As new security advisories are published online for various systems, Keeper Security will post relevant information here.

Overview

A recent security report titled Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers was published on February 16, 2026 and was published by researchers with ETH Zurich and the Università della Svizzera italiana (USI).

This research has raised architectural considerations for cloud-based password managers operating under a malicious server threat model - where the server may behave dishonestly or be fully compromised. Keeper Security was not mentioned or referenced in this study.

Keeper values and appreciates this research study and is analyzing it in reference to our zero-knowledge and zero-trust security model and architecture. These types of studies are instrumental in elevating the technology in our industry and have tremendous value. We use these studies and work closely with industry researchers to practice successive advancements and inventions in our industry. Additionally, our security research team at Keeper are leading experts in cryptography and information security.

Contact

If you have any questions, please email us at [email protected].

View all latest updates

2026

• February

2025

2024

2023

Description

At DEF CON 33, a researcher presented on Clickjacking (UI redressing), where users can be tricked into clicking hidden UI elements. The researcher showed a scenario in which a malicious site could prompt a user to click on a transparent password manager autofill interface.

Keeper already blocks cross-domain autofill but collaborated with the researcher to further strengthen the browser extension as described below. We value the security research community and regularly collaborate with researchers to help protect our customers.

Timeline

• Apr 9, 2025: Researcher reported the issue. Keeper classified it as low severity since autofill from untrusted domains is already blocked.

• Apr 15, 2025: Engineering delivered a patched test build to the researcher within 8 days. Researcher noted the fast response.

• May 26, 2025: Fix released in browser extension v17.1.2 (see ).

Keeper's Protection

Keeper’s browser extension is designed to autofill credentials and payment information only on websites explicitly saved by the user. This creates a trust relationship between the user and the destination website. Keeper does not allow cross-domain autofill under any circumstances.

Users can optionally enforce stricter matching by requiring a full subdomain match for autofill. This behavior can be enabled via the browser extension’s settings, and it can also be enforced organization-wide by administrators through role-based policies in the Keeper Admin Console.

Autofill of payment cards and address information only occurs if the site matches a saved record in the user's vault, and the user has explicitly saved those details for the site. If a match does not exist, the user must manually confirm the autofill operation through a native popup dialog.

Reported Behavior:

The scenario reported by the researcher required:

1. Explicitly saving a Keeper record for a malicious or compromised website to your vault,

2. Visiting that site again, and

3. Interacting (clicking multiple times) on UI elements overlaid with a transparent Keeper autofill interface.

In this context, the user has already trusted the website by saving credentials to their vault with the exact root domain of the website. There is no vector for a different, unrelated root domain to initiate autofill without this precondition.

Because this relies on the user already trusting and saving the same domain, there is no cross-domain attack vector. The issue was therefore rated low severity, but Keeper implemented additional protections as a precaution.

Updating

The Keeper Browser Extension v17.2 updates automatically across Chrome, Firefox, Edge, Safari, Brave, and other Chromium-based browsers. No further action is required by users.

Contact

If you have any questions, please email us at [email protected].

Notice of deprecation for legacy versions

Keeper deprecates older versions of application software listed below. This means they’ll no longer be available from our published sources, and the backend will reject any requests coming from those versions.

Bug Fixes

• Emails with a "-" are unable to login

Features

• VAUL-5409: Support for JP and CA regions

Older release note content is still available, but anything older than the last 10 updates is placed here.

• Support for Safari 15 automated password import

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Impact to Keeper

Keeper Security's application servers are protected by AWS Shield which defends against DDoS attacks, and Keeper is not vulnerable to this attack. More info is posted on .

If you have any questions, please email us at [email protected].

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Description

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Impact to Keeper

Keeper Security may have been impacted by this vulnerability in the Desktop App since we use the Electron framework. As a precaution, we immediately updated to Electron framework version to v22.3.25 and published .

If you have any questions, please email us at [email protected].

Customers can request access to join our Beta and Customer Feedback or Keeper MSP Slack Workspaces to interact with Keeper employees.

NIST Link

NIST Link

Keeper Secrets Manager (KSM)

Please see the Keeper Secrets Manager .

Security Updates

• KDE-1425: Heap buffer overflow vulnerability in the libvpx library. Updated Electron framework.

