1 of 100

Release Notes

Deprecation Notices

Important information on your Keeper software

Notice of deprecation for legacy versions

Keeper deprecates older versions of application software listed below. This means they’ll no longer be available from our published sources, and the backend will reject any requests coming from those versions.

Keeper Client Applications below 17.0

Keeper client applications with a client version of less than 17.0 are considered deprecated.

This applies to the following applications:

Keeper Desktop
Mobile Apps
Automator
On-prem SSO Connect

Keeper has released major security improvements with platform version 17. The new architecture introduces the ability for all software components and clients to apply more robust and faster cryptographic algorithms.

Browser Extensions and mobile apps typically auto-update, unless the function has been specifically disabled. If you disabled automatic updates for any of our applications, we encourage you to perform the updates immediately. Likewise if those applications are being deployed as part of a company managed process, please include them in your nearest maintenance window or update cycle.

Important: The following enterprise software components require a manual upgrade which typically involves minor service downtime, similar to updates you performed in the past for the applications. The upgrade process is the same as in the past and typically involves downloading and installing the latest version.

On-prem SSO Connect
Enterprise Bridge

If you need assistance with these components, please with our support team to schedule the upgrade.

Keeper Connection Manager on EL7

With CentOS 7 having reached end-of-life in June 2024, and with RHEL 7 having reached end-of-maintenance at the same time, KCM will no longer provide EL7 builds. This means that the previous release (KCM 2.19.3) will be the last release with an EL7 build and KCM 2.20.0 will be the first release without EL7 support.

Users that are maintaining RPM-based installations of KCM but are still using RHEL 7, CentOS 7, or another EL7-derivative should upgrade to EL8 or EL9 when possible so that they can upgrade to KCM 2.20.0. Support EL10 will be coming in a future release.

Keeper Desktop 32-bit binary version

The 32-bit Keeper Desktop client application is considered obsolete.

Per Microsoft, starting with the May 2020 Update (Version 2004), new OEM computers are required to use 64-bit builds. A 32-bit application does not benefit from the Windows app-model security since it does not have access to the TPM/Windows Credential Locker for encrypting the device-key and does not support Windows Hello.

Keeper Gateway below 1.5

The Keeper Gateway service with a client version of less than 1.5 are considered deprecated.

If you have any questions, please .

Keeper Security

Here you will find our "What's New With Keeper" newsletter and blog pages

View all latest updates

2025

August

2024

2023

Security Advisories

Notices of recent security advisories and impact on Keeper

As new security advisories are published online for various systems, Keeper Security will post relevant information here.

DEF CON 2025

Response to "Clickjacking" report from DEF CON 2025

Description

At DEF CON 33, a researcher presented on Clickjacking (UI redressing), where users can be tricked into clicking hidden UI elements. The researcher showed a scenario in which a malicious site could prompt a user to click on a transparent password manager autofill interface.

Keeper already blocks cross-domain autofill but collaborated with the researcher to further strengthen the browser extension as described below. We value the security research community and regularly collaborate with researchers to help protect our customers.

Timeline

Apr 9, 2025: Researcher reported the issue. Keeper classified it as low severity since autofill from untrusted domains is already blocked.
Apr 15, 2025: Engineering delivered a patched test build to the researcher within 8 days. Researcher noted the fast response.
May 26, 2025: Fix released in browser extension v17.1.2 (see ).

Keeper's Protection

Keeper’s browser extension is designed to autofill credentials and payment information only on websites explicitly saved by the user. This creates a trust relationship between the user and the destination website. Keeper does not allow cross-domain autofill under any circumstances.

Users can optionally enforce stricter matching by requiring a full subdomain match for autofill. This behavior can be enabled via the browser extension’s settings, and it can also be enforced organization-wide by administrators through role-based policies in the Keeper Admin Console.

Autofill of payment cards and address information only occurs if the site matches a saved record in the user's vault, and the user has explicitly saved those details for the site. If a match does not exist, the user must manually confirm the autofill operation through a native popup dialog.

Reported Behavior:

The scenario reported by the researcher required:

Explicitly saving a Keeper record for a malicious or compromised website to your vault,
Visiting that site again, and
Interacting (clicking multiple times) on UI elements overlaid with a transparent Keeper autofill interface.

In this context, the user has already trusted the website by saving credentials to their vault with the exact root domain of the website. There is no vector for a different, unrelated root domain to initiate autofill without this precondition.

Because this relies on the user already trusting and saving the same domain, there is no cross-domain attack vector. The issue was therefore rated low severity, but Keeper implemented additional protections as a precaution.

Updating

The Keeper Browser Extension v17.2 updates automatically across Chrome, Firefox, Edge, Safari, Brave, and other Chromium-based browsers. No further action is required by users.

Contact

If you have any questions, please email us at [email protected].

CVE-2024-35164

Improper Validation of Array Index in Apache Guacamole

NIST Link

Description

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Black Hat EU 2023

Response to "AutoSpill" report from Black Hat EU 2023

Description

A presentation at Black Hat EU 2023 discussed credential stealing on mobile password managers. Keeper was listed as an impacted application. Keeper has safeguards in place to protect against this issue as described below.

Okta Breach

Okta security breach disclosed in October 2023

Description

Keeper Security is aware of the , where cybercriminals accessed client files through its support system. As part of its support process and system, Okta’s customers upload HTTP Archive (HAR) files which contain sensitive information from the user's web browser. This information included session tokens that were used to impersonate several Okta customers.

CVE-2023-44487

HTTP/2 protocol denial of service

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Impact to Keeper

Keeper Security's application servers are protected by AWS Shield which defends against DDoS attacks, and Keeper is not vulnerable to this attack. More info is posted on .

If you have any questions, please email us at [email protected].

CVE-2023-27706

Bitwarden vulnerability with biometric key storage

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2023-27706

Description

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.

Impact to Keeper

Keeper is not impacted by this issue. To ensure that we were not impacted by a similar vulnerability, Keeper contracted a 3rd party penetration tester in July 2023 to validate our protection against this type of attack. The report PDF is posted below:

If you have any questions, please email us at [email protected].

CVE-2023-5217

Heap buffer overflow in libvpx

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Description

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Impact to Keeper

Keeper Security may have been impacted by this vulnerability in the Desktop App since we use the Electron framework. As a precaution, we immediately updated to Electron framework version to v22.3.25 and published .

If you have any questions, please email us at [email protected].

CVE-2023-4863

Heap buffer overflow vulnerability in the WebP Codec

NIST Link

Description

CVE-2022-21449

"Psychic Signatures" vulnerability in the Oracle Java SE, Oracle GraalVM

NIST Link

Description

CVE-2023-36266

Response to CVE-2023-36266

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2023-36266

Description

A researcher filed a CVE (CVE-2023-36266) in regards to the scanning of local memory when using Keeper Desktop and browser extension software.

Impact to Keeper

We have disputed this CVE. Keeper performs quarterly pen testing with 3rd party experts including , and independent security researchers against all of our products and systems. Keeper has also partnered with to manage its vulnerability disclosure and bug bounty programs. As part of our testing, we explicitly test the storage of secrets in memory while our applications are in use, and when logged out. Keeper removes all decrypted vault data from memory upon logout and provides settings to also wipe memory and restart the app upon vault auto-lock. This functionality has been verified by our pen testers and the test results are available for customer review.

As with any software product, if an attacker controls the local computer, the attacker can perform any action the user or an application could perform. In the case of a password manager, if an attacker can read arbitrary memory, then an attacker can read decrypted contents of the password manager while the application is in use. This applies to any password management product. Security researchers understand that a fully compromised device scenario has severe implications for the user.

Keeper has multiple security mechanisms in-place to defend against compromised end-user devices. Keeper client software only decrypts the user's vault upon successful login, and only stores decrypted values during use in volatile memory. When a user is logged out or timed-out, decrypted values are removed from memory. In addition, the Keeper desktop application provides a setting in the "Security" screen which forces a full application restart upon auto-logout, to ensure that data is cleared upon locking. In the case of a web browser such as Chrome, Keeper requests the clearing of memory after logout, however the memory management of the underlying browser is outside of Keeper’s control and can sometimes take time for the memory management system to complete this operation.

