This is my approach to password management - the tools I use, synchronization setup, folder organization, review routines, and security practices. A practical guide to managing passwords efficiently while maintaining a high level of security.
Tools and Clients
KeePass as the Core
I use KeePass as my primary password manager. It securely stores all passwords in an encrypted database that is unlocked with a master key. The database file is encrypted using AES-256, ChaCha20, and Twofish - the best encryption algorithms currently known.
Strongbox on macOS and iOS
On my Apple devices, I use Strongbox as a KeePass client. What I love most about Strongbox is its built-in SSH agent - it can use a key that lives inside the KeePass database to facilitate secure SSH authentication. No more managing separate SSH keys.
Synchronization
To keep my password database available offline yet synchronized across all devices, I use a self-hosted Nextcloud instance.
Nextcloud Clients
I run the Nextcloud client on my iPhone, MacBook, and Windows machine. Any new password creation or changes in the database are seamlessly updated across platforms.
Sync Alternatives I Tested
I experimented with other sync methods:
- Syncthing - Good for peer-to-peer, but less convenient for mobile
- Git - Works well but overkill for a single file
- iCloud - Convenient but less control over my data
Nextcloud proved to be the most practical solution, providing a balance between accessibility, security, and control over my data. Plus, it’s self-hosted on my homelab.
Folder Organization
The KeePass database is structured into folders to keep everything organized:
├── Inbox # Uncategorized passwords
├── 3rd Party # Passwords that don't belong to me
├── Favorites # Most frequently accessed (GitHub, Apple)
├── Personal # All personal passwords
│ └── Homelab # Homelab-specific credentials
└── Work # Segmented by company
├── Company A
├── Company B
└── Company C
Inbox
Passwords that haven’t been categorized yet. New entries go here first.
3rd Party
Passwords that don’t belong to me - shared credentials, client systems, etc.
Favorites
A small selection of most frequently accessed passwords. Currently just GitHub and Apple for quick access.
Personal
All my personal passwords, with a subfolder dedicated to homelab tools and services.
Work
Contains passwords segmented by company I work for, each in its own subfolder.
Maintenance and Security Practices
Weekly Review Process
I conduct a weekly review to:
- Recategorize passwords from Inbox to proper folders
- Remove old or unused entries
- Check for weak or reused passwords
- Ensure everything stays organized
Enhanced Security
- Two-factor authentication enabled wherever possible
- Passkeys over passwords - I prefer passkeys when available and am in the process of migrating
- Random generation - Moving away from reused passwords to randomly generated ones
Backup and Offline Availability
The entire password database is:
- Kept offline on each device
- Synced securely via self-hosted Nextcloud
- Automatically backed up through Nextcloud’s versioning
This provides a robust backup system that is both secure and easily accessible across all my devices.
Why This Setup?
- Control - I own my data. No third-party cloud service has my passwords.
- Offline access - Works without internet. The database lives locally.
- Cross-platform - KeePass format works everywhere with different clients.
- SSH integration - Strongbox’s SSH agent is a killer feature.
- Self-hosted sync - Nextcloud gives me Dropbox-like convenience with full control.
Getting Started
- Download KeePass or KeePassXC
- Create a database with a strong master password
- Set up your folder structure
- Install clients on all your devices (Strongbox, KeePassDX, etc.)
- Configure sync via Nextcloud, Syncthing, or your preferred method
- Establish a weekly review habit
The initial setup takes some effort, but the result is a password management system you fully control.