NIST Link

Description

Bug Fixes

• KDE-1708: Resolved issue with macOS hot key autofill from KeeperFill for Apps due to changes in the Desktop App

Bug Fixes

• VAUL-6150: Shared folders are not instantly removed on team removal

Features & Improvements

• KDE-1193: Include TOTP fields in LastPass automated import

Security Updates

• VAUL-5868: Upgrade to React 18 library

Features

• VAUL-6001: Security Key can be set up as the only 2FA method

Bug Fixes

• Resolve data import issues with version 16.4.2 that caused crashes on the Browser Extension and Android app. See resolution page: -->

Bug Fixes

• VAUL-4549: Unable to reset Master Password with Browser Extension v15.0.2 installed

Bug Fixes

• VAUL-5079: Unable to login with Internet Explorer 11

Bug Fixes

• VAUL-4584: CSP error upon loading Web Vault v15.0.12

Bug Fixes

• VAUL-5546: BreachWatch re-scanning records repeatedly

Security Updates

• KDE-1594: Added protection against "synthetic mouse/key events" from 3rd party applications on Windows devices (reported by Bugcrowd researchers).

Bug Fixes

• KDE-1273: Touch ID shows as "enabled" for users after an app reset

Bug Fixes

• VAUL-7701: We now support Dropbox and Google Chrome password CSV exports into the vault.

• KDE-1722, 1720, 1723, 1727: Hotkeys now work reliably across Windows, Edge/Chrome, and international layouts, with fixes for focus handling, Ctrl+Shift+P, and repeated single-key triggers.

Security Updates

• KDE-1724: Resolved library "tmp" package related to CVE-2025-54798

Bug Fixes

• Multiple Tickets: Several UI bugs, translations and visual fixes

• VAUL-5307: SMS support for Trinidad and Tobago

• VAUL-5260: Payment card phone number saves incorrectly

• VAUL-5344: Removed Duplicate detection button for now due to inconsistencies

• KDE-1255: Touch ID setting turns off when signing in with the Laptop lid open

• KDE-1228: Canceling the Yubikey setup and login flow gives error

• KDE-1254: Filling from KeeperFill for Apps with German keyboard issues

• KDS-1244: Filling from KeeperFill for Apps with French keyboard issues

• KDE-1269: After logout, KeeperFill for Apps not selecting proper region (Govcloud)

• KDE-1274: KeeperFill for Apps with Privacy Screen not working in Microsoft Edge

Improvements

• VAUL-5320: Additional confirmation upon deletion of a Shared Folder

• KDE-1266: Added ability to delete account for Mac Store consumer version

Bug Fixes

• VAUL-4472: "Salt/Iterations" error message when Master Password user tries to login with the SSO Alternate Master Password login screen.

• VAUL-4491: Unable to login on Chromium Edge from Extension in Microsoft Store version.

• VAUL-4494: Occasional failure to process Admin Approval for device approval step.

• VAUL-4265: Pressing "Enter" key while entering text in Japanese characters had unexpected results.

• KDE-941: Unexpected Logout occurring even if "Stay Logged In" enabled.

Improvements

• VAUL-5653: Force auto-update all users to 1,000,000 PBKDF2 iterations

• VAUL-5655: Switch transmission key from RSA to EC

Bug Fixes

• KDE-1333: LastPass import missed some custom fields such as SSH keys

Bug Fixes

• VAUL-4643: Login hangs when a user converts from Master Password to SSO Cloud login.

• VAUL-4644: Record "info" screen sometimes does not return the user information in Last Modified date.

Bug Fixes

• KDE-1313: LastPass automated import hanging on some accounts

• KDE-1319: Safari import hanging on macOS Ventura

Bug Fixes

• KDE-1317: Debian package compatibility issues

• KDE-1318: RPM package compatibility with CentOS7

Bug Fixes

• VAUL-4487: Users who created their account prior to several years ago, who are part of an Enterprise without a Master Password policy, with a Master Password that is less than 10 characters, are being prompted to change their Master Password upon logging into the vault. However, the resulting flow is not enforcing the 10-character minimum, so the user may enter into a confusing loop. This issue is being fixed EOB today.

Improvements

• KDE-940: Removed legacy PBKDF2 Iteration settings

• KDE-939: "Stay Logged In" setting now appears on the Keeper Desktop application.

Benefits & Enhancements

• Support Email Address Change - Enterprise (SSO) users now have the ability to change their email address from their Vault (if role enforcement policies allow).

Bug Fixes

• Fixed: The "record_open" ARAM event sends duplicate requests to the server when users are opening a record.

• Fixed: Users are prompted for 2FA Keeper Push approval twice.

