Keeper (password manager)

Last updated
Keeper Security, Inc.
Developer(s) Keeper Security Inc.
Initial releaseJanuary 2009
Operating system Windows, Windows Phone, macOS, Linux, Android, iOS, Web, WatchOS, Wear OS [1]
Type Password manager, secrets manager, agentless remote desktop gateway, privileged access manager
License Software as a Service (SaaS)
Website keepersecurity.com

Keeper Security, Inc. (Keeper) is a provider of zero-knowledge security and encryption software covering password management, secrets management, connection management, privileged access management, dark web monitoring, digital file storage, and encrypted messaging, among other offerings. [2]

Contents

Keeper Password Manager

Keeper password manager uses a freemium pricing model for individual consumers [3] and a subscription-based model for households and businesses. [4] The free individual version of Keeper provides storage for passwords, identity data, and financial information, with included a password generator and two-factor authentication (2FA) on a single mobile device. The subscription-based model for individual consumers offers additional features such as unlimited password, identity data, and financial data storage on an unlimited number of devices, cross-device syncing, and record-sharing capabilities. [5]

Keeper is available as a mobile app for Android and iOS, as well as a desktop application for Windows, Linux, and MacOS. [6] It offers a desktop browser extension for Safari, Chrome, Firefox, Microsoft Edge, Opera, and Brave. [7]

Keeper vaults are locked using the owner's "master password". Users can further protect their vaults via a variety of multi-factor authentication methods, including Google Authenticator, Duo Security, FIDO U2F, and biometrics. [8]

Customer vaults are secured using an AES-256 key, which is derived from the user’s master password using PBKDF2 with 1,000,000 iterations by default. Only encrypted ciphertext is stored on Keeper’s servers, and the company has no way of decrypting the data its customers store in their digital vaults, nor can it retrieve their master passwords. [9]

Keeper users can directly share passwords, files, and other information “vault to vault” with other Keeper users and through One-Time Share for non-Keeper users; all shared content is secured with PKI encryption. [10]

Keeper Security Government Cloud

Keeper Security is listed as Authorized on the FedRAMP Marketplace at the Moderate Impact Level, with an authorization date of 8/23/2022 [11] and Authorized on the StateRAMP Marketplace at the Moderate Impact Level, with an authorization date of 11/30/2022. [12] Keeper Security Government Cloud (KSGC) is for U.S. federal, state, and municipal government agencies. It supports compliance with the United States International Traffic in Arms Regulations (ITAR).

History

In 2009, Craig Lurey developed the original Keeper app with Darren Guccione. [13] In 2011, Lurey and Guccione officially co-founded Keeper Security, Inc. As of March 2022, Keeper had offices located in Chicago (US Headquarters); El Dorado Hills, California (Software Development); Cork, Ireland (EMEA Business Sales); and Cebu, Philippines (International Customer Support). [14]

In October 2019, Keeper launched KeeperMSP, a password management platform designed specifically for managed service providers (MSPs), managed security service providers (MSSPs), and their customers. [15] In August 2020, Keeper received a $60 million minority investment from venture capital firm Insight Partners. [16] In March 2021, Keeper launched Keeper SSO Connect. [17] In May 2021, Keeper was listed on the U.S. federal government’s FedRAMP Marketplace as a "CSP in Process." [18] In January 2022, Keeper announced the launch of Keeper Secrets Manager. [19]

In February 2022, Keeper acquired remote access gateway company Glyptodon Inc., creator of Glyptodon Enterprise and Apache Guacamole, and commenced integrating Glyptodon Enterprise into its product suite. [20] In May 2022, Keeper launched Keeper Connection Manager, a rebranding and revamping of Glyptodon Enterprise into a commercial-grade remote desktop gateway with expanded capabilities, advanced integrations, and ongoing feature development. [21]

In August 2022, Keeper Security became Authorized on the FedRAMP Marketplace at the Moderate Impact Level. [11] In November 2022, Keeper Security became Authorized on the StateRAMP Marketplace at the Moderate Impact Level. [12]

