Review: KeePassWin UWP
The ongoing saga of keeping a secure database of passwords, serial numbers, reference data, and so on.... on Windows Phone, or, in this case, Windows 10 Mobile. If you've been following over the years then you'll be interested in this latest review, for KeePassWin, a UWP app for Windows 10. It's not yet the real McCoy though, as I shall explain...
As I mentioned when introducing secure databases a couple of years ago:
You'll probably be very familiar with the concept of a password manager - Lastpass springs to mind, a system for remembering the passwords you use on multiple web sites. But here I'm talking about a 'secure database'. Sounds grand, but it just means a store for all sorts of private information. You know, all the info that you'd worry about if your phone ever got stolen - how much do you keep in plain text in various documents and contact records? In my case, it's:
- web site logins and passwords
- bank account details and security answers
- vehicle details and ID refs
- insurance and passport numbers/details
- credit card codes and numbers
- software registration codes
- hardware serial numbers and warranty information
So, yes, web sites are in the mix, but there's very much more than this. Almost 1000 entries in all, amassed over a decade...
My long term solution, across modern platforms, turned out to be KeePass, an open source secure database format (and example access code), or more precisely, KeePass 2.x, since the second iteration of the format is the better secured and the more flexible. There are KeePass 2.x clients maintained by enthusiasts on almost all computing platforms. The database itself remains a binary, encrypted blob, living on a cloud drive (in my case, I keep it on both Google Drive and OneDrive), then applications can grab it as needed.
Well that's the theory, though I've yet to find a Windows Phone or Windows 10 Mobile application that reliably saves changes to entries back to the cloud. There's the rather slick, Hello-compatible KeePassReader, which opens the KeePass database but can't actually edit it. And then there's this, KeePassWin, able to open a local KeePass database, edit it and save changes, but this doesn't apply to saving back to OneDrive, for example. In other words, both are compromises, but both are noteworthy, depending on how you like to work this sort of thing.
In fact, you can even use both together, with the saved local KeePass database on the phone (e.g. in the Documents folder), one unlocking trivially with Windows 10 Hello (e.g. with fingerprint) but acting as the main reader and the other requiring the typing of a long master password but allowing full editing. And then, every now and then, you back it up manually to OneDrive via the Microsoft client.
If all this sounds a bit involved then yes, it is, but I'm working on the problem, year on year, and the workflow is gradually getting better.
In any case, KeePassWin does work as advertised:
Although the search and editing functions work well in KeePassWin UWP, there's clearly work for the developer to do - I'm sure integrating Windows Hello can't be that difficult, and then that would obviate the need for KeePassReader.
I'll keep you all posted, of course!
Reviewed by Steve Litchfield at