Follow this guide to quickly download and install KeePassXC on Windows 10.

In a post published last month, I concluded that KeePassXC is the best open source password manager. The time has now come to tell you how you can quickly get KeePassXC up and running on your Windows computer.

First, a word of caution. KeePassXC is a local password manager without any built in cloud synchronization mechanism. This means that all the passwords you manage in KeePassXC will only be available on the computer where the password manager is running. Also, as a natural consequence of this, your password database will not be backed up automatically. But fear not. We’ll cover cloud backups and synchronization across all your devices in a later post.

Now let’s get password managin’!

Downloading.

Start by downloading the KeePassXC installer from the official website by clicking on the “MSI installer” link below the “Installed (64-bit)” header on the website.

Next, we have to verify that the file we downloaded is what it pretends to be. Unethical hackers might have been able to access the KeePassXC download server to replace the installer with their own version. A hacked version can contain contain code that sends all your passwords to the hackers, and we certainly don’t want that.

The easiest way to verify the authenticity and integrity of the downloaded file on Windows 10 is to execute it. The message box below should appear.

Check that the value of the “Publisher” field is “DroidMonkey Apps, LLC” as it appears in the screenshots. If it’s not, the file you have download is compromised. In the unfortunate case that the file is compromised, click “Cancel”, delete the installer file you downloaded, and make sure you run a virus scan with Windows Defender.

If the publisher value checks out OK, click “Run”, and the installer will execute.

Installing.

Installing KeePassXC on Windows is easy as pie, simply follow the steps in the installer wizard. Make sure you agree to the license terms when you’re asked for that, and then just use default values the wizard suggests.

At some point in the installation process, the message box below will appear.

Verify that the “Verified publisher” has the value “DroidMonkey Apps, LLC” as it appears in the screenshot above. If it’s not, the file you have download is compromised. Should that be the case, click “No”, delete the installer file you downloaded, and make sure you run a virus scan with Windows Defender.

If the publisher value checks out OK, click “Yes”, and continue to follow the steps in the installation wizard until it’s finished.

Next Steps.

Congratulations, you’ve taken your first step towards better password security!

In the not-so-distant future, I’ll write posts describing how to use the KeePassXC interface. I’ll also cover setting up browser integration, configuring cloud synchronization, and how you can use KeePassXC on your Android device.

Until that actually happens, you can start enjoying KeePassXC by following the project’s quickstart guide.