With all end-user software, it's important to ensure that users reduce the risk of a compromised device by following security best practices, keeping all software up-to-date and installing adequate antivirus / malware protection software.

Keeper has stood by its commitment to protect your most valuable data for more than a decade, through our best-in-class Zero-Knowledge and Zero-Trust security model and transparent approach to sharing it with the public. For information regarding Keeper's security and encryption model, please visit:

If you have any questions, please email us at [email protected].

Troubleshooting

Solutions to common Keeper issues and questions based on platform

iPhone & iPad

Troubleshooting and support for the Keeper iOS App

Downloads

Keeper for iOS is available at the Keeper download page.

User Guides

The iOS user guide is with additional info about autofill and passkey setup .

iOS Missing Payment Cards

If your payment cards are missing, go to Keeper > Account tab > Sync > Sync Now.

iOS Stuck on Syncing

If you are seeing syncing stuck on the screen, please check the following:

Update to the latest version of Keeper on the App Store
Instead of logging in with biometrics, try to login with your Master Password (clicking "Next")
After a successful login, visit the settings screen of Keeper and turn OFF/ON the Face ID or Touch ID setting.

Syncing, Updates and Device Approvals

If adding a password on your desktop doesn't automatically sync down your mobile device, ensure that push notifications are enabled.

iOS and Android apps use push notifications for functionality such as:

Realtime sync
Device approvals
Sharing notifications

Please ensure that push notifications for Keeper are enabled on your device (Settings > Notifications > Keeper and enable "Allow Notifications"). Also, "Do Not Disturb" mode will prevent certain notifications from appearing. Device approvals will not be received if you have iOS in Do Not Disturb mode.

Other iOS Issues

Having issues on iOS? You may need to simply clear the cache on your device and reset the app settings. But before you do that, please make sure your data is fully available on the Keeper Web Vault or Desktop App.

Before resetting your mobile app, make sure you can first access Keeper on the or and ensure that all of your data is appearing.

On the front door of the Keeper app, tap on "Need Help?" then tap Reset Keeper.
Launch Keeper and Login to your account.
You will be asked to approve the device during the login process.

Feature Requests

We love hearing from iOS customers. Send your feature requests to: [email protected].

Beta Slack Channel

Join our to post questions, feedback or receive new beta versions.

Android

Troubleshooting and support for the Keeper Android App

Downloads

Keeper for Android is available at the Keeper download page.

User Guides

The Android user guide is with additional info about autofill and passkey setup .

Syncing Errors

If you are receiving an error on your mobile app, please make sure to update to the latest version. After you update, we recommend performing a Full Sync by clicking on Sync > Sync Now. This tends to resolve any searching or record-related issues.

Syncing, Updates and Device Approvals

If adding a password on your desktop doesn't automatically sync down your Android device, ensure that push notifications are enabled.

Android apps use push notifications for functionality such as:

Realtime sync
Device approvals
Sharing notifications

Please ensure that push notifications are enabled for Keeper from your device's settings menu. Also, "Do Not Disturb" mode will prevent certain notifications from appearing.

Other Android Issues

Having issues on iOS or Android? You may need to simply clear the cache on your device and reset the app settings. But before you do that, please make sure your data is fully available on the Keeper Web Vault or Desktop App.

Before resetting your mobile app, make sure you can first access Keeper on the or and ensure that all of your data is appearing.

Go to your device Settings icon, and then tap on the Applications menu. Scroll down until you see the Keeper icon and tap on it. Click on the Clear Data button, and then click OK. The next time you load Keeper, it will be reset to its original settings. Another way is to press-and-hold on the Keeper icon, then open the application info and clear the data.
Re-install Keeper from Google Play on your device
Launch Keeper and Login to your account. You will be asked to approve the device during the login process.

Feature Requests

We love hearing from Android customers. Send your feature requests to: [email protected].

Beta Slack Channel

Join our to post questions, feedback or receive new beta versions.

Desktop and Web Vault

Vault

The Keeper Web Vault and Keeper Desktop App share a common codebase. Desktop app is deployed as an Electron application to Windows, Mac and Linux platforms.

Preview Release

Early access Preview (pre-release) Keeper Vault and Desktop app

When a major release is planned, Keeper publishes a Preview version of the Vault and Desktop app, documented below. The pre-release version is typically published 1 week before public release.

Web Vault Preview

If you encounter any issues with this version, please email [email protected].

US:
EU:
AU:

Desktop App Preview with Forcefield

Keeper Desktop is a native application for Windows, macOS and Linux platforms. On Windows devices, this is bundled with the service.

The Desktop App preview does not auto-update. On Windows computers, a new version of the pre-release version requires a full uninstall and re-install of Keeper. This does not affect stored data.

Mac (.dmg) -
Mac (.pkg) -
Windows (.appx) -
Windows (.msix) -

Standalone Forcefield Preview

Keeper Forcefield can also be deployed on a standalone basis, without the Keeper Desktop application. The URL and MSI installer for the Forcefield preview is available here:

Send feedback to: [email protected]

Vault Release 17.4

Released on Sep 30, 2025

Enhancements

VAUL-4284: Added numerous updates to KeeperAI threat detection across PAM resources, PAM configuration settings, gateway settings and session history. about KeeperAI for privileged sessions.
KDE-1639: Published Keeper Desktop to Snap store for Linux. Snapcraft (and Snaps) are used on numerous Linux distributions, including Ubuntu, Debian, Fedora, RHEL, CentOS, AlmaLinux, Rocky Linux, Linux Mint, Manjaro, and openSUSE. Snap link:
KDE-1738: We've rewritten the entire Hotkey system in the desktop application from the ground up.
- Addressed several reported inconsistencies between macOS and Windows platforms.
- Hotkeys can now be further customized with any character or symbol.
- You can allow virtual input from software like Synergy or 3rd party applications to optionally control hotkeys.
The Password Importer standalone executable for Microsoft Windows has been improved to import passwords stored in Chrome. NOTE: Enterprise customers may need to add an exclusion policy on their EDR platform if Keeper is flagged.

Bug Fixes and Improvements

VAUL-7455: We fixed an issue where PAM features were displayed even when the user didn’t have the required enforcements.
VAUL-7612: We fixed an issue where the password generator did not retain the length of the previous password.
VAUL-7252: We enhanced the search bar accessibility on smaller screens.
VAUL-7633: We fixed an issue where selecting and unselecting options when creating a Gateway did not preserve the previous form state.

Vault Release 17.3.3

Released on Aug 11, 2025

Bug Fixes

VAUL-7701: We now support Dropbox and Google Chrome password CSV exports into the vault.
KDE-1722, 1720, 1723, 1727: Hotkeys now work reliably across Windows, Edge/Chrome, and international layouts, with fixes for focus handling, Ctrl+Shift+P, and repeated single-key triggers.

Security Updates

KDE-1724: Resolved library "tmp" package related to CVE-2025-54798

Vault Release 17.3.2

Released on Aug 1, 2025

Bug Fixes

KDE-1708: Resolved issue with macOS hot key autofill from KeeperFill for Apps due to changes in the Desktop App version 17.3.1

Vault Release 17.3.1

Released on July 31, 2025

Security Updates

KDE-1594: Added protection against "synthetic mouse/key events" from 3rd party applications on Windows devices (reported by Bugcrowd researchers).

Bug Fixes

KDE-1708: Resolved issue where exiting the app caused a noticeable delay

Vault Release 17.2

Released on May 18, 2025

Security Updates

Keeper Desktop version 17.2 includes the installation and activation of Keeper Forcefield. Keeper Forcefield is an advanced endpoint security product for Windows that protects sensitive applications and processes from unauthorized access. It is specifically designed to defend against threats such as memory scraping and credential harvesting from malicious software installed via phishing or other attacks.

