Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Everything stored in your Keeper vault is known as a history. There are many different types of records, including logins, credit cards, identities, secure notes, and software licenses, but you can also create a general record with any fields you want, as well as add custom fields and attach files to other record types. Instead of tags or categories, Keeper lets you create folders, and nest folders inside each other.
You can share at the record or folder level. Record sharing speaks for itself, but folder sharing is interesting. Instead of sharing an entire vault, as with a service like Proton Pass, you can create a shared folder with a permissions structure similar to Google Drive. You can set your records to be view-only, give shared users edit access, and even allow users to add and manage other users.
These sharing settings are not completely universal. You can set up a shared folder for viewing only, but you can give some users the ability to manage users and/or records, and you can change permissions on individual records within that folder. Some records can be view-only, while others can be opened for editing.
You can share individual records in several ways. You can share them forever, but you can also create one-time sharing links for users who aren’t subscribed to Keeper. Access is limited to one device through this link. If you need something more temporary, you can create a self-destruct log, which will be shared and then deleted shortly after you open the log.
Security guard
Keeper uses a zero-knowledge and trust-based security architecture. Each record you store in Keeper is individually encrypted with its own AES-256 key. These keys are then wrapped with another AES-256 key, which is derived from your master password. Even if someone cracks your AES-256 key — which is unlikely — it won’t unlock your individual records.
All encryption is done locally, so Keeper never sees your vault data, nor does it have the keys needed to decrypt it (read… Explanation of the pass key For more information about public key cryptography and how zero-knowledge models work). This gives you complete end-to-end encryption, and to make sure nothing happens during transfer, Keeper generates an additional AES-256 transfer key to protect data from man-in-the-middle attacks.
A zero-knowledge security architecture and multiple layers of encryption are expected from a password manager, but what stands out about Keeper is how transparent it is with its security architecture. Most likely because of its focus on enterprise, Keeper maintains extensive documentation About how it works and the protections in place.
Keeper has a lot of tools for operational security. In the browser extension, for example, there is a clipboard expiration setting that defaults to 30 seconds. Anything you copy will be automatically erased. There’s also a warning that will automatically display if you try to autofill an HTTP header, preventing your credentials from traveling over an unsecured network.
Surprisingly, Keeper’s enterprise focus works well for personal use. The security architecture is top-notch, the apps come packed with features, and the sharing capabilities are unparalleled. What Keeper loses out on is pricing. Although its pricing is in line with the rest of the market for a single user, it is a little high for a family plan. And features that come standard with other password managers, such as dark web monitoring, are paid add-ons.