• Fixed: First time login to the web vault from the browser extension fails in Firefox browsers.

New Features

• New "Shared Records Report" added to the Export screen: https://docs.keeper.io/user-guides/export-and-reports/shared-records-report

Bug Fixes

• Operations that required re-authentication (e.g. export, reset master password, etc) were not accepting the password, if the session was resumed from a page reload or "Stay Logged In". This has been resolved.

Bug Fixes

• Fixed: The Web Vault logs out ahead of the browser extension and generates error messages

• Fixed: Shared folder permissions changes do not automatically appear for users in detail view as expected.

Improvements

• Set new default PBKDF2 iterations to 1,000,000 rounds

Bug Fixes

• REL-3160: Import instructions for Avast are missing

Description

A presentation at Black Hat EU 2023 discussed credential stealing on mobile password managers. Keeper was listed as an impacted application. Keeper has safeguards in place to protect against this issue as described below.

Keeper's Response

On May 31, 2022, Keeper received a report from the researcher about a potential vulnerability. We requested a video from the researcher to demonstrate the reported issue. Based upon our analysis, we determined the researcher had first installed a malicious application and subsequently, accepted a prompt by Keeper to force the association of the malicious application to a Keeper password record.

Keeper has safeguards in place to protect users against automatically filling credentials into an untrusted application or a site that was not explicitly authorized by the user. On the Android platform, Keeper prompts the user when attempting to autofill credentials into an Android application or website. The user is asked to confirm the association of the application to the Keeper password record prior to filling any information. On June 29, we informed the researcher of this information and also recommended that he submit his report to Google since it is specifically related to the Android platform.

Generally, a malicious Android application would first need to be submitted to Google Play Store, reviewed by Google and subsequently, approved for publication to the Google Play Store. The user would then need to install the malicious application from Google Play and transact with the application. Alternatively, the user would need to override important security settings on their device in order to sideload a malicious application.

Keeper always recommends that individuals be cautious and vigilant about the applications they install and should only install published Android applications from trusted app stores such as the Google Play Store.

Resources

A screenshot of Keeper's protection in place is displayed below. A user is prompted to trust the application from retrieving and filling the specified credentials. This security feature has been in place for several years and no additional updates are required.

This simple Android app demonstration can be viewed on Keeper's public Github repo:

To learn more about how to keep your smartphone safe, please visit:

If you have any questions, please email us at [email protected].

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2023-36266

Description

A researcher filed a CVE (CVE-2023-36266) in regards to the scanning of local memory when using Keeper Desktop and browser extension software.

Impact to Keeper

We have disputed this CVE. Keeper performs quarterly pen testing with 3rd party experts including , and independent security researchers against all of our products and systems. Keeper has also partnered with to manage its vulnerability disclosure and bug bounty programs. As part of our testing, we explicitly test the storage of secrets in memory while our applications are in use, and when logged out. Keeper removes all decrypted vault data from memory upon logout and provides settings to also wipe memory and restart the app upon vault auto-lock. This functionality has been verified by our pen testers and the test results are available for customer review.

As with any software product, if an attacker controls the local computer, the attacker can perform any action the user or an application could perform. In the case of a password manager, if an attacker can read arbitrary memory, then an attacker can read decrypted contents of the password manager while the application is in use. This applies to any password management product. Security researchers understand that a fully compromised device scenario has severe implications for the user.

Keeper has multiple security mechanisms in-place to defend against compromised end-user devices. Keeper client software only decrypts the user's vault upon successful login, and only stores decrypted values during use in volatile memory. When a user is logged out or timed-out, decrypted values are removed from memory. In addition, the Keeper desktop application provides a setting in the "Security" screen which forces a full application restart upon auto-logout, to ensure that data is cleared upon locking. In the case of a web browser such as Chrome, Keeper requests the clearing of memory after logout, however the memory management of the underlying browser is outside of Keeper’s control and can sometimes take time for the memory management system to complete this operation.

With all end-user software, it's important to ensure that users reduce the risk of a compromised device by following security best practices, keeping all software up-to-date and installing adequate antivirus / malware protection software.

Keeper has stood by its commitment to protect your most valuable data for more than a decade, through our best-in-class Zero-Knowledge and Zero-Trust security model and transparent approach to sharing it with the public. For information regarding Keeper's security and encryption model, please visit:

If you have any questions, please email us at [email protected].

Enterprise Guide

The full Enterprise Guide is located here. For information about deploying Keeper to your end-users click here.

