both.

NB: The Compare feature is a Pro feature only. Advanced Sync (see below) will be available for free as we believe it’s just bad news for everyone in the password management world if we have out of sync databases promulgating.

Scenario – Mary & Joe and their shared database

Let’s take a look at this new feature briefly. One of the most common ways you can get out of sync versions is when you have multiple “editors”. Perhaps you are sharing your database with your partner Mary. Let’s say Mary goes off on a nice hike and (for some reason) decides to cleanup or re-organise your shared database. Meanwhile around the same time, you are at home and you just found a cool new bookshop which you signed up to immediately. Of course you diligently entered your login details into your Strongbox database. Well now we have arrived at that dreaded out of sync situation… What do these two databases look like? Let’s see an illustrative example.

Joe found a new bookshop…
Mary’s been busy organising!

Ruh roh… This is less than ideal. Joe has added his new favourite bookshop, Waterstones, to the database. Meanwhile Mary has been tidying up the database, moving entries around and creating a nice group structure. Ideally we really don’t want to lose any of these changes!

Well that’s where the new Compare & Merge feature comes in super handy! Let’s say Mary gets back and now you both realise your databases are out of sync. No problem! Let’s get Mary’s copy on to our devices and get the process started.

We tap and hold our database and select ‘Compare & Merge’ then follow the instructions on screen.

Get started by tapping Compare & Merge
Comparison

Finally we get to the comparison screen. As you can see Strongbox has figured out what changes were made by Mary and the changes necessary to bring your database up to speed with all of her changes. You can see she has moved a number of items around (you can even drill down and find out to where) and created a number of groups.

If you’re happy with all these changes you can go ahead and tap Merge to have Strongbox perform these moves, additions and edits. So that’s it! Here’s what that looks like after the Merge.

After Merge

That’s all there is to it really. There is a ton of complexity hidden behind this pretty UI but we hope that’s what you’ve come to expect of Strongbox. Now a short word on our next major feature, Advanced Sync, which automates this process, and which we promise is coming really soon!

Advanced Sync – Coming Soon

As you have probably guessed the same algorithm that is used for comparing and merging your databases intelligently can be used and automated when Strongbox detects your local and remote databases have gotten out of sync. Advanced Sync depends on this smart/intelligent algorithm and so that’s why this latest feature ‘Compare & Merge’ has come first. It’s a little more awkward to setup a merge because you need to add the other version of the database. We feel it was worth making this it’s own feature though. You never know when you’ll need to compare databases! Advanced Sync will seamlessly integrate this feature into the already extensive Sync architecture of Strongbox. Fingers crossed you’ll never see another out of date version of your database again.

Conclusion

Compare & Merge is a super handy tool for your databases. It should give you the confidence you need to perform merges and perhaps even figure out how you ended up in the non synchronised state in the first place. The process will be more automated as part of your regular Strongbox sync in the coming weeks so you might come across this and appreciate it completely serendipitously… We hope you’ll like it! 🙂

Lastly if you liked this article or you think this is a cool feature, please feel free to share it on social media or with your friends and family.

AutoFill on macOS

With the release of MacOS Big Sur Apple now provides a fully integrated way to fill in your passwords on different sites and App, all inside that App or site. There’s no need to switch to your Password Manager and Copy/Paste. Strongbox (as of 1.14.0) now integrates with Apple’s Password AutoFill subsystem to offer suggestions and fill in passwords. This follows on from the iOS integration which has been available for a few years now and has proven very convenient. Finally it has come to Mac.

NB: Mac AutoFill support is only available with Strongbox Pro. You can try this out for free for 90 days with no obligation to buy. We hope you’ll love it.

Note that this AutoFill system on works on Apple’s latest OS (MacOS Big Sur) and only with Apps and Browsers that have upgraded to support the Password AutoFill system. So far, as of post time, the only major browser that supports AutoFill is Safari. We believe this will change over the coming months and we should see ubiquitous Password AutoFill support in most browsers and Apps in short order.

Setup

Setup should be straightforward. In Strongbox there is an Onboarding Wizard that should help guide you through initial configuration. But you can always checkout your Strongbox AutoFill settings by unlocking your database and clicking on the menu item:

Database ‣ AutoFill Settings

You will then be presented with the following screen:

As you can see the first checkbox will hint that you should enable the Strongbox AutoFill component in the System Extensions preference pane. It can be found on your Mac here:

System Preferences ‣ Extensions ‣ Password AutoFill ‣ Strongbox

Once the Strongbox AutoFill extension is enabled on your system the other options will become available in Strongbox’s AutoFill Settings screen. You can enable or disable Strongbox AutoFill individually for each of your databases.

Safari Settings

With Safari being the primary browser for a lot of Mac users, you will also need to make sure Safari is AutoFill enabled. You can find this setting under

Safari Preferences ‣ AutoFill ‣ Usernames and Passwords

Make sure this is enabled. You can read a little more about those settings here.

QuickType AutoFill

One of the most convenient aspects of AutoFill is QuickType. This is where suggestions for credentials are presented to you inline in your browser or App and you can immediately select the appropriate one.

QuickType in Action

You can opt-in or out of this behaviour by checking the ‘Enable QuickType AutoFill’ checkbox on the AutoFill Settings screen.

One More Thing – The Wormhole

Unlocking your database can be a cumbersome process, Strongbox is designed for protection against brute force attacks and therefore requires some heavy processing before it can open your database. Further if you’re not using Touch ID or Apple Watch Unlock entering your master password takes time and is error prone. Strongbox AutoFill has the capability of unlocking your database independently but if it detects that you already have your database unlocked in the background it can establish a secure tunnel or “Wormhole” to request your credentials without requiring authentication or going through the whole unlock and decrypt process.

NB: that you must tap on a QuickType suggested credential for this to work. It doesn’t work if you just select ‘Strongbox’ from the little key dropdown. This is because the AutoFill component can only request a specific credential from a specific database via the wormhole.

This is an optional performance enhancement feature, and again you can opt in to it by checking ‘Use Wormhole Fill if Unlocked’ option on the AutoFill Settings screen.

We really hope you’ll find this new feature super convenient and as other third parties start supporting Password AutoFill we should see some really great results and a smooth painless password filling process for Mac at last!

Update 27 December 2020: It looks like Firefox are aware of this issue but could perhaps use some encouragement in integrating into their browser! See here:

https://bugzilla.mozilla.org/show_bug.cgi?id=1650212

Update 08 February 2021: It looks like Chrome are now aware of this issue but could perhaps use some encouragement in integrating into their browser! Please show your enthusiasm. 🙂

https://bugs.chromium.org/p/chromium/issues/detail?id=1170065#c14