unsubbed.co

AuthPass

Released under GPL-3.0, AuthPass provides password manager compatible with KeePass on self-hosted infrastructure.

GPL-3.0 Free authpass/authpass · 2.6K authpass.app Dart 1 deploy option Mobile App

Open-source password management, honestly reviewed. No marketing copy, just what you actually get when you stop paying for 1Password.

TL;DR

  • What it is: Free, GPL-3.0 password manager built on Flutter, fully compatible with the KeePass KDBX format (versions 3.x and 4.x). Your passwords live in a file you control — not on someone’s server [2][3].
  • Who it’s for: Individuals and small teams who already use KeePass or want to escape subscription password managers. Works across iOS, Android, Mac, Windows, Linux, and a web app [README][3].
  • Cost savings: 1Password runs $35.88/yr personal or ~$95/yr per seat for teams. Bitwarden charges $10/yr for premium features. AuthPass is $0, with zero feature tiers, zero ads, and zero per-device limits [2][4].
  • Key strength: True cross-platform KeePass client with native cloud sync (Google Drive, Dropbox, OneDrive, WebDAV/NextCloud) and biometric unlock on both mobile platforms — all for free, no account required [2][3][README].
  • Key weakness: No browser extension on any platform. Android auto-fill works; iOS auto-fill is still an open GitHub issue. The project has 2,622 stars and shows signs of a small team with slow feature velocity [README][1].

What is AuthPass

AuthPass is a password manager client that reads and writes KDBX files — the format used by the original KeePass and its many derivatives. The key distinction from modern password managers like 1Password or Bitwarden is architectural: there is no AuthPass server. Your password database is a file. You put it wherever you want — local storage, Google Drive, Dropbox, OneDrive, or a self-hosted NextCloud instance via WebDAV — and AuthPass opens it [2][3][README].

Built with Flutter by a small team (CodeUX.design), it runs natively on iOS, Android, macOS, Windows, Linux, and has a web version at web.authpass.app. The GitHub repository has 2,622 stars as of this review. The license is GPL-3.0 [merged profile].

What makes this interesting is the cross-platform story. The classic KeePass desktop app is Windows-first and aging. KeePassXC is excellent on desktop but has no official mobile app. Keepass2Android and KeePassium each cover one mobile platform. AuthPass is the rare client that ships a single consistent UI across every platform — phone, tablet, and desktop — using Flutter’s write-once rendering model [3][5].

The GitHub README’s feature checklist is unusually honest about what’s done and what isn’t. Auto-lock after inactivity: still open. iOS auto-fill: still open. Custom cloud sync via QR codes: still open. This isn’t hidden behind a changelog — it’s right there in the README [README].

Why people choose it

The Reddit thread asking “Is AuthPass trustworthy?” [1] is from 2020 and maps the exact decision most people face: you’re already using KeePass on desktop with some cloud sync, you need something on mobile that actually works with your existing KDBX file, and the established clients each have annoying gaps.

The person who asked that question was coming from Keepass2Android (browser auto-fill was unreliable), had looked at KeePassDX (no native OneDrive sync at the time), and found AuthPass checking boxes the others didn’t [1]. The responses confirm what you’d expect from a KeePass subreddit: open-source, auditable, your data stays in a file format that predates and will outlast any individual app.

TrishTech’s 2022 review [3] summarizes it cleanly: “All in all, AuthPass passes all the checkboxes for a good password manager. It works on all the platforms, has strong encryption, offers a strong password generator and is open-source.” That’s the correct take, and it’s also the ceiling — AuthPass doesn’t have ambitions beyond being a solid KDBX client.

The “no account required” angle matters more than it sounds. 1Password, LastPass, and even Bitwarden’s free tier are built around vendor-managed vaults. You sign up, you trust their servers, you hope they don’t get breached (LastPass had a catastrophic one in 2022) or change their pricing model (LastPass killed the free cross-device sync in 2021). AuthPass has no account, no email registration, no server to compromise [2][3]. The password database is a local KDBX file that you own completely.

