Keeper is a password management solution launched in 2009. It is specifically designed to help individuals and businesses keep track of large numbers of passwords. The firm is based in Chicago, USA, which, is not the best place for a privacy service to be based.
The good news, however, is that Keeper provides end-to-end encryption for passwords. This means that the service functions with zero-knowledge, so, you don't have to worry about Keeper gaining access to your passwords.
On the other hand, the service is not open-source, which means that you have to trust that the software is doing as promised. At a quick glance, this password manager appears to have all the important features you would expect from a premium service. So, is it a Keeper?
Remembering strong, unique passwords, for an ever-growing number of accounts is extremely difficult. It is for this reason that password managers are becoming so popular. There are literally dozens of password managers on the market, and choosing between them is getting trickier.
Keeper is a service developed by the US firm Keeper Security Inc. and it appears to provide exactly what consumers need to effectively protect multiple accounts without the stress of remembering individual passwords. With Keeper, you simply set one master password - following that the software does everything for you.
Anybody who wants to test drive Keeper can do so for free. Free users can only use the password manager on a single device. The good news is that Keeper will remember an unlimited number of passwords even on the free version.
What’s more, despite the seemingly ambiguous nature of the free trial (it is hard to tell whether it is just 30-days or longer); Keeper assured us that it is possible to keep using the password manager for free on one device indefinitely. However, it reminded us that if you were to lose your device, you would lose all your passwords because the free version will only work on one device. This is a pretty serious limitation that could lead to you losing all your passwords.
Anybody who wants the added security and permanence of a full premium subscription will need to pay for either the standalone password manager service (Keeper Unlimited), which is charged at a cost of $29,99 per year - or the “Max Bundle.”
The “Max Bundle” comes with Keeper Password Manager (Keeper Unlimited), KeeperChat Private Messenger, BreachWatch Dark Web Monitoring, and Secure File Storage at a cost of $59.97.
In this article, we will stick to reviewing the password manager. However, we will also outline the features available in the Max Bundle to give you a sense of what they can do. On the whole, a cost of $2.50 is not considered particularly outlandish for unlimited password management on unlimited devices.
However, it is worth noting that the service is supposed to be used by just one person, and sharing it would require every person to use the same account with a single master password. This is obviously not suitable for most people’s security needs.
Thus, for multiple people who want to use Keeper password manager, it will be necessary to pay for the “Family” subscription plan which costs $59.99 and allows up to 5 people to all have their own vault with a master password. Beyond that, it is possible to opt for a Business or Enterprise account, which increases the number of individual logins available substantially depending on your needs.
It is worth noting that if you do decide to make a subscription, the firm will cheekily attempt to tack-on 10 GB of file storage for $9.99, and the BreachWatch service at a cost of $19.99. However, these can be deselected at checkout.
Subscribers can opt to pay either with a debit or credit card or via PayPal. However, the firm does not accept any cryptocurrencies at this time.
- Store unlimited passwords
- Secure client-side AES 256 encryption
- Apps for all platforms
- Web portal for ease of access
- Auto-sync passwords by logging in with a master password (unlimited only)
- Autofill forms
- Password generator
- Automatically remembers passwords you change online
- Set custom fields and protect personal data
- Secure offline mode to access passwords any time
- Emergency Access allows up to 5 people to access passwords in case of an emergency
- Store ID data and payment data
- Secure file storage
- Versioning to recover older passwords
- Secure sharing feature to share passwords or files
- Fingerprint and face ID login
- Two-factor authentication
- Unlimited devices (not on free)
Getting a trial Keeper account setup is extremely easy. Simply head over to the website and click on the button for a free trial. From there, all you will need to do is provide an existing email address in order to sign-up and start using the password manager on a single device.
Following that, you will be asked to provide both a master password and a security question. The security question is used to recover your account in the event that you forget your master password.
When you create an account, you are automatically logged in and are told that an RSA 2048 key pair is being produced to keep your connection to the web client secure.
Once logged in, you are ready to start using your account. First, Keeper invites you to import your passwords from your old password manager. This is a nice touch, which means you do not need to search the software for the import feature (which can sometimes be a little bit of a headache). To do so, you will need to install the Keeper import tool. After that you are free to import your passwords via a CSV file or in plain text, options are also there to import directly from a number of leading password managers.
With your passwords successfully imported, Keeper continues by offering you a guided walkthrough of its features. This makes the service extremely easy to get up and running. This is a massive benefit to non-tech users or people who are not accustomed to using a password manager.
Ease of Use
To get started with storing passwords click on the create icon in the top left of the web client.
We started by creating a folder for our passwords called Ray’s Social Media.
Next, we created a password entry for our Facebook account. We used the password generator by clicking on the dice - and set it to the max. This created a password 51 characters in length. An auto password generator is a very useful feature that allows you to create robust, unique passwords without having to actually think about it.
With the password created, you are prompted to install the browser extension - so that your passwords will autofill when you need them. We installed the Chrome extension because that is the browser we use for testing.
By now we were starting to become extremely impressed by the level of automation that Keeper provides. The level of design and the User Experience is second to none. This password manager is extremely good for beginners who want to manage their passwords without any difficulties whatsoever.
Next, we headed over to Facebook to see how the autofill feature works in practice. Once logged into the extension using your credentials, visiting a login page results in being asked whether you want to autofill. The process is extremely simple and works flawlessly. What’s more, once you have asked to autofill once - Keeper will continue to do so every time without asking.