Reception

PC World named Keeper an Editor's Choice in 2019 [22] and Most Security-Minded Password Manager in 2022. [23] PCMag named Keeper “Best Password Manager for Businesses" (2022), as well as Best Password Manager and Editors' Choice for the previous three consecutive years. [24] Tom’s Guide named Keeper one of the best password managers of 2022. [25] U.S. News & World Report’s 360 Reviews team named Keeper Best Overall Password Manager of 2021. [3]

Incidents

In December 2017, Keeper was bundled with Windows 10 by Microsoft. Google security researcher Tavis Ormandy disclosed that the software recommended installing a browser addon which contained a vulnerability allowing any malicious website to steal any password. [26] A nearly identical vulnerability was already previously discovered and disclosed to Keeper in 2016. [27] [28] Within 24 hours, the company issued a patch. [29] [30]

Reporting and lawsuit

Dan Goodin of Ars Technica appears to have been the first to report about the vulnerability in the press. [27] Days later, the company that makes Keeper sued Goodin and Ars Technica, claiming their article was defamatory and misleading. [31] A number of security experts decried the lawsuit as "bullying" or "ridiculous" and said that "the lawsuit will cause more damage to the company than the article" did. [31] [32] The lawsuit and Ars Technica's anti-SLAPP response lawsuit were dismissed on March 30, 2018, and Ars Technica added further clarifications to their article. [33] [34]

Following the lawsuit, Keeper launched a public vulnerability disclosure program in partnership with Bugcrowd. [35]

See also

Related Research Articles

<span class="mw-page-title-main">Safari (web browser)</span> Web browser by Apple

Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and visionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.

<span class="mw-page-title-main">Firefox</span> Free and open-source web browser by Mozilla

Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and anticipated web standards. Firefox is available for Windows 10 or later versions, macOS, and Linux. Its unofficial ports are available for various Unix and Unix-like operating systems, including FreeBSD, OpenBSD, NetBSD, illumos, and Solaris Unix. It is also available for Android and iOS. However, as with all other iOS web browsers, the iOS version uses the WebKit layout engine instead of Gecko due to platform requirements. An optimized version is also available on the Amazon Fire TV as one of the two main browsers available with Amazon's Silk Browser.

The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users. SAM uses cryptographic measures to prevent unauthenticated users accessing the system.

A password manager is a computer program that allows users to store and manage their passwords for local applications or online services such as web applications, online shops or social media. A web browser generally has a built in version of a password manager. These have been criticised frequently as many have stored the passwords in plaintext, allowing hacking attempts.

<span class="mw-page-title-main">Opera (web browser)</span> Freeware web browser

Opera is a multi-platform web browser developed by its namesake company Opera. The current edition of the browser is based on Chromium. Opera is available on Windows, macOS, Linux, Android, and iOS. There are also mobile versions called Opera Mobile and Opera Mini. Opera users also have access to Opera News, a news app based on an AI platform.

<span class="mw-page-title-main">Google Chrome</span> Web browser developed by Google

Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, and also for Android, where it is the default browser. The browser is also the main component of ChromeOS, where it serves as the platform for web applications.

LastPass is a password manager application owned by GoTo. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

<span class="mw-page-title-main">Chromium (web browser)</span> Open-source web browser project

Chromium is a free and open-source web browser project, primarily developed and maintained by Google. It is a widely-used codebase, providing the vast majority of code for Google Chrome and many other browsers, including Microsoft Edge, Samsung Internet, and Opera. The code is also used by several app frameworks.

<span class="mw-page-title-main">Firefox 3.5</span> Firefox web browser version

Mozilla Firefox 3.5 is a version of the Firefox web browser released in June 2009, adding a variety of new features to Firefox. Version 3.5 was touted as being twice as fast as 3.0. It includes private browsing, has tear-off tabs, and uses the Gecko 1.9.1 engine. It was codenamed Shiretoko during development, and was initially numbered Firefox 3.1 before Mozilla developers decided to change the version to 3.5, to reflect the inclusion of a significantly greater scope of changes than were originally planned. It is the last major version to support X BitMap images.