License Expiration and Renewal

Visit our checkout page:

Credit Card Removal

For security reasons, enterprise credit card changes are handled by our team. Please reach out to your Account Manager or to update your payment method.

Users Not Receiving Email Invites

Keeper will automatically suppress email delivery to an email address that has bounced. This typically occurs if you set up someone's Keeper account before their email inbox exists. If you are experiencing this, please and we'll remove the email from our suppression list.

Transfer Account Error

To initiate an , the user must have accepted the "Transfer Account" popup within the app. This consent cannot be bypassed or enabled remotely; the user must have accepted the prompt before the transfer process can begin.

Additionally, you must be assigned to a role with the specific permissions required to transfer users within that individual's current role.

If encountering an error message during account transfer attempts, consider the following steps:

• If the User Is Present in the Enterprise: Ensure the user logs in and accepts the transfer account agreement before proceeding with the transfer.

• SSO-enabled Enterprises: Change the user's password in the identity provider to log in and accept the transfer account feature pop-up or export data.

Contact Us

If you need help, please in our ServiceNow system.

If you need to speak to our support team, simply make the request and we will schedule it during enterprise hours. Please be patient as we coordinate the call.

Emergency Support

If you are an enterprise customer having an emergency and need urgent support, use our . On the support form, select the option "This is an emergency, outage, or other time-sensitive issue which requires immediate assistance".

Feature Requests

We love hearing from Enterprise customers. Send your feature requests to: [email protected].

Join our Slack Workspace

to post questions, feedback or receive new beta versions.

Enhancements

• VAUL-6349: Updated the Security Audit tab in Vault to ensure the overall Security Audit score matches the per-user score in the Admin Console, reducing confusion.

Other Updates

• KDE-1534: Updated new installs to default to the native browser for SSO authentication instead of the app browser.

• VAUL-7176: Fixed an issue where setting up a hardware security key required extra steps; the Vault now prioritizes it using the “hints” syntax.

• VAUL-7262: PAM Updated router calls to use the /api/user path for commands.

Bug Fixes

• KDE-1607, 1606, 1608, and 1619: The SSH Agent will scan General typed records for private key file attachments

• KDE-1611: Fixed an issue where selecting Two-Factor Authentication triggered the Offline Access dialog.

• VAUL-7094: Fixed an issue preventing master password login when session resumption and 2FA were enabled

Enhancements:

• VAUL-6715: Improved KeeperFill Installation Prompt: The installation prompt for KeeperFill has been enhanced to offer a better user experience.

• VAUL-6716, VAUL-6789: Enhanced Import Functionality: When importing data from Keepass KDBX files, TOTP fields will now be correctly recognized and imported as Keeper TOTP fields, ensuring better accuracy and usability.

• VAUL-6748: Password Complexity and Generation: Password complexity rules can now be applied independently without generating a new password, offering more flexibility in managing your passwords.

• VAUL-6792: Better Folder Selection: We've improved the folder location selection in the new shared folder modal for a more intuitive experience.

• VAUL-4959: Updated Referral Program: Our referral program has been enhanced with updated incentives to encourage more users to invite friends.

• VAUL-6807: Password Policy Enforcement: The minimum password length is now set to 8 characters, with a maximum of 99 characters. Client applications will enforce this minimum length but allow users to increase it through their settings.

• VAUL-6798: Feature Promotion: New features such as RBI and KSM are now more visible to users for better awareness.

Bug Fixes:

• VAUL-6788: UID Generation: We've updated the UID generation logic to prevent creating UIDs that start with a dash.

• VAUL-6746: Firefox Compatibility: Fixed an error occurring in Firefox related to unsupported table versions.

• VAUL-6805: Privacy Screen: Resolved an issue where the privacy screen disabled URL edits for non-enforced URLs in shared records.

New Features

• VAUL-5652: Recovery Phrase. We have upgraded our account recovery process with a new and more secure 24-word “recovery phrase” feature. Read more on the Keeper Blog.

• VAUL-5867: Support for TOTP seeds in CSV import method

• VAUL-5177: Import from Thycotic Secret Server / Delinea

Bug Fixes

• KDE-1364: Crash when double-clicking the Touch ID icon

• KDE-1365: Entering an incorrectly formatted username in SSO Connect on an ASDF Domain causes a crash

NIST Link

https://nvd.nist.gov/vuln/detail/CVE-2022-21449

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical).