More info:

Website:

Vault Release 17.1.1

Released on March 12, 2025

Enhancements

VAUL-6349: Updated the Security Audit tab in Vault to ensure the overall Security Audit score matches the per-user score in the Admin Console, reducing confusion.

Other Updates

KDE-1534: Updated new installs to default to the native browser for SSO authentication instead of the app browser.
VAUL-7176: Fixed an issue where setting up a hardware security key required extra steps; the Vault now prioritizes it using the “hints” syntax.
VAUL-7262: PAM Updated router calls to use the /api/user path for commands.

Bug Fixes

KDE-1607, 1606, 1608, and 1619: The SSH Agent will scan General typed records for private key file attachments
KDE-1611: Fixed an issue where selecting Two-Factor Authentication triggered the Offline Access dialog.
VAUL-7094: Fixed an issue preventing master password login when session resumption and 2FA were enabled
VAUL-6787: Fixed an issue where the folder structure in Delete Items did not match the folder structure in Vault.

Vault Release 17.1.0

Released on February 13, 2025

Get started by setting up your KeeperPAM sandbox! Visit to begin.

KeeperPAM is now available for all customers. Keeper Vault 17.1 and newer is required to access the new privileged access management features.

For more information on KeeperPAM, visit the following:

Website

New Features

- manage all rotations directly from the Vault UI
- instantly and securely access assets within their target infrastructure
- use native apps for establishing remote access
- protect web-based apps

Activating KeeperPAM features requires a license. Contact your Keeper account representative for details.

Improvements

Browser tab now shows username: "Keeper® Vault - [email protected]"

Vault Release 16.11.3

Released September 20, 2024

Enhancements

VAUL-6966: Updated the vault login screen animations to stop after 30 seconds
VAUL-6606: Updated the remaining router API endpoints to enhance performance and security.
VAUL-6785: Adjusted the location of the visibility "eyeball" icon for long passwords, ensuring consistent UI across all record views.
VAUL-6821: Introduced a new dialog that users are required to accept when being invited to a managed enterprise. Letting users know the enterprise administrator has the ability to manage their vault in accordance with company policies.
VAUL-6866: Updated URL handling to restrict it to standard HTTP/HTTPS protocols, improving security and validation.
VAUL-6869: Updated the title and meta description of the settings page to enhance SEO and search engine visibility.

Bug Fixes

VAUL-5853: Addressed formatting inconsistencies within custom record types for Security Q&A fields.
VAUL-5898:Fixed an issue where using the search and location filter together resulted in invalid or unexpected search results.
VAUL-6051: Fixed an issue where the UI adjusted incorrectly after closing an error message generated by an invalid value in the native app filler.
VAUL-6247

Vault Release 16.11.2

Released August 06, 2024

Enhancements:

VAUL-6715: Improved KeeperFill Installation Prompt: The installation prompt for KeeperFill has been enhanced to offer a better user experience.
VAUL-6716, VAUL-6789: Enhanced Import Functionality: When importing data from Keepass KDBX files, TOTP fields will now be correctly recognized and imported as Keeper TOTP fields, ensuring better accuracy and usability.
VAUL-6748: Password Complexity and Generation: Password complexity rules can now be applied independently without generating a new password, offering more flexibility in managing your passwords.

Vault Release 16.11.0

Released May 2, 2024

Features

The 16.11.0 release contains several new features, including , , and .

Passphrases

Vault Release 16.10.12

Released on Jan 15, 2024

Features

VAUL-6001: Security Key can be set up as the only 2FA method
VAUL-6097: Support for Security Key and PIN enforcement policies
VAUL-6129: Users can now control if FIDO2 WebAuthn user verification (PIN) is required

Bug Fixes

VAUL-6395: KeeperPAM Router/Gateway connection issue in GovCloud environment

Vault Release 16.10.9

Released on Sep 29, 2023

Security Updates

KDE-1425: Heap buffer overflow vulnerability in the libvpx library. Updated Electron framework.

Vault Release 16.10.8

Released on Sept 14, 2023

Security Updates

KDE-1418: CVE-2023-4863 Heap buffer overflow vulnerability in the WebP Codec. Updated Electron framework.

Vault Release 16.10.6

Released on Aug 20, 2023

Bug Fixes

VAUL-6150: Shared folders are not instantly removed on team removal

Vault Release 16.10.5

Released on Aug 12, 2023

Bug Fixes

Emails with a "-" are unable to login

Vault Release 16.10.2

Released on May 22, 2023

Security Updates

VAUL-5868: Upgrade to React 18 library

Bug Fixes

VAUL-5211: After logout and login, SSO users will no longer be set on the SSO Domain screen.
KDE-1371: App crash when registering a security key

Vault Release 16.10.0

Released on May 2, 2023

New Features

VAUL-5652: Recovery Phrase. We have upgraded our account recovery process with a new and more secure 24-word “recovery phrase” feature. Read more on the .

Vault Release 16.9.0

Released April 6, 2023

Keeper is proud to announce our release of version 16.9.0 of our Web Vault and Desktop App. This new version includes a new design with a user interface refresh along with some new features and bug fixes.

See our blog post for additional details:

New Features

Vault Release 16.8.9

Released on Feb 13, 2023

Improvements

VAUL-5653: Force auto-update all users to 1,000,000 PBKDF2 iterations
VAUL-5655: Switch transmission key from RSA to EC

Bug Fixes

KDE-1333: LastPass import missed some custom fields such as SSH keys

Vault Release 16.8.6

Released on Jan 3, 2023

Improvements

Set new default PBKDF2 iterations to 1,000,000 rounds

Vault Release 16.8.5

Released on Dec 20, 2022

Bug Fixes

KDE-1313: LastPass automated import hanging on some accounts
KDE-1319: Safari import hanging on macOS Ventura

Older

Releases notes older than last 10 releases

Older release note content is still available, but anything older than the last 10 updates is placed here.

Vault Release 16.8.4

Released on Nov 30, 2022

Bug Fixes

KDE-1317: Debian package compatibility issues
KDE-1318: RPM package compatibility with CentOS7

Vault Release 16.8.3

Released on Nov 29, 2022

Bug Fixes

VAUL-5551: Extension not auto-logged in if installed while Web Vault currently logged in

Vault Release 16.8.2

Released on Nov 2, 2022

Features

VAUL-5409: Support for JP and CA regions

Vault Release 16.8.1

Released on Oct 25, 2022

Bug Fixes

VAUL-5546: BreachWatch re-scanning records repeatedly
KDE-1301: TOTP QR code scanning window not working

Vault Version 16.7.2

Released on July 29, 2022

Bug Fixes

KDE-1273: Touch ID shows as "enabled" for users after an app reset
KDS-1277: Custom Record Template showing "Discard Changes?" on save
VAUL-4849: Showing content security policy error in console on login
VAUL-5362: EU data center BreachWatch errors for users on a free trial

Improvements

Added support for Password Manager Pro import
Added support for generic .xls or .xlsx file import

Vault Version 16.7.1

Released July 17, 2022

Bug Fixes

Multiple Tickets: Several UI bugs, translations and visual fixes

Vault Version 16.7.0

Released on June 21, 2022

Features

VAUL-5165: Offline Create/Edit Record capability

Vault Version 16.6.0

Released on May 4, 2022

Features

VAUL-5029: Introducing One-Time Share. See the and for more details.

