Keeper (password manager)

From Wikipedia the free encyclopedia

Keeper Security, Inc.
Developer(s)Keeper Security Inc.
Initial releaseJanuary 2009
Operating systemWindows, Windows Phone, macOS, Linux, Android, iOS, Web, WatchOS, Wear OS[1]
TypePassword manager, secrets manager, agentless remote desktop gateway, privileged access manager
LicenseSoftware as a Service (SaaS)
Websitekeepersecurity.com

Keeper Security, Inc. (Keeper) is a provider of zero-knowledge security and encryption software covering password management, secrets management, connection management, privileged access management, dark web monitoring, digital file storage, and encrypted messaging, among other offerings.[2]

Keeper Password Manager[edit]

Keeper password manager uses a freemium pricing model for individual consumers[3] and a subscription-based model for households and businesses.[4] The free individual version of Keeper provides storage for passwords, identity data, and financial information, with included a password generator and two-factor authentication (2FA) on a single mobile device. The subscription-based model for individual consumers offers additional features such as unlimited password, identity data, and financial data storage on an unlimited number of devices, cross-device syncing, and record-sharing capabilities.[5]

Keeper is available as a mobile app for Android and iOS, as well as a desktop application for Windows, Linux, and MacOS.[6] It offers a desktop browser extension for Safari, Chrome, Firefox, Microsoft Edge, Opera, and Brave.[7]

Keeper vaults are locked using the owner's "master password". Users can further protect their vaults via a variety of multi-factor authentication methods, including Google Authenticator, Duo Security, FIDO U2F, and biometrics.[8]

Customer vaults are secured using an AES-256 key, which is derived from the user's master password using PBKDF2 with 1,000,000 iterations by default. Only encrypted ciphertext is stored on Keeper's servers, and the company has no way of decrypting the data its customers store in their digital vaults, nor can it retrieve their master passwords.[9]

Keeper users can directly share passwords, files, and other information “vault to vault” with other Keeper users and through One-Time Share for non-Keeper users; all shared content is secured with PKI encryption.[10]

Keeper Security Government Cloud[edit]

Keeper Security is listed as Authorized on the FedRAMP Marketplace at the Moderate Impact Level, with an authorization date of 8/23/2022[11] and Authorized on the StateRAMP Marketplace at the Moderate Impact Level, with an authorization date of 11/30/2022.[12] Keeper Security Government Cloud (KSGC) is for U.S. federal, state, and municipal government agencies. It supports compliance with the United States International Traffic in Arms Regulations (ITAR).

History[edit]

In 2009, Craig Lurey developed the original Keeper app with Darren Guccione.[13] In 2011, Lurey and Guccione officially co-founded Keeper Security, Inc. As of March 2022, Keeper had offices located in Chicago (US Headquarters); El Dorado Hills, California (Software Development); Cork, Ireland (EMEA Business Sales); and Cebu, Philippines (International Customer Support).[14]

In October 2019, Keeper launched KeeperMSP, a password management platform designed specifically for managed service providers (MSPs), managed security service providers (MSSPs), and their customers.[15] In August 2020, Keeper received a $60 million minority investment from venture capital firm Insight Partners.[16] In March 2021, Keeper launched Keeper SSO Connect.[17] In May 2021, Keeper was listed on the U.S. federal government's FedRAMP Marketplace as a "CSP in Process."[18] In January 2022, Keeper announced the launch of Keeper Secrets Manager.[19]

In February 2022, Keeper acquired remote access gateway company Glyptodon Inc., creator of Glyptodon Enterprise and Apache Guacamole, and commenced integrating Glyptodon Enterprise into its product suite.[20] In May 2022, Keeper launched Keeper Connection Manager, a rebranding and revamping of Glyptodon Enterprise into a commercial-grade remote desktop gateway with expanded capabilities, advanced integrations, and ongoing feature development.[21]

In August 2022, Keeper Security became Authorized on the FedRAMP Marketplace at the Moderate Impact Level.[11] In November 2022, Keeper Security became Authorized on the StateRAMP Marketplace at the Moderate Impact Level.[12]

Reception[edit]

PC World named Keeper an Editor's Choice in 2019[22] and Most Security-Minded Password Manager in 2022.[23] PCMag named Keeper “Best Password Manager for Businesses" (2022), as well as Best Password Manager and Editors' Choice for the previous three consecutive years.[24] Tom's Guide named Keeper one of the best password managers of 2022.[25] U.S. News & World Report's 360 Reviews team named Keeper Best Overall Password Manager of 2021.[3]

Incidents[edit]

In December 2017, Keeper was bundled with Windows 10 by Microsoft. Google security researcher Tavis Ormandy disclosed that the software recommended installing a browser addon which contained a vulnerability allowing any malicious website to steal any password.[26] A nearly identical vulnerability was already previously discovered and disclosed to Keeper in 2016.[27][28] Within 24 hours, the company issued a patch.[29][30]

Reporting and lawsuit[edit]

Dan Goodin of Ars Technica appears to have been the first to report about the vulnerability in the press.[27] Days later, the company that makes Keeper sued Goodin and Ars Technica, claiming their article was defamatory and misleading.[31] A number of security experts decried the lawsuit as "bullying" or "ridiculous" and said that "the lawsuit will cause more damage to the company than the article" did.[31][32] The lawsuit and Ars Technica's anti-SLAPP response lawsuit were dismissed on March 30, 2018, and Ars Technica added further clarifications to their article.[33][34]