Impact to Keeper

Keeper Security may be impacted by this vulnerability in the Desktop App since we use the Electron framework. As a precaution, we immediately updated to Electron framework version to v22.3.24 and published .

If you have any questions, please email us at [email protected].

Features & Improvements

• VAUL-5035: Ability to convert "general" to new Record Types

• VAUL-4879: Role enforcement to activate Stay Logged In

• VAUL-4893: Role enforcement to enable Self Destruct

• VAUL-5201: Improved performance of uploads and downloads

Bug Fixes

• VAUL-5187: QR Code upload fails for certain formats

• VAUL-5202: MyKi and 1Password TOTP record imports are not autofilling*

  (*) To resolve existing records, run the verify-records command in .

KeeperPAM is now available for all customers. Keeper Vault 17.1 and newer is required to access the new privileged access management features.

For more information on KeeperPAM, visit the following:

New Features

• - manage all rotations directly from the Vault UI

• - instantly and securely access assets within their target infrastructure

• - use native apps for establishing remote access

Improvements

• Browser tab now shows username: "Keeper® Vault - [email protected]"

Improvements

• KDE-1150: Support for CCH Axcess native app autofill

• VAUL-4991: Changed Software License Number to a hidden field

Bug Fixes

• KDE-1157: Improved support for Azure Conditional Access

• KDE-1156: Remove use of legacy windows registry key which generates a report in Cybereason

• VAUL-5036: Restore of Record Type records

Improvements

• VAUL-4589: Support for Avast password import

Bug Fixes

• KDE-991: KFFA allows for special characters during hotkeys setup

• KDE-993: Defined hotkeys are still active when the Vault window is closed

• KDE-994: Keeper Desktop app fails to install on Windows 10 20H2

New Features & Improvements

• Expansion to AU Data Center - Keeper now supports an AU data center. Users have the option to select "AU" from the region selector at login for Keeper Desktop App.

Bug Fixes

• KDE-1043: Horizontal scrollbar appears in record details

Enhancements

• VAUL-6966: Updated the vault login screen animations to stop after 30 seconds

Description

Keeper Security is aware of the , where cybercriminals accessed client files through its support system. As part of its support process and system, Okta’s customers upload HTTP Archive (HAR) files which contain sensitive information from the user's web browser. This information included session tokens that were used to impersonate several Okta customers.

Security Updates

Keeper Desktop version 17.2 includes the installation and activation of Keeper Forcefield. Keeper Forcefield is an advanced endpoint security product for Windows that protects sensitive applications and processes from unauthorized access. It is specifically designed to defend against threats such as memory scraping and credential harvesting from malicious software installed via phishing or other attacks.

More info:

Bug Fixes

• VAUL-5551: Extension not auto-logged in if installed while Web Vault currently logged in

Accessibility (508 Compliance)

• Keeper has been making UI changes across all web-applications and browser extensions to comply with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d). The Keeper Web Vault and Desktop App now supports keyboard navigation and they are compatible with popular screen readers and other assistive technology.

Bug Fixes

• VAUL-5024: Record Type records not syncing after activating Record Types

New Features and Improvements

• VAUL-4710: Secrets Manager user interface is now generally available on the Keeper Web Vault and Desktop App. For more information about Keeper Secrets Manager, see:

This is a bug fix release that mainly focuses on the new Record Types feature (still in beta). Therefore most customers are not affected by the bug fixes listed below.

Bug Fixes

• KDE-1077: Logout from KeeperFill for Apps generates an error

Features

• KDE-990: Support for logout timer with more than 1440 minutes

Features

• VAUL-5029: Introducing One-Time Share. See the and for more details.

Enhancements & Benefits

• VAUL-4459: SSO Cloud users are able to auto-login and logout to the vault and browser extension simultaneously.

Security Updates

• KDE-1418: Heap buffer overflow vulnerability in the WebP Codec. Updated Electron framework.

Features & Enhancements

• Login V3 General Availability (GA) More information available here:

Bug Fixes

• KDE-933: Fix for minor UI display issue

• KDE-932: User unable to proceed past 2FA timeout screen and return to login upon clicking "OK" button when prompted

• VAULT-4478: Unable to login with SSO Cloud v15 in these scenarios: (1) Existing vault user, adds v15 extension, logging into the vault doesn't also login to the extension. (2) New vault device and new browser extension device, unable to login to the vault. The "push" screen blinks and hangs.

• VAUL-4482: User receives "You do not have the required privilege to perform this operation." when resetting their Master Password.