Vault Version 16.5.0

Released on March 31, 2022

Features & Improvements

VAUL-5035: Ability to convert "general" to new Record Types
VAUL-4879: Role enforcement to activate Stay Logged In
VAUL-4893: Role enforcement to enable Self Destruct
VAUL-5201: Improved performance of uploads and downloads

Bug Fixes

VAUL-5187: QR Code upload fails for certain formats
VAUL-5202: MyKi and 1Password TOTP record imports are not autofilling*
(*) To resolve existing records, run the verify-records command in .
VAUL-5191: TOTP and custom fields not available in CSV export

Vault Version 16.4.3

Released on Feb 3, 2022

Bug Fixes

Resolve data import issues with version 16.4.2 that caused crashes on the Browser Extension and Android app. See resolution page: -->

Vault Version 16.4.2

Released on Feb 2, 2022

Features & Improvements

KDE-1193: Include TOTP fields in LastPass automated import

Vault Version 16.3.1

Released on Nov 17, 2021

Bug Fixes

VAUL-5079: Unable to login with Internet Explorer 11

Improvements

VAUL-5032: 508 Accessibility updates (checkboxes, menus, contrast and resizing)

Vault Version 16.3.0

Released on Nov 5, 2021

New Features and Improvements

VAUL-4710: Secrets Manager user interface is now generally available on the Keeper Web Vault and Desktop App. For more information about Keeper Secrets Manager, see:
https://docs.keeper.io/secrets-manager
VAUL-4904: Visual improvements and workflow improvements for Record Types template creation.
VAUL-5062: Added MyKi password manager to Keeper Import screen

Security Updates

VAUL-5038: Migrated from webpack4 to webpack5
KDE-1163: Additional changes to ensure that logout clears all memory. User-initiated logout performs full restart of the Keeper Desktop application.

Bug Fixes

KDE-1164: KeeperFill for Apps will only process hotkeys when a record has been selected. This prevents conflicts between existing hotkeys and KeeperFill.
KDE-1169: Sync errors after deleting a Shared Folder
KDE-1168: "Object no longer exists" error when switching between KFFA and Desktop App

Vault Version 16.2.6

Released on Oct 22, 2021

Improvements

KDE-1150: Support for CCH Axcess native app autofill
VAUL-4991: Changed Software License Number to a hidden field

Bug Fixes

KDE-1157: Improved support for Azure Conditional Access
KDE-1156: Remove use of legacy windows registry key which generates a report in Cybereason
VAUL-5036: Restore of Record Type records
VAUL-5018: Showing "unexpected error" when creating user accounts with a pending transfer acceptance

Vault Version 16.2.5

Release ETA on Oct 18, 2021

Bug Fixes

VAUL-5024: Record Type records not syncing after activating Record Types
VAUL-5018: Showing "unexpected error" when creating account with a pending transfer acceptance

Vault Version 16.2.3

Released on Oct 8, 2021

Support for Safari 15 automated password import

Vault Version 16.2.0

Released on September 14, 2021

New Features & Improvements

Support for Azure Conditional Access on the Keeper Desktop application for users who login with Single Sign On. Previously, Azure Conditional Access policies could not be added to Keeper.

Vault Version 16.1.0

Released on June 28, 2021

Accessibility (508 Compliance)

Keeper has been making UI changes across all web-applications and browser extensions to comply with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d). The Keeper Web Vault and Desktop App now supports keyboard navigation and they are compatible with popular screen readers and other assistive technology.

Vault Version 16.0.1

Released on May 21, 2021

This is a bug fix release that mainly focuses on the new Record Types feature (still in beta). Therefore most customers are not affected by the bug fixes listed below.

Bug Fixes

KDE-1077: Logout from KeeperFill for Apps generates an error

Vault Version 16.0.0

Released April 26, 2021

New Features and Improvements

Introducing Record Types for Web Vault & Desktop App (Limited Release) This release introduces a powerful new feature called "Record Types", which gives users the ability to create records of various template types, grouped into categories, each containing a unique collection of field types and functionality fields within the record. Record templates can be created by Admins that are custom to the needs of the business. This feature is only available for Enterprise customers, activated on an individual basis at this time, because the Browser Extension, iOS and Android apps are still under development. If you are interested in being an early adopter of Record Types, please contact your customer success team member at Keeper and we'll activate the feature.

Generate a Password in KeeperFill for Apps Keeper's password generator is now within easy reach in the KeeperFill for Apps toolbar landing screen. Users can generate and copy the secure password or use it to create a new record.

Comprehensive Keyboard Command Functionality for KeeperFill for Apps
Support for NTLM Authentication for Microsoft Windows Customers

Bug Fixes

KDE-959: The "Session Timed Out" dialogue appears when logging into a different account after a session timeout occurs
KDE-1034: When a user attempts to switch from US to EU region at login, an Uncaught TypeError is returned
KDE-977: Selecting "Create an Account" in KFFA opens the login page on Keeper Desktop
VAUL-4721: The "Admin Console" button in the Vault fails to redirect Enterprise users to the console

Vault Version 15.2.0

Released April 3, 2021

New Features & Improvements

Expansion to AU Data Center - Keeper now supports an AU data center. Users have the option to select "AU" from the region selector at login for Keeper Desktop App.

Vault Version 15.1.0

Released on March 8, 2021

New Features

New "Shared Records Report" added to the Export screen:

Vault Version 15.0.18

Released on March 4, 2021

Features

KDE-990: Support for logout timer with more than 1440 minutes

Bug Fixes

KDE-1021: Errors when logging into Azure
VAUL-4643: Login hangs when a user converts from Master Password to Cloud SSO
VAUL-4644: Record "info" screen is not showing the user who made the change
KDE-839: Update Electron framework dependencies

Vault Version 15.0.16

Released on February 15, 2021

Bug Fixes

VAUL-4643: Login hangs when a user converts from Master Password to SSO Cloud login.
VAUL-4644: Record "info" screen sometimes does not return the user information in Last Modified date.

Vault Version 15.0.15

Estimated Release Date: February 5, 2021

Bug Fixes

REL-3160: Import instructions for Avast are missing

Vault Version 15.0.14

Estimated Release Date: January 22, 2021

Improvements

VAUL-4589: Support for Avast password import

Vault Version 15.0.13

Estimated Release Date: January 8, 2021

Bug Fixes

VAUL-4584: CSP error upon loading Web Vault v15.0.12
KDE-989: JavaScript runtime error upon launching Keeper Desktop on Mac (Big Sur)

Vault Version 15.0.12

Estimated Release Date: December 31, 2020

Improvements

VAUL-4547: Support for Kaspersky password import
VAUL-4552: Admins now receive a warning before removing themselves from a shared folder
VAUL-4566: Improved performance handling of vaults with large data sets
VAUL-4551: Enterprise users to receive notification with explanation for Master Password change and complexity requirements upon login

Bug Fixes

KDE-945: User receives error message after closing Desktop App and relaunching
KDE-962: "About Keeper" options menu fails to appear after first launch of Desktop App on Windows
KDE-972: KeeperFill for Apps fails to respond to hotkeys when switching between apps
KDE-973: Recipient of a shared record is required to login again after the shared record has been edited

Vault Version 15.0.11

Released December 14, 2020

Bug Fixes

VAUL-4549: Unable to reset Master Password with Browser Extension v15.0.2 installed

Vault Version 15.0.10

Published on December 8, 2020

Special Notes

Password Complexity requirements are checked upon every login, not just during Master Password Reset. If you have a user being asked to change your Master Password, they are likely using a password that does not meet the policy requirements.

Vault Version 15.0.9

Published on October 22, 2020

Bug Fixes

VAUL-4472: "Salt/Iterations" error message when Master Password user tries to login with the SSO Alternate Master Password login screen.

Vault Version 15.0.8

Released on October 16, 2020 @ 10PM PST

Bug Fixes

VAUL-4487: Users who created their account prior to several years ago, who are part of an Enterprise without a Master Password policy, with a Master Password that is less than 10 characters, are being prompted to change their Master Password upon logging into the vault. However, the resulting flow is not enforcing the 10-character minimum, so the user may enter into a confusing loop. This issue is being fixed EOB today.

Improvements

KDE-940: Removed legacy PBKDF2 Iteration settings
KDE-939: "Stay Logged In" setting now appears on the Keeper Desktop application.

