KeePass Vs OneNote

As far as storage is concerned, I think that any correctly encrypted file will have same level of security. The problem is that passwords are meant to be used, and then dedicated password vaults have more features:

  • ability to simulate key presses to avoid storing the password in the clipboard - and additionaly allows to use them on poorly designed web site that disallow to paste in the password field
  • even if the clipboard is used, it is cleaned after a short time to prevent the password to be inadvertantly pasted in a wrong place
  • some password managers include a password generator (keypass does) able to generate random passwords with high entropy - resistant to dictionary attacks

For all those reasons, I think that a good password manager is better than a simple encryted file, even if the crypto engines are equivalent.


A brief look out there says that it uses AES, which is robust and the exploit tools I see look like they are doing dictionary and brute force attacks, rather than attacking something systematically broken.

However, KeePass/LastPass/similar tools are specifically designed to deal with the situation. They support multi-factor/2-factor authentication, which is a bonus. I'd still recommend these tools over OneNote password protection just because of nice integrations and ease of use, but I don't see a security issue there.


Apart from the usability concerns mentioned by @Serge Ballesta in his answer, the following security problems arise:

  • KeePass has a well documented security. They document the Key Derivation Function they use and the encryption technology used
  • KeePass is Open Source software, which means that you can verify that there is no backdoor in the software
  • A KeePass database stays on your local drive, unless you put it actively onto some cloud storage. Automatic synchronisation might not be desirable for very sensitive data, like passwords.