8 Plugins to Extend & Secure Your KeePass Password Database

Mark O'Neill 07-01-2016

It took me a long time to be persuaded to use a password manager. I was always a notebook and pen type of guy when remembering passwords, and the paranoid part of me thought there was probably a backdoor in these apps that sends the passwords back to the developers.


Yes, I wear a tinfoil hat.


But as my passwords got longer and more sophisticated, writing them down on paper became much more difficult and impractical. I mean, @R5g9_jMnDp23@_12Xq@ doesn’t exactly roll off the tongue does it? So I switched to a password manager, and I was instantly hooked with KeePass.

The great thing about KeePass is that they have plugins which extend the usefulness of the program, the same way a browser gets new features when a plugin is installed. Here are eight you should seriously consider installing if you are a KeePasser.

But First……



Most of the plugins only work with KeePass version 2. Version 1 is an older release and so only a small selection of the plugins will work with this. So if you really want to use plugins, I highly recommend you upgrade to version 2. You will have to export the password database from version 1 first then import it into version 2. It’s very easy and only takes a couple of minutes.

Secondly, installing plugins is very easy. Each plugin will either come as a zip file or as a PLGX file. “Installing” only involves exiting KeePass and then placing the plugin in the same folder as the keepass.exe file (you’ll find this by browsing to C:\Program Files (x86)\KeePass Password Safe\). Zip files should be unzipped and all of the folder’s contents placed in the keepass.exe location. PLGX files should also be placed in the same location. No need to click on them. KeePass takes care of all of that.

When you’re ready to start using KeePass again, double-click the keepass.exe icon in the KeePass directory to start the program. Don’t use desktop shortcuts or app launchers to launch KeePass. You MUST double-click keepass.exe. You will then see a message on-screen telling you that the plugins are being activated and the program will subsequently open.

Last of all, as far as I am aware, these plugins only work with the Windows version of KeePass. The Mac and Linux versions do not appear to have plugin support, which I hope the developers will make a serious effort to rectify soon.


Now we have all that out of the way, let’s take a look at the plugins.

Database Backup


In life, disasters happen. It’s normal and unavoidable. One thing that you should be doing on a constant basis (preferably daily) to avert potential disasters is backing up everything that lives on your computer’s hard drive. Whether on a removable hard drive, a USB stick, or on cloud storage; it doesn’t matter.

Your password manager is no exception. What if somehow you accidently delete the database? Or it becomes corrupted? Or your hard drive goes on the fritz? Any number of things can happen, which is why this plugin is so invaluable.


Simply configure where you want the database backup to go (obviously not on the same computer as the original database) then click “Backup DB NOW!”. Instantly your database will be copied to the other location. Easy.

Favicon Downloader


It could be said that this is really only for aesthetic value only, but I would also point out another use for having favicons. When you start to build a really big list of website names and URLs, sometimes the mind reacts easier and faster to a graphic than text. Instead of scanning the list and potentially missing the one you want, you could instead see the icon much faster. When you look at my list above, what jumps out at you more? The icon or the text?

After installing this plugin, you will see a new menu option for downloading the favicons. The plugin will then scan your list and download the relevant icons where available. It may have issues with a few sites, in which case try again later. When I tested it, it couldn’t retrieve the favicons for Invoiceable and Pocket.


Word Sequence Generator


It used to be that all you needed to secure your online accounts was a simple password. Those days are long gone, and now you need to have ever more sophisticated passwords if you want to beat the likes of hackers and the NSA.

One stronger form of password is a word sequence password (also known as a passphrase 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More ). This was strongly recommended by Edward Snowden, when he was interviewed by John Oliver. So instead of one word or a jumble of different characters, instead have a sequence of words How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More . So something like flamingo tractor cucumber toyboy .