Vault Version 15.0.7

Released October 16, 2020

Bug Fixes

KDE-933: Fix for minor UI display issue
KDE-932: User unable to proceed past 2FA timeout screen and return to login upon clicking "OK" button when prompted

Vault Version 15.0.6

Released October 10, 2020

Enhancements & Benefits

VAUL-4459: SSO Cloud users are able to auto-login and logout to the vault and browser extension simultaneously.

Vault Version 15.0.5

Released September 1, 2020

Features & Enhancements

Vault Version 15.0.4

Released September 18, 2020

Bug Fixes

Fixed: The Web Vault logs out ahead of the browser extension and generates error messages

Vault Version 15.0.3

Released September 11, 2020

Benefits & Enhancements

Support Email Address Change - Enterprise (SSO) users now have the ability to change their email address from their Vault (if role enforcement policies allow).

Vault Version 15.0.1

Released September 4, 2020

Bug Fixes

Fixed: New Enterprise users (non-SSO) are prompted for device approval prior to account creation.
Fixed: User login to web vault from browser extension fails on IE11 browsers.

Vault Version 15.0.0

Released September 3, 2020

Benefits & Features

New "Help" Button - A "Get Help" button has been integrated into the Vault login page. Upon clicking this button, the user will be prompted to select either "Forgot Master Password" or "Get Help". "Get Help" redirects the user to Keeper's Support page where our user guides and Support Team can be reached.
Enhanced Enterprise Authentication Flow - Keeper has launched a new authentication flow for our customers with Enterprise plans that simplifies deployment and usability while enhancing security.
- If Keeper recognizes an end user’s email domain as an SSO-enabled Enterprise, the user will be automatically routed to their identity provider instead of having to type in the Enterprise Domain string.
- For Master Password users, if a device is recognized, and 2FA is activated, the user will receive a prompt prior to typing in their Master Password.

Bug Fixes

Fixed: An error message fails to appear when a user has reached device approval limit.
Fixed: Upon logging into the vault, the device approval Keeper Push prompt displays a key value.
Fixed: When an SSO user attempts to delete all their owned records they a incorrectly prompted to enter a Master Password.

Vault Version 14.14.1

Released June 12, 2020

Bug Fixes

Fixed: The import instructions from a ZOHO file are incorrect causing fields to not parse correctly.
Fixed: User receives error when attempting to import a .csv file with three fields.
Fixed: Import instructions missing for JSON files.
Fixed: Automated import form LastPass is unresponsive and no longer displays progress animation.

Vault Version 14.14.0

Released June 9, 2020

Features & Enhancements

Privacy Screen - Admins now have the ability to control the viewing (unmasking) of passwords based on a specified domain. Additionally, it prevents the user from changing the website URL after the record has been saved. This policy is enforceable by the Admin for individual domains within each of their Generated Password Complexity settings by enabling "Apply Privacy Screen".

Vault Version 14.13.3

Released May 19, 2020

Benefits & Enhancements

Password Importer Update - The Keeper Import Tool has been updated to version 14.0.6, supporting Brave, Chromium and Edge browsers along with several bug fixes.

Vault Version 14.13.2

Released May 5, 2020

Benefits & Enhancements

Support for Chrome v80 Password Import - Support established for the import of passwords from Chrome v80 and newer on Windows devices.

Vault Version 14.13.0

Released April 16, 2020 for Desktop App

Benefits & Enhancements

KeeperFill for Apps Redesign - This release entails a comprehensive design and technical update of KeeperFill for Apps, dramatically enhancing the user experience with the Keeper Desktop App. The Desktop App window can now be closed but remain running and accessed through the system tray via the familiar Keeper icon.

Many of the existing features of Keeper's Desktop App can now be applied through KeeperFill for Apps, such as: filling credentials and launching websites, viewing all records and favorites, adjusting settings, and accessing Keeper's User Guides. Additionally, within the Settings menu, the following KeeperFill hotkey actions can be customized by the user, further streamlining their experience with Keeper for Desktop:

VAUL-6437: Fixed an issue where custom templates with numeric names (without periods) appeared at the top of the list instead of under the "Custom Template" section.
VAUL-6275: Fixed an issue ensuring that Record Type Sorting aligns with the modified list.
VAUL-6889: The user gets a clear error message when the share request fails.
VAUL-6908: Prevented users restricted from sharing or receiving from creating shared folders.
VAUL-5874: Removed the period from the title on the empty Vault Splash Page.
VAUL-5958, VAUL-5959: Implemented functionality improvements for My Vault, Record view, and Security Audit page, addressing customer expectations for dark mode, though some visual inconsistencies and color contrast requirements
VAUL-6760: Fixed an issue where the Country field displayed incorrect or empty values when switching between Address records.
VAUL-5702: Changing the default field type now updates the label accordingly.
VAUL-6438: Standard records now appear in the top section and custom record types in the bottom section, each sorted independently with numerical first, followed by alphabetical.
VAUL-6436: Resolved an issue where the letter 'g' was cut off in custom templates.
VAUL-6758: Fixed an issue where the default password complexity wasn't saved during the initial rotation setup.
VAUL-6972: Fixed an issue where restored records did not update security scores until the user logged out and back in.
VAUL-5949: Fixed an issue where the Save button in Secrets Manager remained disabled after deleting a Gateway.
VAUL-5862: Fixed an issue preventing users from deleting a Gateway in Secrets Manager if multiple Gateways existed.
VAUL-5847: Fixed an issue where the sort header within the Secrets Manager did not reflect the selected sort option.
VAUL-6635: Fixed an issue where the tooltip did not describe the cron format, adding an explanation and examples for proper usage.
VAUL-6988: Fixed the update with the Login Buttons
VAUL-6983: Fixed an issue that restricted Unlimited, FP, and Trial users from accessing offline mode via the login page.
VAUL-6941: Fixed an issue where unreferenced records weren't deleted during sync down.
VAUL-6911: Fixed an issue where removing a record link deleted the linked record despite other existing references.
VAUL-6961: Resolved an issue where removing direct access to an owned record unintentionally removed ownership.
VAUL-6990: We've resolved an issue where uploading a file larger than 100MB would block the upload of other selected files.
VAUL-6977: We fixed the 'Internal Error' issue during offline logins.
VAUL-6995: We fixed the issues where discard changes are generated twice.
VAUL-6998: We fixed an issue where gateways were displayed randomly. They are now sorted numerically and alphabetically.
VAUL-6947: We've resolved an issue where records were unintentionally removed from shared folders during the sync-down process.
VAUL-7012: We fixed an issue with incorrect toast messages when trying to create duplicates without permission.
VAUL-6881: We've fixed an issue where breach watch results were only sometimes being returned when expected.
VAUL-6534: We've resolved an issue causing "bad request" errors during security data updates specifically for the vault client.
VAUL-6962: We've resolved an issue where records created in the BE weren't appearing in the BW.
VAUL-7019: We have fixed the issue with the secrets manager not showing up in SF/Records
VAUL-6750: Vault now uses the encrypted session token returned by accept_enterprise_invite instead of the previous session token.
VAUL-7025: We've fixed an issue where records with the password "hasOwnProperty" were causing various client crashes.
VAUL-7018: We fixed an issue where selecting "all" in an empty shared folder incorrectly showed "1 selected." Now, it correctly shows "0 selected" and unselecting the box removes the message.
VAUL-7036: We've fixed an issue where the Grid View Record Context Menu button was incorrectly positioned when focused.
VAUL-7039: We fixed an issue where the file_attachment_uploaded audit event was incorrectly triggered for file removals.
VAUL-7045: We've fixed an issue where vertical dividers were missing from the Security Audit.
VAUL-7053: We've fixed an issue where the UI didn't display throttle messages when entering incorrect passwords multiple times in offline mode.
VAUL-7059: We've fixed an issue where the cursor focus was incorrect after entering a password in the MP entry modal.
VAUL-7060: We've fixed an issue where the Offline Duration Setting required a browser refresh to take effect.
VAUL-7050: We've fixed an issue preventing MSPs from logging in offline.
VAUL-7058: We've fixed an issue where Free Trial users without a BW subscription encountered a "bad request" error when scanning records with strong passwords.
VAUL-7057: We've fixed an issue where the last scan date was incorrectly displayed as "N/A" in BW.
VAUL-7065: We've fixed an issue causing incorrect font display on the web vault.
VAUL-7068: We resolved an issue where the "Work Offline" button was incorrectly displayed for users without offline access, even after clearing the browser cache or logging out
VAUL-7076: We've fixed an issue causing the error "No key for encryption of security data" in Vault.
VAUL-7074: Sharing invitations can now be sent without errors.
VAUL-7080: We've fixed an issue preventing update_security_data from working on ECC-only enterprises.
VAUL-7079: We've fixed an issue causing several missing key warnings.
KDE-1346: We've fixed an issue with misaligned edit icons for KFFA hotkeys.
KDE-1423: We've fixed an issue where the Topsite list wasn't narrowing correctly as users typed in the title field
KDE-1428: We've fixed an issue preventing users from moving owned records into shared folders.
KDE-1500: We've fixed an issue where incorrect notifications were displayed for oversized file uploads
KDE-1048: We've fixed an issue where the Region Selector was cut off at the bottom in KFFA.
KDE-1538: We've fixed an issue where resetting Keeper from the Help Menu didn't clear the desktop app cache
KDE-1539: We've fixed an issue with the localization of the access expiration banner.
KDE-1544: We've fixed an issue preventing password re-entry in KFFA.
KDE-1545: We've fixed an issue where the offline edit indicator persisted after reconnecting to the server and logging.
KDE-1540: We've fixed an issue preventing users from downloading large file attachments, which caused the app to stall
KDE-1549: We've fixed an issue preventing Direct Import from LastPass due to a JavaScript error.
KDE-1551: We've fixed an issue preventing the import of simple phone data from LastPass for non-address records.
KDE-1552: We've fixed an issue that prevented new Enterprise Admin accounts from using a fresh install of KDE.
KDE-1478: We've fixed an issue where the "Securely Upload to My Vault" option did not clear after a drag-and-drop operation.
KDE-1553: We updated the macOS build environment from macOS 12 to macOS 13 in the build-desktop-vault.yml workflow.
KDE-1556: We updated the download links for the desktop app to point to the new CloudFront distribution.
KDE-1559: Fixed QA download page: now shows versions and directs users to the latest build.
KDE-1565: We've fixed an issue preventing KSM device configurations from being generated.

