Browser Extension Version 17.2

Release ETA July 15, 2025

Overview

The Browser Extension 17.2.0 release highlights a number of new exciting features and improvements.

Major Features:

  • Biometric login with passkeys

  • TOTP scanner

  • Clipboard expiration

  • Granular sharing enforcement notifications

New Features and Improvements

Biometric Login with Passkeys

With this release, Keeper now supports biometric login with a passkey, allowing users to authenticate using a device-bound passkey that replaces all traditional login methods - including master password, SSO, and 2FA.

When enabled, the passkey login acts as a complete replacement for both the first factor (e.g., master password or SSO) and the second factor (e.g., TOTP, SMS, Duo), offering a faster and more secure experience.

You can now unlock the Keeper browser extension using your device’s built-in biometric authentication. With Biometric Login enabled, there's no need to enter your Master Password or go through SSO every time — just use your fingerprint or facial recognition to access your vault instantly. This feature enhances both convenience and security, providing a fast, seamless, and secure way to log in.

Biometric Login Setup

When you create a passkey, the platform will request a biometric or PIN authentication, depending on the capabilities of the device.

iCloud Keychain

Passkeys can be stored for the same account on multiple platforms. In the example below, a passkey is available in iCloud Keychain, Windows Hello and Google Chrome. Simply add a passkey on each platform.

Manage Passkeys

The next time you log, click on "Biometric Login" from the front door. Other options including master password and SSO login methods are still available.

Login with a Passkey

We've moved some of the options into the overflow menu to keep the UI clean.

Overflow Menu

Technical Details

Keeper’s passkey-based authentication leverages the FIDO2 WebAuthn standard with platform-bound credentials to deliver a phishing-resistant, cryptographically secure login experience. When a passkey is created, a unique key pair is generated and stored securely on the user’s device, protected by the device’s biometric or PIN-based local authentication. During login, Keeper uses challenge-response authentication to validate the user without transmitting any secrets over the network. Because the private key never leaves the device and the authentication process requires both device possession and biometric presence, passkey login fulfills the requirements for both primary and secondary authentication factors. This approach eliminates reliance on passwords and one-time codes, significantly reducing the attack surface for credential-based threats while maintaining Keeper’s zero-knowledge encryption architecture.

Enable Biometric Login on Windows

Platform passkeys are device-bound credentials protected by biometrics or a PIN. They replace both passwords and two-factor authentication.

  • Windows Hello: Passkeys are stored in the TPM. Auth is done via PIN or biometric (fingerprint/face).

  • iCloud Keychain (Apple): Passkeys are stored in the Secure Enclave and synced securely across Apple devices using iCloud.

  • Google Chrome Profiles: If you’re signed into Chrome with your Google account, passkeys can be synced across desktop and mobile devices, even outside Android (e.g., Chrome on Windows/macOS).

Enforcement Policy

In enterprise environments, the Keeper Administrator can control the use of passkeys through role-based enforcement policies. The policy is located in Roles > Enforcement Policies > Login Settings.

Enforcement Policy to control Biometric Login with a Passkey

TOTP Scanner

Users can now add TOTP codes to records directly from the Browser Extension. Simply click the “Scan 2FA Code” button while you’re on a website that contains a QR code and it will automatically populate within the record for future use.

Previously, users were required to navigate to the web vault and either screenshot and upload – or manually enter certain details to attach a TOTP code to a record. This latest improvement to the Keeper extension makes it far more convenient to leverage a valuable feature of Keeper — storing and autofilling your TOTP codes.

TOTP Scanner

TOTP codes can also be quickly added from the "Create" and "Edit" screens within the browser extension.

Scan 2FA Code from New and Edit Screens

If a secret key is provided instead of a QR code, you can manually type this in.

Manual TOTP Secret Key

Quality of Life Improvements

Sync Buttons

You can now do a "Quick Sync" or "Full Sync" from the extension, when necessary, if your browser extension hasn't received an update from another Keeper device.