Following the lawsuit, Keeper launched a public vulnerability disclosure program in partnership with Bugcrowd.[35]

See also[edit]

References[edit]

  1. ^ Keeper. "Download Password Manager for Mac, PC, Linux & More - Keeper". Retrieved 8 February 2018.
  2. ^ "Exclusive: Keeper Security launches industry-first solution". IT Brief Australia. Retrieved 2023-04-19.
  3. ^ a b Pegoraro, Rob; Forster, Timothy J. (August 12, 2021). "Keeper Password Manager Review and Prices". U.S. News & World Report. Retrieved March 17, 2022.
  4. ^ "Keeper Password Manager Pricing". G2. Retrieved March 17, 2022.
  5. ^ Long, Emily (January 27, 2022). "Keeper password manager review". Tom's Guide. Retrieved March 17, 2022.
  6. ^ "Keeper Web Vault & Desktop App User Guide". Keeper Security. Retrieved March 17, 2022.
  7. ^ "KeeperFill Browser Extensions - User Guides". Keeper Security. Retrieved March 17, 2022.
  8. ^ Nieves, Edgar J. (March 4, 2022). "5 Best Password Managers of 2022". Money Magazine. Retrieved March 17, 2022.
  9. ^ Mazūra, Justinas (March 16, 2022). "Keeper password manager app review 2022". Cybernews. Retrieved March 17, 2022.
  10. ^ Will McCurdy (2022-06-23). "One of the best password managers around just picked up an excellent new feature". TechRadar. Retrieved 2022-07-20.
  11. ^ a b "The Federal Risk And Management Program Dashboard". marketplace.fedramp.gov. Retrieved 2022-08-25.
  12. ^ a b "Authorized Product List". StateRAMP. Retrieved 2023-04-19.
  13. ^ "No matter how much we innovate, passwords are here to stay". Silicon Republic. April 16, 2021. Retrieved March 17, 2022.
  14. ^ "Company Overview & Solutions Guide" (PDF). Keeper Security. Retrieved March 17, 2022.
  15. ^ "Keeper Security Unveils Exclusive Solution for Managed Service Providers". PR Newswire. October 30, 2019. Retrieved March 17, 2022.
  16. ^ Earley, Kelly (August 18, 2020). "Keeper Security's password protection tech raises $60m". Silicon Republic. Retrieved March 17, 2022.
  17. ^ "Keeper Security Reimagines and Secures the Passwordless Future with Keeper SSO Connect™ Cloud". PR Newswire. March 9, 2021. Retrieved March 17, 2022.
  18. ^ "Keeper Password Manager on Twitter". Twitter. May 24, 2021. Retrieved March 17, 2022.
  19. ^ Spadafora, Anthony (January 12, 2022). "Keeper Security wants to help keep all your online secrets". TechRadar Pro. Retrieved March 17, 2022.
  20. ^ Riley, Duncan (February 3, 2022). "Keeper Security acquires Apache Guacamole inventor Glyptodon". Silicon Angle. Retrieved March 17, 2022.
  21. ^ Murphy, Ian (2022-05-05). "Keeper Security launches Keeper Connection Manager". Enterprise Times. Retrieved 2022-07-20.
  22. ^ Ansaldo, Michael (October 30, 2019). "Keeper review: Security is the greatest strength of this password manager". PC World. Retrieved July 20, 2022.
  23. ^ Ansaldo, Michael (July 13, 2022). "Best password managers: Reviews of the top products". PC World. Retrieved July 20, 2022.
  24. ^ Key, Kim (February 1, 2022). "The Best Password Managers for Businesses in 2022". PCMag. Retrieved March 17, 2022.
  25. ^ Wagenseil, Paul (March 1, 2022). "The best password managers in 2022". Tom's Guide. Retrieved March 17, 2022.
  26. ^ "Windows 10 included password manager with huge security hole". Engadget. Retrieved 2017-12-20.
  27. ^ a b Goodin, Dan (2017-12-15). "Microsoft is forcing users to install a critically flawed password manager". Ars Technica. Archived from the original on 2017-12-15. Retrieved 21 April 2024.
  28. ^ Chirgwin, Richard (18 December 2017). "Windows 10 bundles a briefly vulnerable password manager". The Register. Retrieved 2017-12-20.
  29. ^ Kovacs, Eduard (18 December 2017). "Google Researcher Finds Critical Flaw in Keeper Password Manager". Security Week.
  30. ^ Security, Keeper (2017-12-15). "Update for Keeper Browser Extension 11.4.4 - Keeper Blog". Keeper Blog. Archived from the original on 2017-12-22. Retrieved 2017-12-22.
  31. ^ a b Whittaker, Zack (2017-12-20). "Security firm Keeper sues news reporter over vulnerability story". ZDNet. Retrieved 2017-12-20.
  32. ^ Kovacs, Eduard (2017-12-21). "Keeper Sues Ars Technica Over Reporting on Critical Flaw". SecurityWeek. Retrieved 21 April 2024.
  33. ^ "Press releases | Ars Technica". arstechnica.com. 2018-03-30. Retrieved 2019-07-02.
  34. ^ Goodin, Dan (2017-12-15). "For 8 days Windows offered a preloaded password manager with a plugin vulnerability". Ars Technica. Retrieved 21 April 2024.
  35. ^ "Keeper Security Public Bounty Program". Bugcrowd. Retrieved July 20, 2022.

External links[edit]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Keeper_(password_manager)&oldid=1220666966"