Vault Release 17.3

Released on July 24, 2025

New PAM Features & Improvements

Summary

Keeper version 17.3 brings several powerful PAM enhancements that empower DevOps, IT Security, and development teams with enhanced visibility, control, and collaboration across IT environments.

Updates to Keeper introduce the Domain Controller configuration for Active Directory environments.
include Launch Credentials, Personal Credentials, and Ephemeral Accounts within Keeper Connections, offering flexible, secure access options that eliminate standing privilege, and enable Just-in-Time session-based authentication.
Secrets Manager now allows and Gateways with other Keeper users, enabling secure and collaborative management of secrets across your organization.

Discovery

Keeper Discovery provides DevOps, IT Security, and development teams with centralized visibility into privileged accounts and IT assets across local, AWS, and Azure environments. Integrated through the Keeper Gateway, it helps organizations identify unmanaged accounts, misconfigurations, and security risks. By automating asset discovery and delivering actionable insights, Keeper Discovery strengthens security, streamlines operations, and supports compliance across complex infrastructure setups. Version 17.3 brings additional features to the discovery process for customers.

Details

To create a Discovery Job, navigate to the Discovery tab and click Create Discovery Job. Then, select an active Keeper Gateway to perform the scan. The Gateway is linked to a PAM Configuration, which defines the environment type being scanned.

If the PAM Configuration is missing required details, such as CIDR ranges or cloud credentials, you’ll be prompted to provide that information before the job can proceed.

Once a Discovery Job reaches the Completed state, clicking on the job allows you to review and process the findings interactively. You can select multiple items or go through them individually, adding findings to a queue before finalizing the results.

While reviewing discovery results, you can choose the Vault location where each resource will be stored and assign the appropriate Admin Credentials. These credentials serve several key functions:

User Account Discovery: Used in future discovery jobs to remotely access the resource and identify local user accounts.
Password Rotation: Enables on-demand and scheduled password rotations for discovered accounts.

Additionally, PAM Users identified during discovery can be configured for automatic password rotation.

In the Discovery Job panel, you can view all previously run jobs along with their status, such as Completed, Running, or Failed.

New Ways to Connect with Keeper Connections

Keeper Connections offer multiple authentication methods to securely access target systems:

Launch Credentials: Use credentials configured directly on the PAM Machine, Database, or Directory record. Users can initiate sessions without needing direct access to the credentials themselves.
Personal/Private Credentials: Users can authenticate using their own credentials stored securely in their Keeper Vault, providing flexibility and personal control.
Ephemeral Accounts: When enabled, a temporary, system-generated privileged account is created specifically for the session. This account is automatically removed after the session ends, supporting Just-in-Time access with zero standing privilege.

Connection Templates

PAM Machine, PAM Database, and PAM Directory record types can now be set up as Connection Templates, allowing users to launch sessions to target systems without needing a predefined hostname or credential.

Each template requires configuration of the Keeper Gateway and the relevant connection protocol settings. Once created, templates can be shared with other users. When launching a session from a template, users are prompted to:

Enter the target hostname
Select a credential from their own Keeper Vault for authentication

The Keeper Connections tab enable users to instantly and securely access infrastructure assets, such as servers, databases, web apps, and workloads, directly from the Keeper Vault, without exposing credentials. This ensures a zero-trust, zero-knowledge security model.

Connections are configured on PAM Machine, PAM Database, PAM Directory, and PAM Remote Browser record types, and can be launched directly from these records.

Under the Connection tab, you can enable users to select credentials from their own vault and optionally configure the launch credentials to rotate automatically upon session termination.

Within the PAM settings, we've added a new Rotation tab and a JIT Settings tab for each resource.

Just-in-Time Access with Ephemeral Accounts and Role Elevation enables secure, one-click privileged sessions to infrastructure assets directly from the Keeper Web Vault. With Just-in-Time (JIT) access, users are granted elevated privileges only for the duration of a session, significantly reducing the risk of standing privileged accounts. Once the session ends, all elevated access is automatically revoked.

Ephemeral Account Creation

The Keeper Gateway can automatically create temporary privileged accounts on the target system at the start of a session and delete them at the end. This ensures no persistent accounts exist to be compromised.

Role and Group Elevation

Instead of creating temporary accounts, KeeperPAM also supports role or group-based elevation, temporarily assigning elevated privileges (e.g., Windows “Administrators” or AWS IAM roles) to the session user. Elevation is revoked automatically when the session ends.

This flexible approach to JIT access, via ephemeral accounts or role elevation, supports a zero-trust security model while simplifying privileged access management across your infrastructure.

Keeper Secrets Manager (KSM) offers DevOps, IT Security, and development teams a fully cloud-based, Zero-Knowledge platform to securely manage infrastructure secrets, such as API keys, database passwords, access tokens, certificates, and other sensitive data.

Once a KSM Application is created, it can be securely shared with other users in your organization. Shared users gain access to application features, including viewing secrets, managing devices and gateways, and configuring PAM record types via the associated Keeper Gateway.

This sharing capability enables secure team collaboration while preserving strict access controls through Keeper’s Zero-Knowledge security model.

Domain Controller Configuration

KeeperPAM now supports Domain Controller configurations, enabling seamless discovery and management of domain-joined resources. When combined with Keeper Discovery, organizations can automatically identify domain-connected assets across their environment and securely manage access through shared KSM Applications, PAM record types, and the Keeper Gateway, all within Keeper’s Zero-Knowledge architecture.

