I wanted to switch to KeePassXC and I wanted to download it on a encrypted USB drive for portability. I know I can do this on Windows, but will the password manager work on other OSes? I switch between Windows and Linux, and I want to make sure that I can do it on both. I read an online article that says its possible, but you need to make sure you have a certain file on the drive for it to work?
The software itself won’t, as the “portable” binaries are made for Windows. The vault file itself can be opened without a problem if you use the KeePassXC binaries for the OS you’re using.
What are the KeePassXC binaries?
The program files, .exe files on Windows.
Edit: If KeepassXC publishes .appimage files, these work like Windows’ .exe files, so you could place both on the USB stick.
I use a synced kbdx file on Linux (keepass-xc) and Android (KeePassDX) daily with the same keepass file. It handles all my logins, TOTP, passwords, passkeys no problem. I synchronize it using syncthing. When the two machines are on the same WiFi (or on a meshed VPN like tailscale) and can talk to each other, they sync freely.
I know someone who has it set up the same way who also uses Windows in the mix.
I haven’t checked the code, but it seems the writes the file is not actively being held open for reading and writing, with constant updates happening, updates appear to be transactional. I’ve only ended up with two sync errors in 3 years of daily syncing and I was able to merge the two files with the keepass-xc cli merge options.
The key distinction here is the program keepass-xc is not keepass the standard, just a program for reading the kbdx vault. A really good, externally audited, well coded, security first program for reading the vault!
If you’re concerned about the sync, it might be worth checking out how the original program expects DB sync to be done.
If you’re concerned about the manager working across os’s, don’t be. The primary use case, in the browser, is cross-platform by way be being a browser add-on. The brains of the operation are bundled in the keepass-xc app as a local server that only gets enabled when you switch on browser integration in the manager. The browser add-on sends web addresses to that server, and then the manager looks up the response, and sends back the correct credential. This interchange is encrypted during the pairing process.
On Android, KeePassDX hooks in to the built-in passwords, passkeys, and accounts ‘preferred service’ and offers password autofill in the keyboard suggestions bar, and comes with a credential-fill keyboard you can switch to on the fly if needed. It also saves passwords in normal apps, by storing the app id in the credential under a custom field ‘AndroidApp’ to help narrow down hinting. E.g. com.hjiansu.thunder for my Lemmy app, or com.android.settings for WiFi SSIDs and PSKs.
Doesn’t saving a password and TOTP in the same file kind of bypass the entire point of MFA?
I’ll keep that all in mind. Thank you.
I have strong doubts it would work on TempleOS
Keepass2android works like this. So it’s definitely possible. Id advise worst case you can emulate android on the Linux drive and use that apk
Do you wish to use this pen drive on pcs you control, or random computers like at the library? In the first case, as the other responder suggested, you only need to carry the database with you, not the software to open it.
I want to use it on the devices I control. If that is the case, how can I just carry the database and not the software?
It’s very easy, you’ll install KeepassXC on both pcs, and as you can read here from their docs, the first time you’ll create a brand new database (usually a .kdbx file). You can create as many as you want actually, and you can move or copy those files around, so experiment without worries. Any compatible keepass software will be able to open these databases (as long as you have the secrets needed for each one like its key or its master password…).
KeepassXC also remembers the last file locations, so the next times you open the program it should look for the db in your pen drive and immediately ask for the master password. The KeepassXC in your different pcs are indipendent, but you can edit a common file, just like we would with a word document for example.