Features

Based on the README, GoodFirms listing, and the TrishTech review:

Core password management:

  • Load and decrypt KDBX 3.x and 4.x files with password and/or key file [README][2]
  • Full read/write — create new databases, edit entries, save changes back to KDBX [README]
  • Open multiple password databases simultaneously (personal + work, for example) [2]
  • Organize entries into groups [2][3]
  • Full-text search across all entries [README][2]
  • Dark theme [2]
  • Keyboard shortcuts on desktop (Mac, Linux, Windows) [website scrape]

Security:

  • Biometric unlock (fingerprint, face unlock) — stores master password in OS KeyStore/KeyChain [README][2][3]
  • Key file support for two-factor database protection [README][2]
  • AES encryption via the KDBX format standard [3]
  • No server transmission of passwords — encrypted file goes directly to your cloud storage of choice [2][3]

Password generation:

  • Strong random password generator [2][3]
  • Character set options: lowercase, uppercase, numerals, special characters, umlauts [3]

Cloud sync:

  • Native Google Drive integration [README][2]
  • Native Dropbox integration [README][2]
  • Native Microsoft OneDrive integration [README][2]
  • WebDAV support for NextCloud, OwnCloud, and compatible servers [README][2]
  • Copy & paste between devices via whatever cloud provider you already use [README]

Auto-fill:

  • Android: native auto-fill via Android Autofill API [README][2]
  • iOS: not implemented yet — listed as an open GitHub issue [README]
  • Desktop browser extension: not available — Auto-Type for Mac is also still an open issue [README]

Platforms:

  • iOS (App Store), Android (Google Play, F-Droid available via Flathub/snap)
  • macOS (Mac App Store or direct download)
  • Windows (Microsoft Store or direct installer)
  • Linux (Snapcraft, Flatpak on Flathub, .deb, .tar.gz)
  • Web app at web.authpass.app [README]

Pricing: SaaS vs self-hosted math

AuthPass: $0. No premium tier, no ads, no per-device limit, no feature gates. The entire application is free [2][README]. The project is funded through donations (Bitcoin and GitHub Sponsors listed in the README).

For comparison, what you’re escaping:

1Password:

  • Individual: $2.99/mo ($35.88/yr)
  • Families (5 users): $4.99/mo ($59.88/yr)
  • Teams Starter: $19.95/mo for up to 10 users

Bitwarden:

  • Free: basic vault, unlimited devices (genuinely usable)
  • Premium: $10/yr — adds TOTP 2FA codes, encrypted file attachments, health reports
  • Teams: $4/user/mo

LastPass:

  • Free: limited to one device type since 2021
  • Premium: $3/mo ($36/yr)
  • Families: $4/mo ($48/yr)

Proton Pass:

  • Free: unlimited passwords, all devices
  • Plus: $4.99/mo (aliases, integrated 2FA, dark web monitoring)

Concrete math for a 5-person team:

On 1Password Families: $59.88/yr. On Bitwarden Teams: $240/yr. On AuthPass: $0/yr, forever, no calls to a vendor server. The gap widens with team size — at 10 people, Bitwarden Teams is $480/yr, 1Password Business is ~$950/yr. AuthPass stays at $0 [4].

The honest caveat: AuthPass gives you nothing in return for $0 at the team level. No central admin panel, no user provisioning, no audit logs, no enforced password policies. Each person manages their own KDBX file. For individuals and tiny teams who are fine sharing a KDBX file via Dropbox, this is fine. For a 50-person company, it’s not a workflow.

Deployment reality check

“Deployment” for AuthPass means something different than for most tools in this category. There is no server to deploy. You install the app, point it at a KDBX file (local or cloud), and you’re running.

What you actually need:

  • The app from your platform’s store (or GitHub releases)
  • An existing KDBX file, or create one fresh in AuthPass
  • A cloud storage account if you want sync (Google Drive, Dropbox, OneDrive, or a WebDAV server you control)

What can go sideways:

iOS auto-fill doesn’t work. This is the biggest practical gap. On Android, AuthPass hooks into the native Autofill API and fills passwords into apps and Chrome automatically [README][2]. On iOS, this feature is listed as an open GitHub issue and has been since the early days of the project [README]. If you’re primarily on iPhone and browser auto-fill is your primary workflow, this is a dealbreaker. KeePassium or Strongbox handle iOS auto-fill better [5].

No browser extension anywhere. Desktop power users who rely on browser-native password filling (the way 1Password and Bitwarden inject into Chrome/Firefox/Safari) will be clicking back and forth to AuthPass to copy-paste. Auto-Type for macOS is also still an open GitHub issue [README].

Small team, slow velocity. The README’s checklist of incomplete features has been sitting with open items for years. The project has 2,622 GitHub stars — healthy for a niche tool but small compared to Bitwarden (15K+) or KeePassXC (21K+) [merged profile][6]. One Reddit comment in the trust thread [1] expresses it fairly: “it seems actively maintained” — which was true in 2020 and remains true, but the pace is measured.

The web app is convenient but think about what it means. https://web.authpass.app decrypts your KDBX file in-browser. The encryption happens client-side in JavaScript, your master password never leaves your browser, and the project is open-source so you can audit it. But putting your password database through a browser app is a different threat model than a native app. Use it for emergencies, not as your daily driver.