• VAUL-4483: User registration emails to create Vault with a Master Password do not work if the browser extension is pre-loaded on the device prior to receiving the invitation.

• VAUL-4484: User logging into the Extension is forced to change Master Password when complexity rules change. However, the Web Vault was not forcing prompt.

• VUL-4479: Account Recovery + Duo Push providing "invalid code" after submitting.

Downloads

Keeper for iOS is available at the Keeper download page.

User Guides

The iOS user guide is with additional info about autofill and passkey setup .

iOS Missing Payment Cards

If your payment cards are missing, go to Keeper > Account tab > Sync > Sync Now.

iOS Stuck on Syncing

If you are seeing syncing stuck on the screen, please check the following:

• Update to the latest version of Keeper on the App Store

• Instead of logging in with biometrics, try to login with your Master Password (clicking "Next")

• After a successful login, visit the settings screen of Keeper and turn OFF/ON the Face ID or Touch ID setting.

Syncing, Updates and Device Approvals

If adding a password on your desktop doesn't automatically sync down your mobile device, ensure that push notifications are enabled.

iOS and Android apps use push notifications for functionality such as:

• Realtime sync

• Device approvals

• Sharing notifications

Please ensure that push notifications for Keeper are enabled on your device (Settings > Notifications > Keeper and enable "Allow Notifications"). Also, "Do Not Disturb" mode will prevent certain notifications from appearing. Device approvals will not be received if you have iOS in Do Not Disturb mode.

Verification Codes Missing on Apple Watch After Update (Keeper v17.4.0):

Following the update to Keeper on iOS version 17.4.0, some users may find that the Verification Code (2FA/OTP) option is no longer visible on their Apple Watch. This happened due to a required update to how the iPhone app and the watch app talk to each other. For those users, this means the link between the two needs to be re-established to get your codes showing again.

How to Fix It:

Use a Backup Code to Log In & Reset your 2FA

1. When logging into your account, choose the option to use a backup code when prompted for your usual verification code.

2. Once you are logged in, navigate to Settings & then Two-Factor Authentication.

3. Find and select the option to Turn Off Two-Factor Authentication.

Don't Have Your Backup Codes?

If you can't find your backup codes, please contact our support team . We are ready to help you get this sorted out.

Other iOS Issues

Having issues on iOS? You may need to simply clear the cache on your device and reset the app settings. But before you do that, please make sure your data is fully available on the Keeper Web Vault or Desktop App.

• On the front door of the Keeper app, tap on "Need Help?" then tap Reset Keeper.

• Launch Keeper and Login to your account.

• You will be asked to approve the device during the login process.

Upload Limits

Keeper supports the following upload limits for the iOS mobile application:

• iOS: Up to 5 GB

Feature Requests

We love hearing from iOS customers. Send your feature requests to: [email protected].

Join our Slack Workspace

to post questions, feedback or receive new beta versions.

Keeper is proud to announce our release of version 16.9.0 of our Web Vault and Desktop App. This new version includes a new design with a user interface refresh along with some new features and bug fixes.

See our blog post for additional details:

New Features

• Keeper Desktop App now supports Import SSO LastPass vaults from Okta SSO and Azure SSO federated accounts

• Advanced Search: Recently viewed records, search filters and more

• Onboarding: New user onboarding has been improved

• UI Refresh: Look and feel of the vault has been improved

• MFA: When signing in with 2FA for the first time, there are now additional options. The Web Vault now offers 12-hour and 24-hour in addition to the previous options (every login, every 30 days, and don’t ask again on this device.)

• Support for Google Authenticator QR code export format

• Security Scores: "Security Data Sync" in the diagnostics menu will refresh your security scores

• Lost Records: Shared records that have been removed from your vault, but are owned by you, can be recovered from the Deleted Items screen. The tab will only show if you have relevant records.

Bug Fixes

• We truncated the view of super long URLs in the record detail screen

Features

• VAUL-5165: Offline Create/Edit Record capability

• VAUL-5181: New UI for login screens

• VAUL-5031: Hundreds of new website logos added

• VAUL-5208: Additional 508 compliance / accessibility updates

• KDE-1253: Enterprise enforcements for Desktop App distribution defaults. This allows the Admin to define the default SSO Domain and Data Center location. Detailed instructions available at this link:

Bug Fixes

• VAUL-5295: CSV Import GUI fixes

• VAUL-5095: Unable to ignore BreachWatch record which has edit rights

• VAUL-5045: BreachWatch can indefinitely alert about a breached record

Improvements

• KDE-1246: Upgrade Electron framework

• KDE-1261: 10x speed improvement on file uploads for large file attachments.