You can access the Sync feature from both the Settings screen and from the main overflow menu.

Sync from Settings Screen
Sync from Main Menu

Edit Mode

It's now easier than ever to edit your records from the browser extension. We took the Edit button out of the options menu and created a standalone edit button, prominently displayed in the upper right corner of the record detail screen for easy access.

Edit a Record

Copy Record Details

We've made a subtle but meaningful change to the way users can copy any line in the record details screen. Simply left click on any field’s static text to copy it to your computer's clipboard.

Left Click to Copy

Record Deletion

Previously, users were limited to deleting records from the web vault or desktop app. Deleting records is now supported in the browser extension from the Options Menu.

Delete a Record

Clipboard Expiration

By popular demand, we’re introducing Clipboard Expiration on the Browser Extension. When enabled from the extension Settings menu, Keeper will automatically clear your computer’s clipboard after a short delay whenever you copy information from your browser extension. Durations range from 30 to 120 seconds.

Clipboard Expiration Settings

Due to browser extension limitations, Keeper can only clear the clipboard by writing an empty string. As a result, if you copy something in another application after Keeper has set the clipboard, that content may be overwritten when Keeper’s timer expires.

On Windows, Keeper cannot control the operating system’s “Clipboard History” or “Clipboard Syncing” features. Even after Keeper clears or overwrites the clipboard, previous entries may remain in the Windows clipboard history. We recommend disabling these features via Group Policy for enhanced security.

The Keeper Desktop application provides greater clipboard control using native Microsoft APIs, ensuring copied items are not stored in Windows clipboard history. However, these APIs are not accessible to browser extensions, which limits clipboard management in that environment.

Granular Sharing Enforcements

We've added messaging support for enterprise users whose admins have configured Granular Sharing Enforcements. If a user is not allowed to perform a certain function such as creating or sharing records, they will be notified via a pop-up message citing the policy restriction.

Granular Sharing Enforcement Notification

Folder Selector

Users can now choose which folders any given record is stored in. Record location can be selected on existing records as well as new records you are in the process of creating. Simply click the "Location" dropdown menu to select the folder or subfolder you would like the record to reside in.

Record Detail
Folder Selection

The record location is clearly displayed in the record detail view once its saved.

Record Location

Bug Fixes

BE-6410: Fixed an issue with hash collisions in the Snapshot Tool.

BE-6436: Fixed an issue causing a crash on the snapshot preview page due to invalid attribute names.

BE-6419: Fixed how a missing error is handled when record types are disabled.

BE-6485: Fixed an issue causing Master Password re-entry to fail when a masked field is copied in the toolbar window.

BE-6493: Fixed an issue related to the failure of the Master Password re-entry while unmasking a TOTP in form fill.

BE-6509: Fixed an issue with the display of folder names.

BE-6521: Fixed the multiple record warning modal to match the design specifications.

BE-6482: Fixed the "Need Help" highlight color and text to be readable in dark mode.

BE-6480: Fixed an issue with "Multiple Login Accounts" dropdown feature.

BE-6126: Fixed an issue where the browser extension continues to use an expired session even after recognizing the session has expired.

BE-6494: Fixed an issue causing the "copy" confirmation to flash briefly.

BE-6492: Fixed larger icon sizes and reversed tooltip colors on the TOTP scanner feature.

BE-6510: Fixed an issue where the full folder name fails to appear when hovering over the folder selector.

BE-6511: Fixed an issue where the folder selector list is truncated when viewed in landscape mode on Safari.

BE-6513: Fixed an issue related to the announcement modal for biometric login in Firefox and Safari browsers.

BE-6517: Fixed inconsistent sorting in the folder selector on Safari compared to Firefox and Chromium.

BE-6522: Fixed the input border color of the form fill in dark mode to match the design specifications.

BE-6525: Fixed the display of text on GitHub in dark mode.

BE-6527: Fixed a design inconsistency with the folder selector while in high contrast mode.

Last updated

Was this helpful?