Chrome, Edge, Firefox, Safari
Chrome, Firefox, Edge and Safari Extensions share a common codebase and released simultaneously.
Preview Release
Installation of the Preview version of the Keeper browser extension
Keeper maintains a "Preview" channel release of the browser extension. Customers are encouraged to install the preview version which is published 1-2 weeks ahead of full public release.
REMOVE YOUR EXISTING KEEPER EXTENSION BEFORE INSTALLING THE PREVIEW
You should only have ONE extension installed at a time, or conflicts will occur.
Chrome and Edge
Important: Remove your existing Keeper extension before installing the preview.
Step 1. Go to Window > Extensions and remove your existing Keeper extension.
Step 2. Install the Keeper preview extension from this link: https://chrome.google.com/webstore/detail/hlkdkmefjphnecdoiaajhndjmkpkhifo?authuser=1&hl=en
Step 3. Pin the extension to your toolbar
Chrome and Edge customers may stay on the Preview channel indefinitely.
Firefox (ESR, Nightly or Developer Edition)
If you are using the Firefox Developer Edition, the Keeper browser extension can be side-loaded for an indefinite period of time.
Important: Remove your existing Keeper extension before installing the preview.
Step 1. Change security preferences
Firefox Extended Support Release (ESR), Firefox Developer Edition and Nightly versions of Firefox allow you to override the setting to enforce the extension signing requirement, by changing the preference xpinstall.signatures.required to false in the Firefox Configuration Editor (about:config page). To override the language pack signing requirement, you would set the preference extensions.langpacks.signatures.required to false.
Step 2. If you already have Keeper installed, go to Extensions and click on the ellipsis icon next to the Keeper extension and select "Remove"
Step 3. Download the Firefox preview zip file: https://keepersecurity.com/browser_extension/preview/firefox.zip
Step 4. Go to Extensions and click Settings > Install Add-on From File... and select the zip file.
Firefox (Standard Edition)
Important: Remove your existing Keeper extension before installing the preview.
Step 1. Go to Extensions and click on the ellipsis icon next to the keeper extension and select remove
Step 2. Download the Firefox preview zip file: https://keepersecurity.com/browser_extension/preview/firefox.zip
Step 3. Unzip the file in your downloads folder or preferred location
Step 4. Open Firefox > Preferences > Extensions & Themes
Step 5. Click on the Gear icon > Debug Add-ons and select Load Temporary Add-on
Step 6. Select the manifest.json file located in the Firefox folder you downloaded in Step 2
Safari
The Safari extension is now installed directly from the Mac App Store. We also distribute a Test Flight build through Apple which can be installed before the public release.
Important: Remove your existing Keeper extension before installing the preview.
Instructions:
Step 1. Open the below Test Flight link in Safari:
[Sorry, we don't have a Test Flight for Safari available at the moment]
Step 2. Install Test Flight app following the instructions on screen
Step 3. Install the Keeper extension by clicking "Start Testing" following the instructions on screen.
You may need to restart Safari for the changes to take effect. Make sure that there is only one Keeper extension installed.
If you experience any issues with the preview, please email feedback@keepersecurity.com.
Browser Extension Version 17.1.2
Released on May 26, 2025
Overview
This release is focused on bug fixes and security updates.
Security Updates
BE-6376: Low severity bugcrowd report (additional information will be published after release)
Bug Fixes
BE-6428: Fixed an issue related to the poor performance of the search function within a browser extension for large vaults.
BE-6258: Fixed an issue causing the "Stay Logged In" feature to fail on Firefox.
BE-4456: Fixed an issue related to an iframe window that was truncated at the bottom.
BE-5882: Fixed an issue related to the appearance of the save location dropdown list in the Firefox extension.
BE-6135: Fixed an issue where records for twitter.com were not showing as matching records for x.com.
BE-6089: Fixed an issue that prevented users from navigating and highlighting options in the form fill window via the TAB key.
BE-6275: Fixed an issue in the Form Filler feature where the multiple accounts dropdown does not close when the options menu is clicked.
BE-6273: Resolved design issues with "edit" in the Form Filler feature.