Downloads

Keeper for Android is available at the Keeper download page.

User Guides

The Android user guide is with additional info about autofill and passkey setup .

Syncing Errors

If you are receiving an error on your mobile app, please make sure to update to the latest version. After you update, we recommend performing a Full Sync by clicking on Sync > Sync Now. This tends to resolve any searching or record-related issues.

Syncing, Updates and Device Approvals

If adding a password on your desktop doesn't automatically sync down your Android device, ensure that push notifications are enabled.

Android apps use push notifications for functionality such as:

• Realtime sync

• Device approvals

• Sharing notifications

Please ensure that push notifications are enabled for Keeper from your device's settings menu. Also, "Do Not Disturb" mode will prevent certain notifications from appearing.

Samsung Autofill Selection Not Showing

Some customers are unable to select Keeper from the Samsung provider list when activating KeeperFill.

If Keeper does not show up, please open your device settings and search for "Passwords" then select Keeper under "Passwords, passkeys and autofill".

Other Android Issues

Having issues on iOS or Android? You may need to simply clear the cache on your device and reset the app settings. But before you do that, please make sure your data is fully available on the Keeper Web Vault or Desktop App.

• Go to your device Settings icon, and then tap on the Applications menu. Scroll down until you see the Keeper icon and tap on it. Click on the Clear Data button, and then click OK. The next time you load Keeper, it will be reset to its original settings. Another way is to press-and-hold on the Keeper icon, then open the application info and clear the data.

• Re-install Keeper from Google Play on your device

• Launch Keeper and Login to your account. You will be asked to approve the device during the login process.

Upload Limits

Keeper supports the following upload limits for the Android mobile application:

• Android: Up to 5 GB

Feature Requests

We love hearing from Android customers. Send your feature requests to: [email protected].

Join our Slack Workspace

to post questions, feedback or receive new beta versions.

New Features & Improvements

• Support for Azure Conditional Access on the Keeper Desktop application for users who login with Single Sign On. Previously, Azure Conditional Access policies could not be added to Keeper.

• Increased the number of special characters used in the password generator to this set:

  !@#$%()+;<>=?[]{}^.,

• Support for cookie persistence on the Keeper Desktop application for users who login with Single Sign On. This reduces friction and steps for users who sign in often.

• Support for additional SAML SSO identity providers and elimination of any browser type recognition issues.

• Keeper Desktop now allows users to remain logged into their SSO identity provider. If you choose to remove Single Logout (SLO) from the SSO configuration, the user will not be logged out of their identity provider when they logout from Keeper. For more information about Single Logout configuration see the link below:

• 🇺🇸 Support for the Amazon AWS GovCloud environment. Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at [email protected] for more information.

• Support for the upcoming Compliance Reports feature. The Vault will encrypt appropriate compliance data from records and send it to the Admin Console. There is no change to the end user experience in the Vault.

• Added a Region Selector in login screens and KeeperFill for Apps

• Users on the Web Vault are encouraged to download the Desktop App for performing automated transfer from LastPass.

• Import from Bitwarden now supports TOTP seeds for Two-Factor Authentication.

• Import from Bitwarden now supports multiple URL fields.

Bug Fixes

• VAUL-4848: 1Password import not importing secure notes field

• VAUL-4851: Safari Sierra and High Sierra not importing passwords

• VAUL-4852: Import token invalid in AU region

Improvements

• VAUL-6523: Added pin code generator to "Pin Code" custom field

• VAUL-6595: Improved 508 compliance for "Record Types" default actions

  • Escape key closes "Record Types"

• VAUL-6596: Enhanced 508 compliance for "More Filters" default actions

  • Escape key closes "More Filters"

• VAUL-6597: Fixed issues with 508 compliance regarding possible actions. Dropdown lists out of focus are automatically closed

• VAUL-6648: Updated support information that appears in the vault directing users to:

Bug Fixes

• VAUL-6550: Implemented a modal warning for trials expiring within 24 hours

• VAUL-6747: Removed offensive words from the word list

• VAUL-6613: Updated strength indicator to prevent it from turning green erroneously

Features

• Share Admin Keeper's Share Admin feature is a role-based permission that gives administrators elevated access rights over your organization's shared folders and shared records. Share Admins have full user and record privileges for any shared record that they have access to. See: https://docs.keeper.io/enterprise-guide/share-admin

• MSP to Managed Company Team Sharing Directly share folders to Managed Company teams

• General to Record Type Conversion You can now right-click to change the type of any record, including migration from the legacy "General" record types. Multi-select + right click allows migration of multiple records at once.

