Is Keepass Safe?
Keepass — Nerq Trust Score 63.8/100 (C+ grade). Based on analysis of 2 trust dimensions, it is generally safe but has some concerns. Last updated: 2026-05-31.
Use Keepass with some caution. Keepass is a password manager (no cloud sync by default) with a Nerq Trust Score of 63.8/100 (C+), based on 3 independent data dimensions. Below the recommended threshold of 70. Security: 90/100. Popularity: 90/100. Data sourced from multiple public sources including package registries, GitHub, NVD, OSV.dev, and OpenSSF Scorecard. Last updated: 2026-04-01. Machine-readable data (JSON).
Is Keepass safe?
CAUTION — Keepass has a Nerq Trust Score of 63.8/100 (C+). It has moderate trust signals but shows some areas of concern that warrant attention. Suitable for development use — review security and maintenance signals before production deployment.
What is Keepass's trust score?
Keepass has a Nerq Trust Score of 63.8/100, earning a C+ grade. This score is based on 2 independently measured dimensions including security, maintenance, and community adoption.
What are the key security findings for Keepass?
Keepass's strongest signal is security at 90/100. No known vulnerabilities have been detected. It has not yet reached the Nerq Verified threshold of 70+.
What is Keepass and who maintains it?
| Author | Unknown |
| Category | Password Managers |
| Stars | 4,000 |
| Source | N/A |
Security Assessment
Encryption
Keepass uses AES-256 (industry standard), ChaCha20 (modern stream cipher), Argon2d (key derivation).
Zero-Knowledge Architecture
Keepass uses a zero-knowledge architecture — your master password and vault data are encrypted locally and never sent to the server in plaintext.
Open Source
Keepass is open source with 4,000 GitHub stars.
Based in Germany. No published independent audit.
Keepass Across Platforms
Same developer/company in other registries:
Similar Password Manager by Trust Score
Safety Guide: Keepass
What is Keepass?
Keepass is a password manager — KeePass is free, open-source password manager under GPL-2.0. AES-256 and ChaCha20 encryption with Argon2 key derivation. Database stored locally — no cloud sync by default. Certified by BSI (German Fe.
How to Verify Safety
Check breach history. Verify encryption standard. Review independent audit status.
You can also check the trust score via API: GET /v1/preflight?target=KeePass
Key Safety Concerns for password manager
When evaluating any password manager, watch for: breach history, encryption standard, audit status, jurisdiction.
Trust Assessment
Keepass has a Nerq Trust Score of 64/100 (C+) and has not yet reached Nerq trust threshold (70+). This score is based on automated analysis of security, maintenance, community, and quality signals.
Key Takeaways
- Keepass has a Trust Score of 64/100 (C+).
- Review carefully before use — below trust threshold.
- Always verify independently using the Nerq API.
Detailed Score Analysis
| Dimension | Score |
|---|---|
| Security | 90/100 |
| Maintenance | 50/100 |
| Popularity | 90/100 |
| Quality | 50/100 |
| Community | 35/100 |
Based on 5 dimensions. Data from multiple public sources including package registries, GitHub, NVD, OSV.dev, and OpenSSF Scorecard.
What data does Keepass collect?
Keepass has a privacy score of 85/100. Review the documentation and privacy policy for data handling details.
Full analysis: Keepass Privacy Report · Privacy review
Is Keepass secure?
Security score: 90/100. This meets the recommended security threshold for production use.
Nerq monitors this entity against NVD, OSV.dev, and registry-specific vulnerability databases for ongoing security assessment.
Full analysis: Keepass Security Report
Keepass Across Platforms
Same developer/company in other registries:
How we calculated this score
Keepass's trust score of 63.8/100 (C+) is computed from multiple public sources including package registries, GitHub, NVD, OSV.dev, and OpenSSF Scorecard. The score reflects 5 independent dimensions: security (90/100), maintenance (50/100), popularity (90/100), quality (50/100), community (35/100). Each dimension is weighted equally to produce the composite trust score.
Nerq analyzes over 7.5 million entities across 26 registries using the same methodology, enabling direct cross-entity comparison. Scores are updated continuously as new data becomes available.
This page was last reviewed on May 31, 2026. Data version: 0.0.
Full methodology documentation · Machine-readable data (JSON API)
Frequently Asked Questions
Is Keepass Safe?
What is Keepass's trust score?
What are safer alternatives to Keepass?
How often is Keepass's safety score updated?
Can I use Keepass in a regulated environment?
Popular in Password Managers
See Also
Disclaimer: Nerq trust scores are automated assessments based on publicly available signals. They are not endorsements or guarantees. Always conduct your own due diligence.