BE-6284: Fixed incorrect alignment of the account info modal in the browser extension.
BE-6013: Fixed misaligned field icons in RTL mode for credit card records in the Toolbar Window.
BE-6293: Fixed an issue with the Extension Options Page Strings.
BE-6278: Changed the passkey prompt text for displaying other passkeys.
BE-6126: Fixed an issue where the Browser Extension continues to use an expired session even after recognizing the session has expired.
BE-6327: Fixed an issue related to the password complexity enforcement for all domains
BE-6325: Fixed an issue related to Firefox where record complexity enforcements are not respected in browser extensions.
BE-6292: Fixed an issue where the Web Vault button in the toolbar window does not auto-login the user.
BE-6247: Fixed "CredentialsContainer is not defined" error on HTTP sites.
BE-6365: Ensure the correct order of grouping elements
BE-6301: Ensures the zip code field in the New Record tab is alphanumeric.
BE-6296: Fixed overlapping elements in the FormFill window.
BE-6272: Fixed an issue related to the search input field.
BE-6261: Ensures that only the checkbox is clickable in the password generator.
BE-6235: Fixed an issue that caused the logout timer selector to reset from days to minutes after signing out/in.
BE-6223: Removed a duplicate header in the Password Generator feature.
BE-6207: Fixed an issue where the password history logs the same password twice after the first dice click or when switching between types.
BE-6202: Fixed the absence of a focus outline on the three dots options icon during keyboard navigation.
BE-6201: Fixed an issue with the settings unable to be navigated with the keyboard in landscape mode.
BE-6183: Removed the Keeper lock icon from the Assignee section Jira tickets.
BE-6182: Fixed an issue related to long folder names in the new folder selector.
BE-6164: Fixed an issue where the email address field goes blank when selecting an account in the email list.
BE-6161: Fixed an issue related to the incorrect complexity level of manual passwords in the New Record tab.
BE-6129: Fixed an issue that occurs when the dropdown is left expanded and the window is closed and reopened, causing the form filler to be truncated.
BE-6113: Fixed an issue related to spacing and padding of masked field view icons in landscape mode.
BE-5738: Fixed an issue related to symbol-specific restrictions not functioning in the password generator.
BE-6264: Fixed an issue related to the missing scroll bar in the record pane when in landscape mode.
BE-6412: Fixed an issue where the "Add to Keeper" option was not appearing on reddit.com.
BE-6416: Resolved a performance problem with Firefox on AWS.
BE-6331: Fixed an issue where the autofill prompt does not appear for new records created from the extension tab.
BE-6329: Implemented the Pin Generator in the Extension Tab.
BE-6382: Fixed an issue where the revert password screen appears at the incorrect step in the change password workflow.
BE-6409: Fixed an issue where the password change flow does not proceed to save after the "Fill New PW" screen.
BE-6435: Fixed an issue where the fill prompt flickers from the top-left before positioning to the top-right on page load.
BE- 6334: Various autofill site fixes.
BE-5485: Fixed an issue where the passkey prompt is dismissed by the form fill modal when entering a login page.
BE-5497: Fixed an issue where a the "Save Password" prompt incorrectly appeared in PayPal Business after login.
BE-5501: Fixed an issue related to the reappearance of a record's options menu after a specific time and action.
BE-6378: Fixed an issue caused by an internal value,
hasGreeted, preventing prompts from appearing.BE-6373: Fixed an issue in the password change flow where the password was not updating as expected.
BE-6379: Fixed an issue where clicking on a pre-saved email does not populate in the input field.
BE-6366: Fixed an issue related to the incorrect styling of the masked password on the new password prompt.
BE-6283: Fixed an issue where data from a previously created record is retained after clicking on "Create Record."
BE-5321: Fixed an issue where the "Copy" tooltip persists after being clicked in the record's extension toolbar detailed view.
BE-5304: Ensures "No Results" is displayed when searches yield no records.
BE-5294: Fixed an issue where record details were not updated immediately after changes were made in the toolbar window.
BE-5269: Fixed an issue where users are prompted to change their password when logging into powells.com.
BE-6361: Fixed an issue where a confirmation modal flashes briefly in landscape mode.