Keeper One-Time Share (OTS) enables secure, time-limited sharing of records with anyone, no Keeper account required. Ideal for sharing sensitive information with friends, family, or colleagues, OTS eliminates the risks of sending data via email, text, or messaging apps.

Each share link:

Expires automatically at a time you choose
Can only be accessed on a single device (device-locked for added security)
Prevents unauthorized access, even if the link is intercepted or your email is compromised
Supports bidirectional communication, allowing both parties to securely view, edit, or upload content during the session, while maintaining full control and temporary access

When the recipient opens the share link, the record will launch in their web browser and become bound to that specific device. Access will automatically expire after the designated time, at which point the link becomes invalid and the record can no longer be viewed, even on the originally authorized device.

The new bidirectional capabilities of Keeper’s One-Time Share (OTS) feature enable true two-way collaboration between Keeper users and non-Keeper recipients, all within a secure, time-limited session. Once the recipient opens the shared record in their browser, they can not only view the information but also:

Edit existing fields within the record (e.g., notes, credentials, custom fields)
Upload and attach files, such as documents, images, or certificates

All changes are made within the same secure, device-bound session. Once the recipient clicks Save, the updates are reflected in the sender’s vault in real time.

This allows for secure, efficient collaboration, such as collecting sensitive onboarding details, exchanging credentials, or updating records, without requiring the recipient to create a Keeper account or leave the zero-knowledge environment. Once the session expires, all access is revoked, ensuring the shared information remains tightly controlled.

To learn more about Keeper's One-Time Share feature, click .

By default, this permission is disabled for Enterprise environments. To activate the feature, visit the Admin Console > Roles > Enforcement Policies > Creating and Sharing and check the box next to "Can create links with editable fields and file upload capabilities".

Discover all the , or visit website to start your free trial or request a personalized demo.

Enhancements

VAUL-7283: Admins can now create flexible resource records with separate admin and launch credentials, user-supplied credentials, or templates that support custom host and credential entry.
VAUL-7285: Admins can now enable JIT ephemeral access, allowing temporary admin privileges, automatic account cleanup, and post-session credential rotation—all securely managed in PAM settings.
VAUL-5995, VAUL-7333, VAUL-7235: KSM applications can now be shared with users, with role-based permissions and enhanced management of folders, devices, gateways, and activity logs for better collaboration and security.

Other Updates

VAUL-7488: We improved the import of Dashlane .dash files into Keeper.
VAUL-7138: We added the UID from reporting & alerts to the deleted items.
VAUL-7370: Fixed a bug that prevented session recording playback from scaling properly.
VAUL-7432: Now, users can rotate credentials on PAM user records as long as they have the "Can Rotate" policy and the KSM application has edit permissions.

Bug Fixes

VAUL-6440: Fixed an issue where 2FA duration settings were not honored for users with SMS-based 2FA, causing repeated prompts on each login.
VAUL-7325: Fixed an issue where non-owners could manually enter passwords in the Privacy Screen.
VAUL-6069, VAUL-6070: Fixed alignment issues in the advanced search results dropdown.
VAUL-5979: Updated the login flow so that selecting ‘Master Password’ from the SSO dropdown now defaults the cursor to the email field.

Read Me First

Most common troubleshooting issues across all Keeper applications

System Status

Monitor the Keeper infrastructure system health here:

User Guides

All Keeper end-user and Enterprise documentation can be found at the .

AI Chatbot

We have published a helpful AI chatbot which is trained on Keeper documentation. Give it a try here:

Searchable FAQs

See our FAQ list from:

Syncing or Data Issues

If information is not sync'd or out of date, you may just need to run a Full Sync.

From the web vault or desktop app, click on Full Sync from the lower right.
On iOS and Android, go to the Account tab > Sync > Sync Now.
On the browser extension (17.2+), click on Full Sync from the main menu.

Autofill Issues

Keeper has implemented a "Snapshot Tool" which helps customers solve Autofill issues quickly. This process allows us to deploy autofill fixes within the same day.

SCIM Provisioning Errors

SCIM enforces reserved domains on any provisioning request. If you receive an error like "This domain cannot be used for SCIM provisioning" or "Use a different email domain" from SCIM provisioning, This means that you need to request domain reservation for the email domain that is being provisioned.

SSO Logins not working

Typically, this means you need to update your SAML signing certificate. Follow the guide below for step by step instructions:

Email Invites Not Sending Custom Template

For security reasons, custom email invitations cannot be sent to users if the domain has not been reserved by the customer. To learn about Domain Reservation please .

Ubuntu Linux GPG Key

Keeper's signing key for the Ubuntu Linux version of Keeper Desktop has expired, so we extended the expiration and pushed up a new GPG public key. This key is hosted at the below location:

We've also submitted this latest GPG public key to the keyserver.ubuntu.com keyserver.

Customers can pull down the latest key by running the below command and then retrying:

Samsung Autofill Selection Not Showing

Some customers are unable to select Keeper from the Samsung provider list when activating KeeperFill.

If Keeper does not show up, please open your device settings and search for "Passwords" then select Keeper under "Passwords, passkeys and autofill".

iOS Stuck on Syncing

If you are seeing syncing stuck on the screen, please check the following:

Update to the latest version of Keeper on the App Store
Instead of logging in with biometrics, try to login with your Master Password (clicking "Next")
After a successful login, visit the settings screen of Keeper and turn OFF/ON the Face ID or Touch ID setting.

Verification Codes Missing on Apple Watch After Update (Keeper v17.4.0):

Following the update to Keeper on iOS version 17.4.0, some users may find that the Verification Code (2FA/OTP) option is no longer visible on their Apple Watch. This happened due to a required update to how the iPhone app and the watch app talk to each other. For those users, this means the link between the two needs to be re-established to get your codes showing again.

How to Fix It:

Use a Backup Code to Log In & Reset your 2FA

When logging into your account, choose the option to use a backup code when prompted for your usual verification code.
Once you are logged in, navigate to Settings & then Two-Factor Authentication.
Find and select the option to Turn Off Two-Factor Authentication.
Finally, select Two-Factor Authentication again and proceed to add your Apple Watch.

When you set up 2FA again, you will get a new set of backup codes. Please remember to save these new codes in a safe and secure place!

Don't Have Your Backup Codes?

If you can't find your backup codes, please contact our support team . We are ready to help you get this sorted out.

I'm being asked for a PIN with my FIDO2 Security Key

We're constantly improving Keeper's security to keep our users safe. Starting with Backend API Version , if you're using a FIDO2 Yubikey device for two-factor authentication (2FA), you might need to enter a PIN associated with your device when you log into Keeper. This is a FIDO2 feature called "user verification" that our system uses to check if the PIN is set up on your device.

If you'd rather not use a PIN with your FIDO2 Yubikey device, you can remove it using the . However, keep in mind that if you reset your Yubikey device, you'll have to re-register your key with Keeper and any other application that you use with your key.

We will add a feature soon to allow consumers to decide whether or not user verification is required. This will be added to Vault version 16.10.4.

For our business customers, we're planning a role enforcement feature that requires user verification (by setting userVerification response to "required"). Until then, the system will respond based on your device setup.

Getting a 403 Error or Unable to Load Website

If you are unable to access Keeper's website or Vault from your device with a "403 error", your IP address is being blocked. Keeper automatically blocks IP Addresses that have a "low reputation score". This list of IPs is maintained by a dedicated threat research team at Amazon AWS, and as such we do not have visibility into exact reasons why an IP is placed on this list. To resolve the issue:

Open the below URL on a computer which is generating this error:
Your external IP address will be provided on the screen.
Please send the IP to the Keeper support team support team via our support page at and we'll check into unblocking it from our WAF.

Upgrade to the Latest Version

Many issues can be resolved by updating your Keeper app. Install the latest Keeper version from your App Store or the .

