When we reviewed the free and open source KeePass for Windows, we found it an excellent and fully featured password manager that is more than a match its commercial rivals.
KeePass2Android is an app for Android (also free and open source) that can open and edit KeePass .kdbx database files , and is fully compatible and interoperable with all versions of KeePass (it uses the original KeePass libraries to handle file access to ensure file format compatibility).
In addition to this, KeePass2Android supports full 2-way syncing with files stored in the cloud or over the web (Dropbox, Google Drive, SkyDrive, FTP, WebDAV), and integrates with Android apps and browsers so that passwords can be easily accessed.
Setting up KeePass
2a. Open KeePass2Android on your device. If you have already setup a KeePass database (as we did in our original KeePass review) that you want to automatically sync with your Android device, then select ‘Open file…’. To do this the .kdbx file must be stored in a supported cloud storage service or be accessible via FTP or HTTP transfer.
Select your online storage service (we used Dropbox)…
Navigate to the .kdbx file.
Enter the secure master password you specified when setting up the database (we will discuss KeePass’s ‘QuickUnlock feature a little later).
…And you will be taken to your password database.
2b. If you want to create a new a database, hit ‘Create new database…’ on the start screen. On the next page choose where you want to keep it (a Dropsync folder is ideal is you want to sync across devices). As with the desktop version of KeePass, you should specify a secure master password or create a key file.
Select ‘Create database’, and you will taken to your new KeePass database! New .kdbx databases are encrypted using 256-bit AES encryption with an SHA-256 password hash function to authenticate the data.
Central to KeePass2Android’s integration with Android is the KeePass2Android keyboard, which is installed alongside KeePass2Android,
‘A German research team has demonstrated that clipboard-based access of credentials as used by most Android password managers is not safe: Every app on your phone can register for changes of the clipboard and thus be notified when you copy your passwords from the password manager to your clipboard. In order to protect against this kind of attack, you should use the Keepass2Android keyboard.’
When you select a text entry box in almost any browser and most apps, the option to enter details using the KeePass2Android keyboard appears in the taskbar. When using the keyboard, if the website or app matches a password in the database, you can use the automatic keyboard functions to fill the details it in.
If a stored password is not detected then you can open your database by tapping the Kee2Pass icon.
Alternatively, in a browser you can Share a webpage with KeesPass2Android, and options to paste username or password, or open the database will appear in the taskbar.
The process for creating a new password entry is almost identical to that on the desktop (including the ability to tailor how the password is constructed).
When you create a new entry in a database shared with a Cloud server, it is almost instantly synced.
The only minor issue is that to access the updated database from a different device (such as a PC shown here), you need to re-open it in KeePass
In order to make using KeePass2Android easier, once a database has been opened using a full master password, it can be re-opened using a QuickUnlock key (by default the last 3 characters of your password). If this is entered incorrectly then the full master password must be re-entered.
‘Is this safe? First: it allows you to use a really strong password, this increases safety in case someone gets your database file. Second: If you loose your phone and someone tries to open the password database, the attacker has exactly one chance to make use of QuickUnlock. When using 3 characters and assuming 70 characters in the set of possible characters, the attacker has a 0.0003% chance of opening the file. If this sounds still too much for you, choose 4 or more characters in the settings’
The KeePass2Android user interface is based on that of the open source KeePassDroid app, and this app remains a good alternative for those wanting a simpler method of storing passwords. . It does not included any built-in sync functionality, but this can be easily achieved by storing the .kdbx file in a two-way cloud syncing folder (for example using Dropsync), or a BitTorrent Sync folder.
KeePass2Android is fully functional implementation of KeePass, and other than not being able to add additional features via plugins (for example TwoFish encryption), it provides all the functionality of the desktop version, while adding automatic syncing and impressive browser and app integration. In use we found it better integrated with Android, and generally easier to use, than the popular commercial alternative LastPass.
If you own an Android device then there really is no reason not to hugely improve your online security by using KeePass2Android in conjunction with a desktop version of KeePass (or KeePassX for Mac and Linux users) to create and manage secure passwords for all your websites and internet services