• Default Record Permissions Quickly set permissions during the creation of a Shared Folder

• Default Folder Settings moved into the "Settings" tab In addition, you can now apply permission changes recursively and retroactively.

• Shared Folder UI improved visibility Several enhancements to the UI which improve the visibility and management of Shared Folders.

• Team Visibility There is now a "View Team" function in several locations so that you can see who you're sharing to.

• Collapsed View of Records When a folder contains subfolders and records within subfolders, you can now collapse the view, in order to apply changes recursively. Select "Show subfolder records" to collapse the list.

• Retroactively apply permissions When "Show subfolder records" is selected, the Settings tab will display a checkbox called "Apply permissions to all subfolders" which will apply the default folder settings to all existing records within folders and subfolders.

Enhancements

• VAUL-4284: Added numerous updates to KeeperAI threat detection across PAM resources, PAM configuration settings, gateway settings and session history. about KeeperAI for privileged sessions.

• KDE-1639: Published Keeper Desktop to Snap store for Linux. Snapcraft (and Snaps) are used on numerous Linux distributions, including Ubuntu, Debian, Fedora, RHEL, CentOS, AlmaLinux, Rocky Linux, Linux Mint, Manjaro, and openSUSE. Snap link:

• KDE-1738: We've rewritten the entire Hotkey system in the desktop application from the ground up.

  • Addressed several reported inconsistencies between macOS and Windows platforms.

  • Hotkeys can now be further customized with any character or symbol.

• The Password Importer standalone executable for Microsoft Windows has been improved to import passwords stored in Chrome. NOTE: Enterprise customers may need to add an exclusion policy on their EDR platform if Keeper is flagged.

Bug Fixes and Improvements

• VAUL-7455: We fixed an issue where PAM features were displayed even when the user didn’t have the required enforcements.

• VAUL-7612: We fixed an issue where the password generator did not retain the length of the previous password.

• VAUL-7252: We enhanced the search bar accessibility on smaller screens.

Improvements

• VAUL-4547: Support for Kaspersky password import

• VAUL-4552: Admins now receive a warning before removing themselves from a shared folder

• VAUL-4566: Improved performance handling of vaults with large data sets

• VAUL-4551: Enterprise users to receive notification with explanation for Master Password change and complexity requirements upon login

Bug Fixes

• KDE-945: User receives error message after closing Desktop App and relaunching

• KDE-962: "About Keeper" options menu fails to appear after first launch of Desktop App on Windows

• KDE-972: KeeperFill for Apps fails to respond to hotkeys when switching between apps

Features

The 16.11.0 release contains several new features, including , , and .

User Prompted for Device Approval

Device Approvals are a required component of the SSO Connect Cloud platform. Approvals can be performed by users, admins, or automatically using the .

• Users can approve their additional devices by using a previously approved device. For example, if you are logged into your web vault on your computer already, and logging into your phone app for the first time, you will get a device approval prompt on your web vault with the mobile device's information which you can approve or deny.

When a major release is planned, Keeper publishes a Preview version of the Vault and Desktop app, documented below. The pre-release version is typically published 1 week before public release.

Web Vault Preview

Features

• VAUL-5688: Support for Passkey record fields. Managing passkeys requires browser extension 16.6.0 which was released on Aug 7, 2023. Learn more about passkeys .

New Features and Improvements

• Introducing Record Types for Web Vault & Desktop App (Limited Release) This release introduces a powerful new feature called "Record Types", which gives users the ability to create records of various template types, grouped into categories, each containing a unique collection of field types and functionality fields within the record. Record templates can be created by Admins that are custom to the needs of the business. This feature is only available for Enterprise customers, activated on an individual basis at this time, because the Browser Extension, iOS and Android apps are still under development. If you are interested in being an early adopter of Record Types, please contact your customer success team member at Keeper and we'll activate the feature.

Features and Improvements

• KDE-1111: Native App Filler custom field type for Record Types which provides automated filling of native applications with application title matching, keystroke macros and advanced OCR for recognition of window content for automated record selection. More information about this feature can be found here:

Special Notes

• Password Complexity requirements are checked upon every login, not just during Master Password Reset. If you have a user being asked to change your Master Password, they are likely using a password that does not meet the policy requirements.