When configuring it, you will be asked to insert your wordlist. So the plugin merely takes the words you give it and jumbles them up to make unique passwords. So find a wordlist online (very easy to find if you Google “wordlists”), and copy/paste them into the provided space. Make sure you have a huge list of unique words, so you get as many different variations of word sequences possible. I would suggest a minimum of 500 words. 1,000 would be better.

One good site for getting words is List Of Random Words. But as I said, Google is bursting with so much more.

Enhanced Entry View


The standard interface for KeePass gives you fields for the username, URL, password, and a few other assorted extras. But if you are looking for more flexibility in what you can list for each password entry, then Enhanced Entry View is the one to head to.

EEV gives you fields such as tags, an expiry date field, and plenty of space for notes. It’s a nice plugin to have to expand on what KeePass merely provides as default.

Onscreen Keyboard


You are probably wondering why you would need an on-screen keyboard. Well, what about this scenario? You are on a computer in an Internet cafe with portable KeePass on a USB stick. How do you know there isn’t keylogging software covertly installed on the computer? Or the same could be said for “friends” and acquaintances hoping to read your email and chat messages.

If it isn’t your keyboard, I would suggest you adopt a policy of “don’t trust it” and assume the keyboard is compromised. That is where Onscreen Keyboard helps out enormously.

When you start KeePass, the keyboard will immediately open, so you can use the mouse or trackpad to click on the keyboard buttons. Take that, keyloggers.

Quick Search


If favicons are not your thing, or you fancy having another way to search your password lists, then Quick Search is a good one to try out.

What is nice about Quick Search is that it gives you real-time search. So as you type, it narrows down the list of possibilities. A huge time saver if you have lots of passwords to search through.

Floating Panel


Floating Panel is a link which sits on your desktop, on top of all other windows. It can be dragged with the mouse to wherever you want it to go, and it simply provides you with quick links to open up various aspects of your KeePass Database without actually clicking on the KeePass program itself.

This would be advantageous if, for example, you had lots of windows and apps open. Save time by using Floating Panel instead.

QR Code Generator


Although there is a KeePass equivalent for iOS, this nifty ad-on is for if you prefer not to install the iOS app, or for users of other operating systems. It simply generates a QR code What Are QR Codes? Digitize Your World & Back Again Read More on the spot for any password.

Just highlight the password entry in KeePass then click the QR code menu option. A small box will then pop-up with the password. Use a QR code scanner on your phone or tablet (here’s one for iOS Scan - An Easy To Use QR & Barcode Scanner [iOS] Scanning QR codes and barcodes can be useful in all kinds of situations. Perhaps you want more information about a certain product? Maybe someone gave you a business card with a QR code on it... Read More , and one for Android) to scan the code, and up pops the password on your phone/tablet screen.


Which KeePass Plugins Do YOU Use?

There are so many plugins available that I’m sure I missed your favorites. So tell us in the comments below which one makes securing your passwords so much easier.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Glenn
    June 28, 2017 at 2:47 am

    Quick Unlock is a great plugin... you only type a few letters of the beginning or end of your password to unlock your database. If it's incorrect, you have to type the whole p/w. All of those seconds every day really add up!

  2. Anonymous
    January 10, 2016 at 6:42 pm

    "One stronger form of password is a word sequence password (also known as a passphrase)." Despite being recommended by XKCD it's now become a really ****BAD**** idea to use passphrases, since hackers use "rainbow tables" with thousands and thousands of common words - combining them with each other and numbers - to try to crack passwords. Really strong passwords that *can't* be guessed this way use lots of numbers, upper and lowercase characters, and punctuation.

    • Nick
      January 17, 2016 at 9:06 pm

      The problem isn't using passphrases it's using passphrases composed of randomly selected words. If you use phrases that are common such as out of a book, poem, song, or composed of an English sentence it reduces security. If you can manage to pick 5 completely random words from the dictionary (which humans are generally really bad at) than you will be better off than a random string.

