LogoLogo
Enterprise Guide
Enterprise Guide
  • Getting Started
  • Start Your Trial
  • Resources
  • Keeper for Teams and Small Business
  • Keeper Enterprise
  • Implementation Overview
  • Domain Reservation
  • Deploying Keeper to End-Users
    • Desktop Applications
      • Launch on Start Up
    • Forcefield
    • Browser Extension (KeeperFill)
      • Mac
        • PLIST (.plist) Policy Deployment
          • Jamf Pro Policy Deployment - Chrome
          • Microsoft Intune Policy Deployment - Chrome
      • Linux
        • JSON Policy Deployment - Chrome
      • Windows
        • Group Policy Deployment - Chrome
        • Group Policy Deployment - Firefox
        • Group Policy Deployment - Edge
        • SCCM Deployment - Chrome
        • Intune - Chrome
        • Intune - Edge
        • Edge Settings Policy
        • Chrome Settings Policy
      • Virtual Machine Persistence
    • Mobile Apps
      • IBM MaaS360
    • Optional Deployment Tasks
    • IE11 Trusted Sites
  • End-User Guides
  • Keeper Admin Console Overview
  • Nodes and Organizational Structure
  • Risk Management Dashboard
  • User and Team Provisioning
    • Custom Invite and Logo
      • Custom Email - Markdown Language
    • Simple Provisioning through the Admin Console
    • Active Directory Provisioning
    • LDAP Provisioning
    • SSO JIT (Just-in-Time) Provisioning
    • Okta Provisioning
    • Entra ID / Azure AD Provisioning
    • Google Workspace Provisioning
    • JumpCloud Provisioning
    • CloudGate Provisioning
    • OneLogin Provisioning
    • Microsoft AD FS Provisioning
    • API Provisioning with SCIM
      • Using SCIM API Provisioning
    • Team and User Approvals
    • Email Auto-Provisioning
    • CLI Provisioning with Commander SDK
  • SSO / SAML Authentication
  • User Management and Lifecycle
  • Email Address Changes
  • Roles, RBAC and Permissions
    • Enforcement Policies
    • Security Keys
  • Delegated Administration
  • Account Transfer Policy
  • Teams (Groups)
  • Sharing
    • Record and File Sharing
    • Shared Folders
    • PAM Resource Sharing
    • One-Time Share
    • Share Admin
    • Time-Limited Access
    • Self-Destructing Records
    • Hiding Passwords
  • Creating Vault Records
  • Importing Data
  • Record Types
  • Two-Factor Authentication
  • Storing Two-Factor Codes
  • Security Audit
    • Security Audit Score Calculation
  • BreachWatch (Dark Web)
  • Secure File Storage & Sharing
  • Reporting, Alerts & SIEM
    • Event Descriptions
    • Splunk
    • Sumo Logic
    • Exabeam (LogRhythm)
    • Syslog
    • QRadar
    • Azure Monitor
    • Azure Sentinel
    • AWS S3 Bucket
    • Devo
    • Datadog
    • Logz.io
    • Elastic
    • Firewall Configuration
    • On-site Commander Push
  • Recommended Alerts
  • Webhooks
    • Slack Webhooks
    • Teams Webhooks
    • Amazon Chime Webhooks
    • Discord Webhooks
  • Compliance Reports
  • Vault Offline Access
  • Secrets Manager
  • Commander CLI
  • Keeper Connection Manager
  • KeeperPAM Privileged Access Manager
  • Keeper Forcefield
  • KeeperChat
  • Keeper MSP
    • Free Trial
    • Getting Started
    • Fundamentals
    • Consumption-Based Billing
      • Secure Add-Ons
      • Existing MSP Admins
    • Onboarding
    • PSA Billing Reconciliation
    • Join the Slack Channel
    • Next Steps
    • Offboarding
    • Commander CLI/SDK
    • Account Management APIs
    • Provision Family Plans via API
    • MSP Best Practices
  • Free Family License for Personal Use
    • Provision Family plans via API
    • Provision Student plans via API
    • API Troubleshooting
      • API Parameters
      • API Response Codes
      • API Explorer - Swagger
  • Keeper Security Benchmarks and Recommended Security Settings
  • IP Allow Keeper
  • Keeper Encryption and Security Model Details
  • Developer API / SDK Tools
  • On-Prem vs. Cloud
  • Authentication Flow V3
  • Migrating from LastPass
  • Training and Support
  • Keeper SCORM Files for LMS Modules
  • Docs Home
Powered by GitBook

Company

  • Keeper Home
  • About Us
  • Careers
  • Security

Support

  • Help Center
  • Contact Sales
  • System Status
  • Terms of Use

Solutions

  • Enterprise Password Management
  • Business Password Management
  • Privileged Access Management
  • Public Sector

Pricing

  • Business and Enterprise
  • Personal and Family
  • Student
  • Military and Medical

© 2025 Keeper Security, Inc.