Moving passwords around into folders is extremely easy, simply grab the password and drag and drop it into a folder that you have created. For anybody who wants to, the menu on the left-hand side lets you start saving other datasets such as card details that can be entered into forms to do online shopping without digging your card out of your wallet.
We tested the BreachWatch feature which lets you check whether your passwords are secure enough. It does this by comparing it against lists of compromised passwords that have previously been sold on the dark web.
The Security Audit feature checks the actual strength of your password to ensure they aren’t at risk of being brute-forced. This is another great feature that allows you to keep on top of your password health.
All in all, we found this password manager to work like a dream. This service is extremely good for beginners and has everything you need to handle password management without the stresses associated with many other services. The level of support you get at each stage of the process is fantastic, and it is nigh on impossible to fault this password manager in terms of ease of use.
Max Bundle features
Anybody who opts to pay for the max bundle gets a number of extra features that might be of interest to certain users. These include a secure private messenger and file storage. While these features seem great, it is possible to use the world-class private messenger Signal by Open Whisper for free. However, if you require secure cloud storage then adding storage to your bundle is certainly an option.
Privacy and Security
Keeper is based in the US, home of the NSA, the CIA, warrants, and gag orders. That means it is possible that the firm could be served a gag order and warrant forcing it to hand over data about its users. It could potentially even be ordered to put a backdoor in its service in order to comply with a warrant.
The good news is that despite this slight downer Keeper operates a completely zero-knowledge service in which users retain full control over their encryption keys and passwords. This means that it should be impossible for Keeper to provide US authorities with anything even if it is asked.
One peculiarity with Keeper’s service is that during account sign up, users are asked to select a Security Question and Answer. This question is used to recover an account in the event that you forget your master password. Usually being able to recover an account would set off alarm bells, because it isn’t usually possible to recover an account with true end-to-end-encryption.
However, Keeper’s account recovery works by storing a second copy of your data key which is encrypted using your Security Question and answer. To complete a vault recovery, you must answer the question, enter an email verification code, and also enter your Two-Factor Authentication code (if it is set up).
We recommend creating a strong security question and answer that is impossible to guess, as well as turning on Keeper's Two-Factor Authentication feature from the 'Settings' screen.
What is pivotal about this system, is that the “data key” is stored client-side. This means that the user genuinely retains full control over their account. Each individual record stored in a Keeper vault is encrypted with an AES (HMAC SHA 256-bit) key that is randomly generated on the user’s device using PBKDF2 key derivation. Communication with the server happens securely thanks to an RSA 2048 key pair.
The only other thing to remember is that if someone guesses your security question, they will be able to gain access to your master encryption key and will be able to update your master password. For this reason, it is imperative to use all the security features available to you (like 2FA).
For added security, data stored at rest on the user's device is encrypted with a secondary key, called the Client Key. And, secure record syncing between devices is also encrypted at the network layer and routed through Keeper's Cloud Security Vault. On paper, this multi-tiered encryption model assures extremely strong data protection and privacy.
However, it is worth noting that you do have to take the firm at its word because the entire implementation of the platform is closed source and cannot be verified by any third party security auditors. Whether this concerns you is chiefly down to your personal threat model. However, for most people, this service is probably going to be considered secure enough to handle password management without cause for concern.
Next, we checked Keeper’s implementation of TLS/SSL to ensure that data is being transmitted securely over the internet. We used Qualys SSL labs and were happy to find that its SSL transport security scores an A+, which means you can trust that the firm has implemented its TLS correctly and that your data is secured while in transit. (In addition to being secured with e2ee.)
“Keeper Security does not have access to or knowledge of an account holder’s master password, encryption keys or access to his or her Keeper vault. Accordingly, any account disclosure required by law, under a subpoena, would be limited to general account information such as the account holder’s name and account term.”
When it comes to support keeper is exceptional. Not only does it have valuable guides and FAQs on its website but it has a live chat on its website that is available 24/7.
We found the live chat agents to be knowledgeable, and they were extremely patient and willing to help. Live chat support is somewhat of a rarity for a password manager, and this is definitely a side of the service that makes it extremely desirable.
In addition, the level of support provided by the walkthroughs and prompts provided by the actual web client make this password manager extremely easy to use. All in all, the user experience with Keeper is outstanding.
When it comes to protecting passwords, there are few services that offer the level of integration and ease of use you get with Keeper. The software is excellent, and the ability to autofill passwords - and to have passwords added automatically to your repository via the extension - is superb.
Being able to use it for free is a massive bonus, and at a cost of $29.99 to sync it across all your devices this password manager is not particularly pricey, anyway.
Being based in the US is not exactly the best when it comes to privacy services. However, this provider seems to have gone to great lengths to ensure that its end-to-end encryption is flawless. The added ability to use a secret question is a nice touch, which means that you will be able to recover your password as long as you remember either the password or the answer to the security question.
On the other hand, the security question does open you to the possibility of having your account compromised - if you make it too easy. However, as long as you make it difficult enough never to be guessed and also setup dual-factor auth - you should be fine.
Another downside to this service is that it is not open source. This may put some people off, and it is a shame that such a good service is not auditable. On the other hand, this service has partnered with Bugcrowd to manage an active and ongoing bounty bug program.
We think this is a great password manager that will suit a lot of people, and it is well worth taking the service for a test run!