BE-5263: Fixed an issue where copy icons do not fit within the edit screen while editing a payment card from the extension toolbar.
BE-5024: Fixed an issue where right click to create a record does not function on specific sites.
BE-6348: Fixed an issue where the URL populates in the suggested record Title field.
BE-6406: Fixed an issue where local storage retrieval sometimes fails in browser extensions.
BE-6417: Fixed an issue where the password generator does not comply with default settings.
BE-6374: Fixed an issue with missing login elements.
BE-6418: Fixed an issue with payment cards with custom fields not filling as expected on Amazon.
BE-6413: Fixed an issue causing the website URL to be erased when toggling the trim URL option.
BE-6409: Fixed an issue related to the password change flow does not proceed to save after the "Fill New Password" screen.
BE-6404: Fixed an issue related to Enter key not functioning on certain options in the Form Fill window.
BE-6424: Fixed an issue related to the "Error Occurred" message appearing when choosing Password Suggestions.
BE-6425: Fixed an issue related to password character slider and character quantity remaining unchanged after selecting "Use as default."
BE-6426: Fixed an issue related to the missing slide-in animation of the Form Filler on page load.
BE-6427: Fixed an issue in landscape mode where the scroll bar was not functioning properly.
BE-6445: Fixed an issue related to the timing it takes for the Keeper lock icon taking a full second to open once clicked.
Other Improvements
When adding a new record from the extension tab, only the domain will populate within the "Title" field. Previously, Keeper would fill the entire URL if the title of the originating website was missing.
The name of the "Password Generator History" screen has been changed to "Generator History". For simplification and consistency, both the password and pin generator history screens throughout the Keeper platform will share the same "Generator History" name.
Browser Extension Version 17.1
Released on April 15, 2025
Overview
The Browser Extension 17.1.0 release introduces new advanced record settings—Overwrite Field Content and Autofill on Subsequent Pages—to give users more control over how and when fields autofill on websites. It also adds support for displaying various Privileged Access Management (PAM) record types like Remote Browser, Directory, and Database. A new Snapshot Tool enables users to quickly report autofill issues by securely sharing a preview of the page’s structure (excluding any credentials or confidential info), helping Keeper’s team resolve issues faster and improve autofill accuracy through machine learning.
Improvements
Advanced Record Settings
We’ve added two new Advanced Record settings for individual records tailored to certain autofill use cases.
Overwrite Field Content lets users control whether a record’s Custom Fields can autofill into fields on a webpage that are already populated. Previously, Custom Field content wouldn't autofill into an already-populated field.
Autofill on Subsequent Pages lets users prevent Keeper from attempting to autofill any given site on multiple pages in a row. Turning this off can help prevent accidental “false positive” autofill scenarios, where Keeper autofills on a page you don’t want it to.
To access the Advanced Settings, select the record overflow menu:
Support for PAM Record Types
We've added compatibility to display various types of PAM (Privileged Access Management) record types, including Remote Browser, Directory, Database, Machine, and User record types. To learn more about PAM, click here.
Snapshot Tool for Fast Autofill Fixes
From time to time, users let us know that autofill is not functioning as expected on certain websites. With this release, we are drastically increasing the speed at which we can resolve these issues while also training Keeper's Machine Learning models to safeguard autofill accuracy across the web.
We've introduced a Snapshot Tool in the Keeper Browser Extension that greatly simplifies the process of fixing autofill issues on customer-owned websites or internal tools that were previously difficult for our engineers to access. By submitting a snapshot to our team, we can turn around site-specific autofill improvements in a matter of minutes.
Activating
To access the Snapshot Tool, you must first enable it in the KeeperFill Extension settings located in your browser's Extensions Menu. From Chrome, open Windows > Extensions then click on "Extension Options".
Submitting Snapshots
Once enabled, the Snapshot Tool will appear in the browser extension in the main menu.
When you are having trouble with a website login page, click on "Take Snapshot" and follow the instructions provided.
Click on "Take Snapshot" to take a picture of the browser screen.
Then select "Preview" to review exactly what data is going to be sent to Keeper.