<span class="mw-page-title-main">Gatekeeper (macOS)</span> Security feature of macOS

Gatekeeper is a security feature of the macOS operating system by Apple. It enforces code signing and verifies downloaded applications before allowing them to run, thereby reducing the likelihood of inadvertently executing malware. Gatekeeper builds upon File Quarantine, which was introduced in Mac OS X Leopard and expanded in Mac OS X Snow Leopard. The feature originated in version 10.7.3 of Mac OS X Lion as the command-line utility spctl. A graphical user interface was originally added in OS X Mountain Lion (10.8) but was backported to Lion with the 10.7.5 update.

<span class="mw-page-title-main">1Password</span> Password management software

1Password is a password manager developed by the Canadian software company AgileBits Inc. It supports multiple platforms such as iOS, Android, Windows, Linux, and macOS. It provides a place for users to store various passwords, software licenses, and other sensitive information in a virtual vault that is locked with a PBKDF2-guarded master password. By default, the user’s encrypted vault is hosted on AgileBits’ servers for a monthly fee.

The Java software platform provides a number of features designed for improving the security of Java applications. This includes enforcing runtime constraints through the use of the Java Virtual Machine (JVM), a security manager that sandboxes untrusted code from the rest of the operating system, and a suite of security APIs that Java developers can utilise. Despite this, criticism has been directed at the programming language, and Oracle, due to an increase in malicious programs that revealed security vulnerabilities in the JVM, which were subsequently not properly addressed by Oracle in a timely manner.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.

<span class="mw-page-title-main">Windows 10</span> Tenth major release of Windows NT, released in 2015

Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on July 29, 2015. Windows 10 was made available for download via MSDN and TechNet, as a free upgrade for retail copies of Windows 8 and Windows 8.1 users via the Microsoft Store, and to Windows 7 users via Windows Update. Windows 10 receives new builds on an ongoing basis, which are available at no additional cost to users, in addition to additional test builds of Windows 10, which are available to Windows Insiders. Devices in enterprise environments can receive these updates at a slower pace, or use long-term support milestones that only receive critical updates, such as security patches, over their ten-year lifespan of extended support. In June 2021, Microsoft announced that support for Windows 10 editions which are not in the Long-Term Servicing Channel (LTSC) will end on October 14, 2025.

<span class="mw-page-title-main">Enpass</span> Password manager

Enpass is a cross-platform offline password management app available as a freemium software with subscription plans as also with one time payment licence.

<span class="mw-page-title-main">Bitwarden</span> Open-source password manager

Bitwarden is a freemium open-source password management service that stores sensitive information, such as website credentials, in an encrypted vault. The platform offers a variety of client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. Bitwarden offers a free US or European cloud-hosted service as well as the ability to self-host.

<span class="mw-page-title-main">BlueKeep</span> Windows security hole

BlueKeep is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution.

Bugcrowd is a crowdsourced security platform. It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.

DataSpii is a leak that directly compromised the private data of as many as 4 million Chrome and Firefox users via at least eight browser extensions. The eight browser extensions included Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock, PanelMeasurement, Branded Surveys, and Panel Community Surveys. The private data included personally identifiable information (PII), corporate information (CI), and government information (GI). DataSpii impacted the Pentagon, Zoom, Bank of America, Sony, Kaiser Permanente, Apple, Facebook, Microsoft, Amazon, Symantec, FireEye, Trend Micro, Boeing, SpaceX, and Palo Alto Networks. Highly sensitive information associated with these corporations and agencies was intercepted and sent to foreign-owned entities.