      English keyboard has roughly 57 characters available so a random string of 20 characters would have 57^20 = 1.3e35 combinations

      The English dictionary has ~170,000 words so 4 words would yield
      170,000^4 = 8.4e20 combinations

      Albeit this is significantly lower but still uncrackable assuming the password is stored properly. It would still take 2170+ years to guess 8.4e20 combinations at 350 billion guesses per second (which is only obtainable with significant computing power and a weak hash function)

      • Anonymous
        January 19, 2016 at 4:39 pm

        The problem is that people won't pick from ~170,000 words, they'll pick from <5,000 more common words, and wind up with significantly fewer than 8.4e20 combinations. They'll wind up with words that are definitely in the "rainbow tables" that hackers use to pick passwords.
        Which is more likely to be used as a password: "myprettyponyrunsfast" or "skacromulentumamizeugmaschism"?
        Choosing a password by combining words is likely to entice users to make short passwords from common words, not secure passwords that will take centuries to crack. How many password managers like Roboform have word-phrase generators, and how many user random characters? Roboform? KeePass? LastPass? Thought so.

        • Nick
          January 19, 2016 at 4:53 pm

          The other problem with having long, random passwords is it leads people to do other stupid things else risk being locked out of their accounts. They're either going to have a weak Keepass password, or do something like email/write down their passwords so they can use them when they don't have access to their password db. How do you access your Amazon account or email on your phone? You're probably going to make your email password something you can get into easily (assuming you're the average user). Most other passwords can be reset with your email and a quick search for personal info on the web.

          My point is, it doesn't really matter how secure a password is because it's not the password that's the weakest link. There is a whole chain of weaker links before the password.

          Re-using passwords across sites is a much worse offense than anything else. All it takes is one site storing your password in plain-text and cracking doesn't matter.

        • Anonymous
          January 20, 2016 at 4:45 pm

          I have KeePass for Android on my tablet and phone, and DropBox to sync the database. This way I **never** re-use a password, and I have no worries about being locked out - the password database is on my desktop, laptop, tablet, and phone, and I always have a secure password generator on each device.
          The people whose passwords get hacked are the ones who don't give a damn. I prefer to keep myself safe.
          The KeePass-sniffing trojan has me worried, so I'm upgrading my antivirus on each device as a New Year's resolution.

  3. Anonymous
    January 8, 2016 at 12:00 am

    You note there is an iOS KeePass app, you should also note that there is an Android app (actually two with slightly different features) in the Play Store. I use (and there is a comparison of the two in the documentation).

    As for tricky websites (and it seems a lot of them are getting trickier in the name of security), you can always use the notes section to record things like security questions, etc. You can also put other information there; I use it for my Amex card number. The notes are encrypted along with everything else.

    I use KeePass as my safety deposit box for key sites. For most sites, like MUO, I use the Firefox password manager which has almost 1000 sites I logged into over the past decade.

    • Mark O'Neill
      January 8, 2016 at 1:45 pm

      Yes you're absolutely right. I totally forgot about the Android version. Sorry about that :-))

      I use the Chrome password manager and KeePass, and each one is pretty much a backup of the other. You can never have enough backups :-)

  4. Anonymous
    January 7, 2016 at 6:28 pm

    I've tried Keepasss more than once and gave up in despair, returning to Lastpass each time. Seems 'everytime' a site requires anything other than user name and password, Keepass trips up! And Keepasss' own user instructions are near worthless - sure, it tells you the basics, but nothing at all about alternatives/options when things don't work perfectly.

    I still like the idea o keeping my log-in credentials on my computer and not in 'the cloud' like with Lastpass. Would be real nice if MUO could write a tutorial article - including tips on dealing with 'tricky' websites.

    • Mark O'Neill
      January 8, 2016 at 1:47 pm

      Define "tricky" exactly.

      As Hildyblog says, you can put any extra information in the notes section.