The "Page Info" and "JSON Code Snippet" in the preview window describes exactly what information will be sent to Keeper's engineering team. Make sure that there is no confidential information provided, then click on "Share Snapshot".
Keeper will NOT send credentials or confidential information. We only send the screenshot and HTML page structure exactly as displayed in the preview window.
Bug Fixes
BE-4557: Fixed an issue where users are not prompted to update vault records on specific sites.
BE-4818: Fixed an issue that prevented users from logging in to the extension after their Mac woke from sleep mode when using Firefox browser, regardless of whether the 'Remember History' setting was enabled.
BE-5645: Fixed an issue related to the hover color of the Share button.
BE-5755: Fixed an issue where Firefox's scroll bar appears inconsistent with those in Chrome and Safari.
BE-5762: Fixed an issue that prevents scrolling on the login screen, cutting off the region selection when a client update error message appears.
BE-5775: Fixed an issue where the password creation window fails to generate a password on the initial pop-up.
BE-5783: Fixed an issue where removing the same email from multiple accounts does not clear the login input field.
BE-5797: Fixed an issue related to the Form Filler Toolbar's expanded state being stored after closing the Form Filler.
BE-5834: Fixed an issue where deleting a Hulu record from the web vault does not update on the backend and remains in suggested records.
BE-5838: Fixed an issue where the toggles for Auto Fill and Auto Submit appear too close to each other when displayed in German.
BE-5861: This issue outlines a task to implement a v2 Address field in the "Add Payment Card" page and its associated flow for adding an address.
BE-5874: Fixed an issue related to the color mismatch of placeholder text in Firefox.
BE-5884: Adjusted the right side padding for multiple records selector in FormFill to match the left side padding.
BE-5903: Fixed an issue that addresses site fixes for version 17.1.
BE-5904: Fixed an issue where re-authentication policy is not enforced for a user in a specific role when editing a record.
BE-5921: Fixed an issue where a hidden custom field is shown unmasked in the context menu.
BE-5930: Fixed an issue related to the alignment of email addresses in account information.
BE-5937: Fixed an issue related to the alignment of email addresses in account information.
BE-5939: Fixed an issue where the password strength label does not change to "Weak" when a password contains two or more of the same letter or digit.
BE-5941: Fixed an issue related to text formatting problems in the labels of a new tab.
BE-5944: Fixed an issue where the hover state in the Sort/Filter menu overlaps with the focus state.
BE-5960: Fixed an issue related to the form filler menu functionality.
BE-5972: Security Audit data updates fail for some events/conditions.
BE-5994: Fixed an issue related to re-authentication enforcement for viewing and editing payment cards in the Form Filler.
BE-5996: Fixed an issue where the PIN Generator character length slider incorrectly uses password complexity rules for minimum characters.
BE-6009: Fixed an issue related to the missing master password re-entry check for credit cards on edit pages.
BE-6011: Fixed an issue where edit mode in Landscape is not self-dismissed when switching to a different record.
BE-6012: Fixed an issue where the dropdown arrow overlaps the "X" button in the Address Field of the Toolbar Window.
BE-6014: Fixed an issue related to long text not being truncated in the Address Field within the Form Filler and Toolbar Window.
BE-6019: Fixed an issue related to the two-factor authentication feature. When unmasked, the two-factor authentication reverts to masked after scrolling out of view.
BE-6026: Fixed an issue where the keyboard navigation flow was not functioning as per design in the Landscape Mode project.
BE-6032: Fixed an issue related to the tooltip text for masking/unmasking TOTP codes.
BE-6039: Fixed an issue related to the Form Filler not displaying notes as a record's field.
BE-6045: Fixed an issue where field icons still appear upon logout despite enabling a setting to hide them.
BE-6048: Fixed an issue related to the 2FA duration selector for "Every Login" being detached from the input field.
BE-6049: Fixed an issue related to incorrect color display in dark mode for password and complexity.
BE-6050: Fixed an issue where the BE toolbar was not opening a deep link share in Vault.
BE-6058: Fixed an issue where the tooltip remains visible after a user unmasks and re-masks a password on the record view.
BE-6066: Fixed an issue related to the incorrect color of the permissions message in Dark Mode.