References

  1. Keeper. "Download Password Manager for Mac, PC, Linux & More - Keeper" . Retrieved 8 February 2018.
  2. "Exclusive: Keeper Security launches industry-first solution". IT Brief Australia. Retrieved 2023-04-19.
  3. 1 2 Pegoraro, Rob; Forster, Timothy J. (August 12, 2021). "Keeper Password Manager Review and Prices". U.S. News & World Report. Retrieved March 17, 2022.
  4. "Keeper Password Manager Pricing". G2. Retrieved March 17, 2022.
  5. Long, Emily (January 27, 2022). "Keeper password manager review". Tom's Guide. Retrieved March 17, 2022.
  6. "Keeper Web Vault & Desktop App User Guide". Keeper Security. Retrieved March 17, 2022.
  7. "KeeperFill Browser Extensions - User Guides". Keeper Security. Retrieved March 17, 2022.
  8. Nieves, Edgar J. (March 4, 2022). "5 Best Password Managers of 2022". Money Magazine. Retrieved March 17, 2022.
  9. Mazūra, Justinas (March 16, 2022). "Keeper password manager app review 2022". Cybernews. Retrieved March 17, 2022.
  10. Will McCurdy (2022-06-23). "One of the best password managers around just picked up an excellent new feature". TechRadar. Retrieved 2022-07-20.
  11. 1 2 "The Federal Risk And Management Program Dashboard". marketplace.fedramp.gov. Retrieved 2022-08-25.
  12. 1 2 "Authorized Product List". StateRAMP. Retrieved 2023-04-19.
  13. "No matter how much we innovate, passwords are here to stay". Silicon Republic. April 16, 2021. Retrieved March 17, 2022.
  14. "Company Overview & Solutions Guide" (PDF). Keeper Security. Retrieved March 17, 2022.
  15. "Keeper Security Unveils Exclusive Solution for Managed Service Providers". PR Newswire. October 30, 2019. Retrieved March 17, 2022.
  16. Earley, Kelly (August 18, 2020). "Keeper Security's password protection tech raises $60m". Silicon Republic. Retrieved March 17, 2022.
  17. "Keeper Security Reimagines and Secures the Passwordless Future with Keeper SSO Connect™ Cloud". PR Newswire. March 9, 2021. Retrieved March 17, 2022.
  18. "Keeper Password Manager on Twitter". Twitter. May 24, 2021. Retrieved March 17, 2022.
  19. Spadafora, Anthony (January 12, 2022). "Keeper Security wants to help keep all your online secrets". TechRadar Pro. Retrieved March 17, 2022.
  20. Riley, Duncan (February 3, 2022). "Keeper Security acquires Apache Guacamole inventor Glyptodon". Silicon Angle. Retrieved March 17, 2022.
  21. Murphy, Ian (2022-05-05). "Keeper Security launches Keeper Connection Manager". Enterprise Times. Retrieved 2022-07-20.
  22. Ansaldo, Michael (October 30, 2019). "Keeper review: Security is the greatest strength of this password manager". PC World. Retrieved July 20, 2022.
  23. Ansaldo, Michael (July 13, 2022). "Best password managers: Reviews of the top products". PC World. Retrieved July 20, 2022.
  24. Key, Kim (February 1, 2022). "The Best Password Managers for Businesses in 2022". PCMag. Retrieved March 17, 2022.
  25. Wagenseil, Paul (March 1, 2022). "The best password managers in 2022". Tom's Guide. Retrieved March 17, 2022.
  26. "Windows 10 included password manager with huge security hole". Engadget. Retrieved 2017-12-20.
  27. 1 2 Goodin, Dan (2017-12-15). "Microsoft is forcing users to install a critically flawed password manager". Ars Technica. Archived from the original on 2017-12-15. Retrieved 21 April 2024.
  28. Chirgwin, Richard (18 December 2017). "Windows 10 bundles a briefly vulnerable password manager". The Register. Retrieved 2017-12-20.
  29. Kovacs, Eduard (18 December 2017). "Google Researcher Finds Critical Flaw in Keeper Password Manager". Security Week.
  30. Security, Keeper (2017-12-15). "Update for Keeper Browser Extension 11.4.4 - Keeper Blog". Keeper Blog. Archived from the original on 2017-12-22. Retrieved 2017-12-22.
  31. 1 2 Whittaker, Zack (2017-12-20). "Security firm Keeper sues news reporter over vulnerability story". ZDNet. Retrieved 2017-12-20.
  32. Kovacs, Eduard (2017-12-21). "Keeper Sues Ars Technica Over Reporting on Critical Flaw". SecurityWeek. Retrieved 21 April 2024.
  33. "Press releases | Ars Technica". arstechnica.com. 2018-03-30. Retrieved 2019-07-02.
  34. Goodin, Dan (2017-12-15). "For 8 days Windows offered a preloaded password manager with a plugin vulnerability". Ars Technica. Retrieved 21 April 2024.
  35. "Keeper Security Public Bounty Program". Bugcrowd. Retrieved July 20, 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.