Realistic time to first use: 5–15 minutes to install, create a database, add entries, and set up Google Drive or Dropbox sync. If you’re migrating from KeePass or KeePassXC, import is as simple as opening your existing KDBX file — AuthPass reads it natively.

Pros and Cons

Pros

  • Completely free, zero feature tiers. No “premium” paywall, no ads, no account required. Every feature in the app is available to every user [2][README].
  • True KDBX compatibility. Reads and writes KeePass 3.x and 4.x format — the most portable, vendor-neutral password database format that exists. Your data works with KeePass, KeePassXC, KeePassium, and dozens of other clients [3][README].
  • Data sovereignty by design. AuthPass has no servers. Your database goes to Google Drive, Dropbox, OneDrive, or your own NextCloud — your choice, your control. Nothing transits an AuthPass server [2][3].
  • Genuinely cross-platform. Single codebase (Flutter) across iOS, Android, Mac, Windows, Linux, Web. The same app, same UI, same sync — not a patchwork of separately maintained clients [3][5][README].
  • Native cloud sync. Not “export and manually upload” sync — actual live integration with Google Drive, Dropbox, OneDrive, and WebDAV [2][README].
  • Biometric unlock on mobile. Fingerprint and face unlock on both Android and iOS via OS KeyStore/KeyChain. The master password never sits in plaintext [README][2].
  • GPL-3.0 open source. The source is on GitHub, forkable, auditable. A small community of contributors, but the codebase is real and public [merged profile][1].
  • Multiple databases simultaneously. Open your work vault and personal vault at the same time [2].

Cons

  • No iOS auto-fill. The single most useful mobile feature — having passwords appear when you tap a login field — works on Android only. iOS auto-fill has been an open GitHub issue for years [README]. If you’re on iPhone, this is a meaningful limitation compared to KeePassium or Strongbox.
  • No browser extension. On desktop, you’re copy-pasting passwords. There is no Chrome/Firefox/Safari extension. Auto-Type (keyboard shortcut fill) is also unimplemented on Mac [README]. Compare to Bitwarden, which has polished browser extensions for every major browser.
  • Small team, incomplete roadmap. Auto-lock after inactivity: unimplemented. iOS auto-fill: unimplemented. Custom cloud sync via QR codes: unimplemented. These have been on the roadmap for years [README]. The project is maintained but not fast-moving.
  • No team management features. No admin console, no enforced policies, no audit logs, no user provisioning. AuthPass is a personal tool extended to teams by sharing a KDBX file via Dropbox — not an enterprise password manager [2].
  • GPL-3.0 license. Not MIT. For most users this is irrelevant. If you’re a developer who wants to embed or redistribute the code in a commercial product, the GPL has restrictions [merged profile][6].
  • Limited community and documentation. The docs site is sparse. The forum exists but is small. Contrast with Bitwarden, which has extensive documentation, a large community, and paid support tiers [2].
  • No TOTP/2FA code management built-in. Unlike Bitwarden Premium or 1Password, AuthPass doesn’t store and generate TOTP codes natively in the app (data not confirmed in reviewed sources — verify before relying on this).

Who should use this / who shouldn’t

Use AuthPass if:

  • You already use KeePass or KeePassXC on desktop and need a mobile client that reads your KDBX file natively.
  • You’re an Android user who wants free auto-fill without a subscription.
  • You want your passwords in a file format that will outlast any individual app or company.
  • You use NextCloud or another WebDAV server for sync and want native integration.
  • You’re a solo user or pair who is fine copy-pasting passwords on desktop but want mobile to just work.
  • You need something genuinely free with no account signup.

Skip it (pick KeePassium or Strongbox) if:

  • You’re primarily on iPhone and auto-fill is non-negotiable. Both KeePassium and Strongbox implement iOS auto-fill properly [5].

Skip it (pick KeePassXC) if:

  • You’re desktop-first and want browser auto-fill. KeePassXC has mature browser extensions for Chrome, Firefox, and Safari, plus Auto-Type support [6].

Skip it (pick Bitwarden) if:

  • You want a polished experience with browser extensions, team management, and a self-hosted server option. Bitwarden’s free tier is genuinely good, and $10/yr for premium is reasonable [4][6].
  • You want centralized admin controls for a team.
  • You’ve never used KeePass and don’t have a KDBX file to migrate from.

Skip it (stay on 1Password) if:

  • Your team depends on shared vaults, item access controls, guest accounts, and audit logs. AuthPass has none of these [4].
  • Browser auto-fill quality matters for your daily workflow — 1Password’s browser integration is the best in the category.