BE-6067: Fixed an issue in Safari 18 where the New Record tab does not open via the context menu.
BE-6068: Fixed an issue related to the inaccessibility of drop-downs through the Tab key in the "New Record" Tab.
BE-6071: Fixed an issue where the account dropdown does not self-dismiss after clicking on the Data Center selection.
BE-6075: Fixed an issue related to TOTP code generation.
BE-6082: Fixed an issue related to the missing lower border in the "New Record" tab.
BE-6083: Fixed an issue where the extension tab shows whitespace at the bottom if the window is scrollable.
BE-6086: Fixed an issue with Firefox where white space appears on the right after opening the toolbar window on certain screens.
BE-6092: Fixed an issue where "test label" appears incorrectly as a label for the Cardholder Name field in FormFill.
BE-6109: Dice does not spin upon entering "Create a Record".
BE-6114: Fixed an issue where the form filler contents do not fit into the container.
BE-6115: Fixed an issue related to the country dropdown in Landscape and Dark Mode.
BE-6117: Fixed an issue related to the option menu design in the Record Details view within the Toolbar Window.
BE-6122: Fixed an issue related to the logout timer dropdown not matching the design specifications.
BE-6123: Fixed an issue related to the folder selector overflowing in the toolbar window when in landscape mode.
BE-6124: Fixed an issue related to the password generator UI in the Form Filler.
BE-6130: Fixed an issue where unchecking the only allowable special character in the password generator causes the extension tab and browser to freeze, and the backend to log out.
BE-6132: Fixed an issue related to the highlighting of titles/emails in dark mode during passkey creation.
BE-6133: [Safari] Error dialog includes extremely long URLs and runs off the dialog area.
BE-6134: Fixed an issue where the "Create record" button in Safari is occasionally not clickable.
BE-6136: Fixed an issue related to the spacing and padding when generating and using/copying a PIN.
BE-6137: Fixed an issue where the password in the Password Suggestion feature does not carry over to the Extension Tab.
BE-6140: Fixed an issue related to the Chase.com login page where locks inconsistently appear and disappear and are not clickable.
BE-6150: Fixed an issue related to UI mismatches for enterprise users, specifically concerning the TOTP eye icon and 2FA duration selector.
BE-6151: Fixed an issue where generating a PIN in landscape mode incorrectly launches a password generator.
BE-6154: Fixed an issue where the extension shows a blank screen after saving a record when local storage is cleared.
BE-6155: Fixed an issue related to a flickering problem when editing or saving forms using the Form Filler in Firefox
BE-6158: Fixed an issue related to an extension interrupting CSS on Firefox for the website reelgood.com.
BE-6168: Add advanced record-level behaviors (New Record Detail Settings)
BE-6169: Fixed an issue that resolve passkey sign-in bugs on Google.
BE-6171: Fixed an issue related to the logout spinner's appearance.
BE-6175: Fixed an issue related to an error during passkey creation for Coinbase Wallet.
BE-6180: Fixed an issue where a cached empty home page view overlaps the BE view after record editing and navigating to a matching URL.
BE-6181: Fixed an issue where cached details from a previous record are incorrectly pre-populated when creating a new record.
BE-6185: Fixed an issue related to the visibility of a masked custom field in Firefox.
BE-6188: Fixed an issue where the cursor moves to the end of a text field whenever a user types.
BE-6190: Fixinator Pentest: Autofill patch fills password in wrong field.
BE-6191: Fixinator Pentest: No Integrity Check.
BE-6194: This issue outlines a task to investigate Reddit's custom HTML and shadow-root elements.
BE-6195: Fixed an issue related to intermittent "chunkloaderror" occurrences.
BE-6212: Fixed an issue related to credentials not being carried over when launching "Add New Record" from the record prompt.
BE-6225: Fixed an issue where record details persist even if the user cancels record creation.
BE-6233: Fixed an issue in the Databricks Okta OAuth2 flow where the passkey prompt fails on the first load.
BE-6239: Fixed an issue where "show more/less" in the password generator isn't clickable.
BE-6240: Fixed an issue where the Device Approval prompt is misaligned.