On this page
  • How are Security Scores Calculated?
  • Record Password Strength
  • Unique Record Passwords
  • Two-Factor Authentication
  • Master Password Strength
  • Security Audit Score
  • FAQ
  • I have 0 Records, why is my Security Audit Score not 0?
  • Why is my Security Audit Score negative?

Was this helpful?

Export as PDF
  1. Security Audit

Security Audit Score Calculation

Information on how the security scoring is calculated in the Admin Console

How are Security Scores Calculated?

This document will cover how the following Security Audit Scores are calculated:

  • Record Password Strength

  • Unique Record Passwords

  • Two-Factor Authentication

  • Master Password Strength

  • Security Audit Score

Record Password Strength

The Record Password Strength score represents the percentage of record passwords, across all record passwords for all users, that are strong, medium, or weak. This score is calculated by adding all user's individual Record Password Strength, and then dividing it by the total number of records.

For each user, the Record Password Strength is calculated by the taking the number of strong, medium, or weak passwords and dividing it by the total number of records.

For example, if a user's vault has 10 total records where:

  • 6 of the records have a strong password

  • 3 of the records have a medium password

  • 1 of the record has a weak password

The Record Password Strength score for this user will be as follows:

  • Strong passwords: 6/10 = 0.6 = 60%

  • Medium passwords: 3/10 = 0.3 = 30%

  • Weak passwords: 1/10 = 0.1 = 10%

Unique Record Passwords

The Unique Record Passwords score represents the percentage of record passwords, across all record passwords for all users, that are Unique or Reused. This score is calculated by adding all user's individual unique password score, and then dividing it by the total number of records.

For each user, the Unique Passwords Record Score is calculated by taking the number of unique passwords in the user's vault and dividing it by the total number of records.

For example, if a user's vault has 10 total records where:

  • 6 of the records have a unique password

  • 2 of the records share the same password

  • 2 of the records share the same password

There are 6 unique passwords, 1 unique password that is shared between 2 records, and another unique password that is shared between 2 records. Thus, there are a total of 8 unique passwords. The Unique Passwords Record Score for this user will be as follows:

  • Unique passwords: 8/10 = 0.8 = 80%

  • Reused passwords: 2/10 = 0.2 = 20%

Two-Factor Authentication

The Two-Factor Authentication score represents the percentage of users that have enabled Two-Factor Authentication. This score is calculated by adding all the Two-Factor Authentication scores of all users and then dividing it by the number of total users.

For each user, the Two-Factor Authentication score will be one of the following values depending on whether the user has Two-Factor Authentication On or Off:

  • 0% if Two-Factor Authentication is Off

  • 100% if Two-Factor Authentication is On

Master Password Strength

The Master Password Strength is not displayed on neither the Vault Clients nor Admin Console. Instead, the Master Password Strength is displayed upon Account Creation:

For each user, the Master Password will be 100% if the Master Password's strength is Strong, and 0% otherwise.

For the overall Security Audit Score calculation, the average Master Password across all users is used.

Security Audit Score

The Security Audit Score represents the Overall Average Security Score across all your users in your organization.

For each user, the Average Security Score is calculated by taking the average of the user's score from the following categories:

Security Score Category
Values used to Calculate Average Security Score

The Strong password % is used

The Unique password % is used

If Two-Factor Authentication is On, 100% is used, if Off 0% is used

If Master Password strength is strong, 100% is used, otherwise 0% used.

User's Average Security Score is calculated as follows:

User's Average Security Score = (% of Strong Password Strength + % of Unique Password + Two-Factor Authentication + Master Password Strength)/4

For example, if a user has the following scores:

  • Strong Password Strength = 60%

  • Unique Record Passwords = 80%

  • Two Factor Authentication is Off = 0%

  • Master Password Strength = 100%

The Average Security Score for the above user would be the sum of all the category scores divided by 4:

FAQ

I have 0 Records, why is my Security Audit Score not 0?

Since the following variables affect the Security Audit Score:

  • Record Password Strength

  • Unique Record Passwords

  • Master Password Strength

  • Two-Factor Authentication

if the user has 0 records, this disqualifies the Record Password Strength and Unique Record Passwords variables, but the calculation of the Security Audit Score still takes the Master Password Strength and Two-Factor Authentication into consideration.

Why is my Security Audit Score negative?

Across the various Keeper Vault Clients, user's Security Scores are independently calculated which may rarely cause the overall Security Audit Scores to be negative. If the Keeper Admin Console displays negative scores, visit the following page to correct this issue.

PreviousSecurity AuditNextBreachWatch (Dark Web)

Last updated 1 year ago

Was this helpful?

60%+80%+0%+100%4=0.6+0.8+0+14=0.6=60%\dfrac{60\% + 80\% + 0\% + 100\%}{4} = \dfrac{0.6 + 0.8 + 0 + 1}{4} = 0.6 = 60\%460%+80%+0%+100%​=40.6+0.8+0+1​=0.6=60%
Record Password Strength
Unique Record Password
Two-Factor Authentication
Master Password Strength
Strong Master Password