Alternatives worth considering

Based on the AlternativeTo listing, SourceForge comparisons, and the KeePass ecosystem:

  • KeePassXC — the best desktop-only KeePass client. Excellent browser extensions, Auto-Type, strong plugin support. No official mobile app, but pairs well with KeePassium on iOS or Keepass2Android on Android [6].
  • KeePassium — iOS-native KeePass client with proper auto-fill, iCloud/Dropbox sync, and a polished native interface. Free tier available, premium unlocks advanced features. If you’re iPhone-first, start here [5][6].
  • Keepass2Android — the long-standing Android KeePass client. More mature than AuthPass on Android, but AuthPass has a cleaner UI [1][5].
  • Bitwarden — the strongest open-source alternative if you’re willing to have a server in the picture. Self-hostable (Vaultwarden is a popular Rust reimplementation), excellent browser extensions, $0 free tier covers most personal needs. GPL-3.0 as well. Different model: your vault lives on a Bitwarden server (or your self-hosted instance), not in a file [4][6].
  • Proton Pass — newer entrant from the Proton team. Open-source (GPL-3.0), end-to-end encrypted, integrates with ProtonMail aliases. More polished than AuthPass but requires a Proton account and server [4][6].
  • KeePass (classic) — the original. Windows-only UI, requires Mono on Mac/Linux for the desktop app. Every KeePass-compatible client in this list reads its format. Use KeePass if you need the plugin ecosystem; use KeePassXC or AuthPass if you want a modern UI [6].

For someone leaving a paid password manager specifically because of cost, the realistic shortlist is AuthPass vs Bitwarden. Bitwarden’s free tier handles browser auto-fill everywhere; AuthPass handles cross-platform KDBX compatibility. If you have an existing KeePass database, AuthPass. If you’re starting fresh, Bitwarden.

Bottom line

AuthPass is the right tool for a specific job: if you live in the KeePass file ecosystem and need everything — iOS, Android, Mac, Windows, Linux — to open the same KDBX database with native cloud sync, AuthPass is the only genuinely cross-platform client that does it for free with no account required. For Android users who want auto-fill, it works well. For iPhone users who need auto-fill, it doesn’t — check KeePassium instead.

It’s not a replacement for Bitwarden if you want browser extensions and team features. It’s not a replacement for 1Password if you want polished enterprise controls. What it is: a free, open-source, file-based password manager that keeps your data entirely under your control, works on everything you own, and costs nothing to run. For a solo founder or small team coming off LastPass or trying to avoid a recurring bill, the value is obvious. For a team that needs centralized management, look elsewhere.

If you want someone to migrate your team from a paying password manager to an open-source setup without the afternoon of figuring it out yourself, upready.dev handles that as a one-time deployment.

Sources

  1. r/KeePass — “Is AuthPass trustworthy?” (2020). https://www.reddit.com/r/KeePass/comments/igc6oc/is_authpass_trustworthy/ — reddit.com
  2. GoodFirms — AuthPass Reviews & Pricing 2026. https://www.goodfirms.co/software/authpass — goodfirms.co
  3. TrishTech — “AuthPass: Open-Source Free Password Manager” (2022). https://www.trishtech.com/2022/06/authpass-free-password-manager/ — trishtech.com
  4. SourceForge — AuthPass Reviews in 2026. https://sourceforge.net/software/product/AuthPass/ — sourceforge.net
  5. Medevel — “13 Open-source Password Managers iOS Devices”. https://medevel.com/13-password-manager-for-ios/ — medevel.com
  6. AlternativeTo — “AuthPass Alternatives: Top 12 Password Managers” (updated Dec 2025). https://alternativeto.net/software/authpass—password-manager/ — alternativeto.net

Primary sources:

Features

Mobile & Desktop

  • Mobile App

Category

Security & Authentication (159)

Replaces

1Password
14 tools
LastPass
21 tools

Related Security & Authentication Tools

View all 159 →

Ghidra

66K

A free, open-source software reverse engineering framework created by the NSA — disassemble, decompile, and analyze compiled code on any platform.

security Apache-2.0

PocketBase

58K

Open-source backend in a single 12 MB binary — realtime database, auth, file storage, and admin dashboard. No Docker, no Postgres, just run it.

security MIT Easy to deploy

Vaultwarden

57K

Lightweight, self-hosted Bitwarden-compatible password manager written in Rust. Uses 10x less RAM than the official server and works with all Bitwarden clients.

security AGPL-3.0

Zen Browser

41K

Zen Browser is a privacy-focused, beautifully designed Firefox fork with a unique sidebar tab layout, split views, and built-in content blocking — no telemetry, no tracking.

security MPL-2.0

Vault

35K

Manage secrets and protect sensitive data. Securely store and control access to tokens, passwords, certificates, and encryption keys.

security

KeyCloak

33K

Open source identity and access management. Add authentication to applications and secure services with minimum effort.

security Apache-2.0