BE-6241: Fixed an issue where the Master Password title appears incorrectly on the Device Approval screen.
BE-6242: Fixed an issue related to secure login not working on a fresh install and account switch in version 17.1.
BE-6243: Fixed an issue related to an extra underline appearing when filtering TOTP.
BE-6244: Fixed an issue related to the passkey prompt design in version 17.1.
BE-6245: Fixed an issue where the "Prompt location" submenu elements are cut off in the 17.1 settings.
BE-6246: Fixed an issue where DUO 2FA is triggered unexpectedly when hitting "Enter" in a text field.
BE-6248: Fixed an issue related to a crash occurring when editing and saving a record.
BE-6249: Fixed an issue causing screen UI distortion, affecting the user experience.
BE-6250: Fresh install and login with SSO causes UI CSS loading issue.
BE-6251: Fixed an issue related to the misalignment of the logout timer dropdown arrow.
BE-6252: Fixed an issue where Chrome BE crashes on SSO accounts after editing and saving a record, then switching to Landscape Mode.
BE-6253: Fixed an issue related to the inaccessibility of the version number within the settings.
BE-6255: Fixed an issue where the BE application crashes in Chrome Canary after switching to Landscape Mode.
BE-6256: Fixed an issue related to the appearance of a black border around the "Create Record" button.
BE-6259: Fixed an issue related to the filtering of TOTP where the eye icon is missing or incorrectly positioned.
BE-6260: Fixed an issue where hitting the Enter/Return key in the master password entry screen is incorrectly counted as a character entry.
BE-6265: Fixed an issue related to the favicon of a record in focus being squeezed in the 17.1 Form Filler.
BE-6266: Fixed an issue where hitting "Enter" in the search field triggers the filter dropdown.
BE-6267: Fixed an issue related to padding issues with toggle switches in the extension tab when displayed in different languages.
BE-6268: Fixed an issue where the password generator's lower section is cut off for enterprise users on domains with privacy screens enabled.
BE-6270: Fixed an issue where text in the settings is misaligned.
BE-6271: Fixed an issue where users can save a record without a title in the "Create a Record" feature.
BE-6276: Fixed an issue related to the MP re-entry not being enforced for credit cards when copying card fields.
BE-6281: Fixed an issue where a blank screen appears after editing the login field in landscape mode and switching to portrait mode.
BE-6282: Fixed an issue where the options menu can't be dismissed by the user.
BE-6288: Fixed an issue where the "Enter/Return" key is not functioning in the updated Re-Authentication Alert.
BE-6289: This issue addresses a bug related to icons being cut off when editing credit cards records in Landscape Mode.
BE-6290: Fixed an issue where the SSO Connect tab does not auto-close after successful 2FA verification, device approval, or onboarding.
BE-6300: Fixed an issue related to the Crowdstrike activation field in a software application. The application crashes when a URL is pasted in the website address field in landscape mode on Chrome.
BE-6307: Fixed an issue related to the inability to select options from a location dropdown. The bug prevents users from selecting options in the location dropdown.
BE-6308: Fixed an issue related to the TOTP code animation in the Form Filler feature.
BE-6309: Fixed an issue related to UI distortion in the SSO connect feature.
BE-6310: New Record UI distorted.
BE-6311: Fixed an issue where a blank screen causes the extension to crash.
BE-6314: Fixed an issue related to the favicon retrieval throwing an error.
BE-6317: Fixed an issue related to autofilling on the Advent Health site.
BE-6318: Fixed an issue related to the "Create a Record" dialog blinking on the first click.
BE-6319: Fixed an issue that addresses CSS problems for right-to-left, non-English languages in version 17.1.
BE-6323: Fixed an issue related to keyboard accessibility not working for certain elements/screens.
BE-6333: Fixed an issue related to opening a new window when subdomain matching is enabled and the subdomain doesn't match.
BE-6340: Create new record : cached previous record details are pre-populated for new record.
BE-6341: Trim URL Tooltip issue.
BE-6345: Screen area around Trim URL checkbox is clickable.
BE-6346: Spaces in Title field are replaced with "+" creating Record in Ext tab.