Perform a Full Sync

From the mobile apps, go to the Account screen > Sync > Sync Now. This performs a "full sync" of all the data and ensures that anything missed in the normal sync process is caught. The latest Web Vault and Desktop App also have a "Sync" feature along the bottom of the screen.

Install Any Pending Browser Updates

Browser extensions generally stop working properly if an update is pending or the browser is out of date, even by one version. Make sure to update your web browser to the latest version and then fully restart your web browser.

Clear Cache / Reset the Vault

Clear cache on your web browser or open Incognito Mode to try and login. If this works, you should just reset your Keeper app by visiting the Web Vault on your respective data center:

(US)
(EU)
(AU)
(CA)

By appending #reset on the end will force Keeper to clear local data. Refresh the page a few times and this should clear things out.

Ensure Only One Extension is Installed

Ensure only ONE Keeper browser extension is installed. Having two installed causes many issues. Visit Window > Extensions and check your extensions. Don't use multiple password managers at the same time.

Check for Cache Settings

Ensure that "clear site data when you quit Chrome" is disabled. This can cause errors and vault decryption issues.

This is a very common issue with our users. Keeper's advanced security protection and encryption prevents inspection of traffic, otherwise known as "man-in-the-middle". This can sometimes conflict with antivirus, popup blockers and web filtering apps. Make sure to try turning OFF these 3rd party plugins or applications to see if they are causing any conflict with Keeper.

Don't Block Cookies

Many websites (including Keeper's browser tools) won't function correctly if you block cookies, block Javascript, block local storage or have any extreme browser privacy settings that prevent our product from running. Please try to set your browser to default settings and see if that resolves the issue you're experiencing.

Check Your System Clock

If you are experiencing an issue where the Two-Factor (TOTP) codes are different between your mobile and desktop devices, this is usually caused by the time difference between your devices. Ensure that your device time and date is set to "Automatic". If the times are different by even a few seconds, this will cause different codes to appear on different devices.

Face ID or Touch ID Stopped Working

If biometrics such as Face ID / Touch ID stops working, simply login to Keeper with your Master Password (or SSO), then visit the Settings screen and turn biometric login OFF and ON. This should resolve any biometric login issues.

Forgot Master Password?

Consumers: Keeper employees do not have access to your Master Password or Recovery Phrase, and we cannot reset it for you. If you have forgotten your Master Password, please try using our Account Recovery feature by visiting the "Need Help" > "Forgot Master Password" option on the Keeper login screen.

Without your Master Password or recovery phrase, your records cannot be decrypted. If you don't have recovery setup for the Keeper account at all, unfortunately account recovery will not be possible.

If you have tried all possible Master Password and Account Recovery options and are still unable to login to Keeper, we can delete your account so that you can start over. Please contact the support team for assistance.

A very common issue when a user is unable to login, is that people could have multiple Keeper accounts (perhaps from different email addresses), or maybe a typo in your email address. If you think that's a possibility, please contact our support team and we will assist you.

Business Customers: If you have tried all possible Master Password options and are still unable to login to Keeper, you will need to contact one of your Keeper Administrators within your company to have them either transfer your account to a new vault so that you do not lose any data. Or, request your Admin to delete your profile and re-invite you which will allow you to start over with a new master password. If you are using SSO for login, they can assist you in recovering your account with the SSO provider.

If you would like to change your existing Master Password from the Web Vault & Desktop App, from the account dropdown menu (your email ) select Settings and next to "Master Password" click Reset Now. You will then be prompted to enter your current Master Password Password and create and confirm a new Master Password.

To change your Master Password on iOS and Android devices, within your vault, navigate to the Settings menu, scroll down and tap Reset Master Password (on iOS) or RESET NOW (on Android). You will then be prompted to enter your Current Master Password Password and create and confirm a new Master Password.

2FA Issues (Lost phone or Authenticator)

Consumers: If you changed phones or do not have access to your two-factor authentication device, please contact Keeper support and we will assist you in resetting your Two-Factor Authentication settings. For individual and family users, please open a consumer support ticket and we will assist you.

Business Customers: Please contact the Keeper Administrator at your company. Your Keeper Admin can disable your 2FA. For Keeper Administrators, please open a business support ticket and we will assist you.

How to Stay Logged In Longer

Keeper Web Vault, Desktop App and Browser Extensions have been updated with the "Stay Logged In" feature for all customers. To activate this feature open your browser extension > settings > Stay Logged In and turn the setting "ON". If it's already on, you may want to turn the setting OFF and ON. Then, logout and login to the browser extension. Learn more about "Stay Logged In" here:

Account Recovery Phrase Setup

Upon initial vault login, new users will be prompted to set up Account Recovery. Click Generate Recovery Phrase to begin.

Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it. Check the box to acknowledge you have stored it in a safe place and click Set Recovery Phrase to complete the setup.

Please note that if you forget your master password and lose your recovery phrase, you will not be able to login to your vault and Keeper Support will be unable to help you regain access.

Forgotten Master Password & Account Recovery

After their initial login, users are asked if they would like to set up Account Recovery using an account recovery phrase. This is especially important if you forget your Master Password during the account recovery process which is based upon an account recovery phrase, backup verification code (sent via email) and Two-Factor Authentication code (if enabled).

In addition to enabling an account recovery phrase, we recommend turning on Keeper's Two-Factor Authentication feature from your account's "Settings" menu.

Users who have signed into Keeper after August 2015, will automatically have Account Recovery enabled. To initiate Account Recovery, simply open Keeper through the Web Vault, iOS, Android or Desktop app and from the login screen, click/tap Forgot Password. Keeper will then walk you through a few steps to change your Master Password and recover your account. These steps will include a series of prompts requesting the following actions:

Enter your email address to initiate the account recovery process
Enter a backup verification code
Enter your account recovery phrase
Enter your Two-Factor Verification code (if enabled)

SSO Cloud SP Cert Update

The SSO Connect Cloud SP Cert has been renewed. If you have enabled strict SP certificate checking on your identity provider, you may need to update the Keeper cert in your IdP.

Login to Admin Console > select SSO node > Provisioning > click on SSO Cloud > "Export SP Cert"
Upload the cert to your IdP "SP Certificate" or "SP Signing Certificate" section.

Notes:

This only affects identity providers where strict SP cert validation is enabled
This will not affect environments running the Automator service
Customers using Okta and Single Logout (SLO) may need to update the SP certificate.

Release Notes

Deprecation Notices

Notice of deprecation for legacy versions

Keeper Client Applications below 17.0

Keeper Connection Manager on EL7

Keeper Desktop 32-bit binary version

Keeper Gateway below 1.5

Keeper Security

Newsletter

2025

2024

2023

Security Advisories

DEF CON 2025

Description

Timeline

Keeper's Protection

Reported Behavior:

Updating

Contact

CVE-2024-35164

NIST Link

Description

Black Hat EU 2023

Description

Okta Breach

Description

CVE-2023-44487

NIST Link

Description

Impact to Keeper

CVE-2023-27706

NIST Link

Description

Impact to Keeper

CVE-2023-5217

NIST Link

Description

Impact to Keeper

CVE-2023-4863

NIST Link

Description

CVE-2022-21449

NIST Link

Description

CVE-2023-36266

NIST Link

Description

Impact to Keeper

Troubleshooting

iPhone & iPad

Downloads

User Guides

iOS Missing Payment Cards

iOS Stuck on Syncing

Syncing, Updates and Device Approvals

Other iOS Issues

Feature Requests

Beta Slack Channel

Android

Downloads

User Guides

Syncing Errors

Syncing, Updates and Device Approvals

Other Android Issues

Feature Requests

Beta Slack Channel

Desktop and Web Vault

Vault

Preview Release

Web Vault Preview

Desktop App Preview with Forcefield

Standalone Forcefield Preview

Vault Release 17.4

Enhancements

Bug Fixes and Improvements

Vault Release 17.3.3

Bug Fixes

Security Updates

Vault Release 17.3.2