      • Anonymous
        January 8, 2016 at 9:27 pm


        Too often, I find that websites that deviate from the usual "username / password" arrangement (such as asking for email instead) -- will trip up Keepass -- causing it to fail to populate the fields. I am sure there are ways to fix that -- but I can't seem to find much documentation of what to do when things don't work.

        • Tiberius Wright
          January 11, 2016 at 2:44 am

          Which websites are you unable to use KeePass? The only services that don't work for KeePass is and Humble Bundle because they're using some sort of TOTP from an enigma machine that the Spanish Inquisition obtained.

        • bob
          April 27, 2016 at 3:52 pm

          Solution 1 (simpler):

          - Store the email address in the username field on your KeePass entry for the site.

          Solution 2 (fancier):

          Locate your entry on KeePass, then open the 'Edit Entry' window:

          - Advanced (tab) > Add (button):
          In the 'Name' field type: email
          In the 'Value' field type your email address.

          - Auto-Type (tab):
          Check the box 'Enable auto-type for this entry';
          Select 'Override default sequence' and, in the adjacent text box type: {S:email}{TAB}{Password}


          That's it.

          Solution 2 allows you to have both a username and an email address in that KeePass entry, and the auto-type will work correctly.
          This can be easily extended/altered to include other information: just create another custom field (like above), and include its name in the custom auto-type sequence, using the {S:} syntax, just like in the example above.

        • Anonymous
          May 7, 2016 at 3:15 pm

          Thanks - I'll give it a try.

    • Anonymous
      January 10, 2016 at 6:38 pm

      Why are you typing "KeePass" with **three** S's? LOL.

  5. Anonymous
    January 7, 2016 at 4:48 pm

    " When you look at my list above, what jumps out at you more? The icon or the text?"
    The text. Because it tells me the name of the site. Also, for somebody with poor eyesight it is easier to differentiarte between similar words that similar icons. It would take me a very long time to learn what site each icon represents. Favicons may be useful when one has 10 or 20 bookmarks. When one has thousands, no way.

    While the text name of BlueTree, Copy and Invoicable is distinctive, all three favicons look the same. Can't use icons to pick a site.
    Why is the icon for Firefox Hello an 'm'? Not very intuitive. In fact, not intuitive at all.

    • Anonymous
      January 7, 2016 at 5:28 pm

      "Favicons may be useful when one has 10 or 20 bookmarks. When one has thousands, no way."
      A database with 1000s of passwords? Undoubtedly some people have those, but, also undoubtedly, will be a tiny minority. So they are not representative of the KeePass user community. But even looking at that handful, I'll bet that looking for a specific password by reading text is no piece of cake either, no way. I'll bet they would still go for favicons.

    • Mark O'Neill
      January 8, 2016 at 1:49 pm

      Well.....I have poor eyesight as well and need to wear glasses. But favicons still work for me. So I guess we all just need to use what we each prefer.

      I don't know why Firefox Hello is a M. That is the favicon that was retrieved from Firefox. I guess you would need to ask them. :-))

      • Anonymous
        January 8, 2016 at 4:52 pm

        The question about Firefox Hello was rhetorical, Mark. My general point is that favicons are not intuitive and that one favicon can be used by several different sites.

  6. m-p{3}
    January 7, 2016 at 3:43 pm

    I use Tray TOTP ( as an additional way of accessing my TOTP/Google Authenticator code securely from my desktop.

    • Mark O'Neill
      January 8, 2016 at 1:51 pm

      I was wanting to include that one in the article and I spent hours trying to get it to work. In the end, I stopped as I was about to throw the monitor out of the window. It's not easy configuring that one.

      • Tiberius Wright
        January 11, 2016 at 2:45 am

        Another alternative plugin is KeeOTP.

    • paradonym
      October 6, 2016 at 2:52 pm

      The OTP inside password managers plugins make OTP weaker. If you don't need a second device to generate the code, the OTP code is effectively useless.

      Imagine a spyware which reads and uses your clipboard faster than you copy+paste an OTP code...