The use of passwords is still unavoidable at the moment. This makes it all the more important to consider a system for secure passwords. The following points in particular should be considered:

  • A separate password should be used for each service
  • A password that can be remembered is usually not a secure password.
  • Passwords should be stored securely

We recommend the use of a password manager for this purpose.

Password manager

A password manager offers the possibility to collect passwords in an encrypted memory. This memory is protected by a sufficiently complex primary password. Therefore, only one password needs to be remembered to gain access to the stored passwords.

The individual passwords can usually be generated securely with the help of an integrated password generator. Password managers usually offer some comfort functions that simplify the administration and use of the stored passwords.

Further information can also be found on the BSI website.

Selection of the primary password

The security of the stored passwords is directly dependent on the quality of the primary password. Accordingly, the primary password should be chosen and stored with sufficient security (see Secure password thanks to password generator).

Recommendation: Keepassxc

We recommend using the password manager KeePassXC.

KeePassXC is a free and open-source password manager. It is available across platforms and can therefore be used on the most common operating systems. It can be downloaded from the manufacturer's website or directly via the following links for the respective platform. When using mobile devices, it is recommended to have the password database on cloud storage (Seafile) for synchronisation and to integrate it via DAV. Furthermore, it is possible to use different password databases at the same time, e.g. for business and private access.

In addition, there is the possibility to connect the KeePassXC database to the browser via a browser addon so that password fields (after unlocking the database) can be filled in automatically. The browser addons can be downloaded from the respective browser addon stores or directly via the following links.

Other sensitive data of any format that needs to be stored securely, for example X509 user certificates and key material or SSH keys, can also be stored in KeePassXC. When used for SSH keys, it can also be used as an SSH agent.


KeePassXC: Initial Setup
KeePassXC: Browser-Addon
Secure password thanks to password generator



IT Security
Security team
IT Security
Security team