BE-6347: Cannot Continue Login After Requesting Admin Approval.
BE-6352: Using Wrong Key in createSecurityDataPayload.
BE-6354: PW generator: can't deselect/uncheck special symbols on unregulated accounts.
BE-6356: ECC-only env: records_add/records_update does not save security data.
BE-6357: Trim URL - Checkbox Not Responding to First Click.
BE-6362: Missing security Data Alert for enterprise user when trying to save a record with empty password field.
BE-6363: PIN generator for cards in EDIT mode issues.
BE-6384: Pentest - Customer snapshot page info includes private customer data
Browser Extension Version 17.0.1
Released on March 2025
This hotfix release resolved an issue involving new account creation via SSO.
Browser Extension Version 17.0
Released on February 9, 2025
This release includes security updates and changes to the extension's ReadMe documentation on certain browsers.
Browser Extension Version 16.11.0
Released on October 10, 2024
This release brings major new features, including a new Landscape Mode and Passphrase Generator, as well as significant improvements to the existing Password Generator.
We've added quality of life features, including a Shortcut to your Web Vault, more intuitive Browser Extension settings, and much, much more.
Read on to see what's changing in Version 16.11.
Primary Improvements
Landscape Mode
You can now expand your Browser Extension's window so that you can view record details and your list of records at the same time.
You can easily flip between Landscape Mode and Portrait Mode using a new button on your toolbar.
New Passphrase Generator
You can now generate a Passphrase via the new Password Generator.
Use the Type dropdown in the Generator to switch between a Password or Passphrase.
Choose how many words you want included in your Passphrase, from 5 words to 20.
You can choose whether you want to include Capitalization and/or a number in your passphrase.
You can choose between several word separators, including commas, periods, and blank spaces.
Upgraded Password Generator
You can now toggle which symbols will be used in your Generated Password. This makes matching site-specific password requirements easier. Previously, the Generator only let you turn symbols On or Off entirely.
You can now choose to include or exclude both Lowercase & Uppercase letters. Previously, you could only choose whether letters in general were included or excluded.
We've made slight upgrades to the user interface of the Password Generator as well.
Setting Default Generator Preferences
With all of this new customizability, we wanted to remind you that you can set default preferences for generated Passwords and Passphrases so that any you generate in the future will follow the same rules. Click the "Use as Default Settings" checkbox before saving your generated content to save these preferences in the future.
Please note that these defaults do not currently sync across platforms (i.e. Vault, Desktop, Mobile) or devices (i.e. personal computer, employer's computer, mobile devices).
Vault Shortcut
You can now quickly access your Vault by clicking the Keeper icon on the top left of your Toolbar Window. (You can still access your Vault via the Settings menu, but we've added this shortcut to save you a step.)
Clearer Browser Extension Settings
We've updated the names & descriptions of the majority of Browser Extension's settings to make it clear what they do, how to use them, and why you may want to.
Trial Banner
We built a banner that shows users how many days they have left on their trial, and provides them with an easy way for them to purchase a Keeper license if they so choose.
Minor Improvements
Inactivity Logout Timer Updates
We made this feature more understandable & easier to use by letting you set your logout timer by a matter of Hours and Days instead of Minutes. We've also created error messages making it clear when you exceed the maximum values set by Keeper or your administrator.
Extension Tab Usability Improvements
We made two changes that help avoid the need to scroll inside of tiny windows wherever possible:
If your monitor has vertical space to spare, the Extension Tab's editable modal will expand in length to fill that space (so you don't have to scroll through an unnecessarily tiny window).
When selecting the Location (Folder) a record should be created in, we increased the length Folder Selector dropdown to make it easier to find and select the right location for your record.
Screen Reader Compatibility
We improved the user experience for visually impaired users by simplifying & clarifying the content that screen reader software will read out when using the Browser Extension.
We also fixed an issue with a few readouts when using Keeper in certain languages.
Change Default Appearance Setting
We made it so the default appearance of Browser Extension (dark mode vs. light mode) will match your operating system's settings by default, where possible. In other words, if your computer is in Dark Mode then your Keeper Extension will be in Dark Mode upon installation as well.
Set Default Tab-to-Icon Setting to "Off"
We made Tab navigation work as users would generally expect it to: hit Tab to move from the Username field of a website to the Password field, for example.
We did this by turning off Accessibility setting for all existing users and making "off" the default for all new users. You can change this setting at any time via Browser Extension Settings > Accessibility.
For more context, this setting causes the Tab key to focus on the Keeper Field Icon, rather than moving your computer's focus to the next available web element. In other words, if you're used to pressing Tab to navigate from a Username field to a Password field, this setting may throw you off by requiring you to press Tab twice to do the same thing. Now, Tab functions as most users expect it to, but users can easily change this setting to meet their keyboard accessibility needs or preferences.
Deletion during Master Password Entry
On login screen, you can now use Command/Ctrl+Del to erase the entire contents of the Master Password prompt field.
Optimized Filter List
We made it so the list you use to Filter records only shows Record Types for which you have one or more records. In other words, if you don't have records with Type = Drivers License, SSH Keys, Health Insurance, etc. - we won't clutter your Filter list by showing those as options.
However, if you create a record with one of those types then that type will begin to show as an option in your Filters list.
Other Improvements
We made it so long usernames and emails aren't visually cut off when viewed via the Account button modal.
We reworded "Open in Web Vault" to "Web Vault" in the Browser Extension menu options.
We removed the "Launch Website" option from the Record Details overflow menu, since there's already a "Launch" button on the Record Details UI (if you're not on the website already).
Site-Specific Fixes
Functionality & User Interface Fixes
BE-5737: Fixed an issue where the extension would log out if a record is opened in the Vault via the extension and then deleted.
BE-5735: Fixed an issue where newly created records show "Launch" instead of "Autofill", even when the URL matches the website the user is on.
BE-5753: Adding a missing tooltip to the Sort/Filter dropdown.
BE-5766: Fixed an issue where the Create Record screen is not preserving the edits users make if the Toolbar Window is closed or dismissed during record creation and then reopened.
BE-5673: Fixed an issue where only one custom field would show when using the right-click context menu.
BE-5644: Fixed an issue where the title of the Change Password modal was visually cut off instead of showing an ellipses.
BE-5623: Fixed an issue where the menu that appears after clicking the overflow menu on the create new record prompt does not disappear after clicking one of its options.
BE-5799: Fixed an issue where long text in the Sort/Filter component could sometimes break formatting.
BE-5803: Added a border to Favicons when viewed in the create new record view.
BE-5684: Fixed an issue where "Copy Password" was suggested as an option when clicking the more menu on a record list item that did not contain a password.
BE-5862: Fixed an issue where custom fields that a user has changed the display name for would not show the user-specified name.
BE-5802: Fixed an issue where users could edit records directly from the context menu, rather than the record being opened for them to edit in the web vault.
BE-5804: Fixed an issue where attempting to edit a record with 2 URL fields from the Form Filler tool did not open the record in the web vault, as expected.
BE-5896: Fixed an issue where password generator enforcements set by an administrator would apply not only to generated passwords but also passwords that users entered manually, which was not intended.
BE-5774: Fixed an issue where clicking the Autofill button on a record with 2 URLs would open a new tab with the 1st URL, even if the user's active tab contained the 2nd URL.
BE-5902: Fixed an issue where AWS console regions were not loading instantly.
BE-5864: Fixed issues with navigating the Change Password prompt.
BE-5853: Fixed an issue where users couldn't create Payment or Address records via the context menu if they had a certain re-authentication enforcement set by their administrator.
BE-5846: Fixed an issue where some users could not set their Form Field Icons to "Always Show".
BE-5842: Fixed an issue where files were sometimes removed from a v2 record upon following a specific set of actions.
BE-5837: Added a missing translation for the Auto Submit setting description.
BE-5796: Fixed an issue where Safari didn't show emoji as a part of a password.
BE-5721: Fixed an issue where enterprise enforcements could be bypassed by adding certain characters in front of the domain name in a record's URL.
BE-5719: Fixed an issue where the Extension was not automatically logging in on installation if the user was already logged in to the Web Vault.
BE-5707: Added keyboard navigation accessibility to the change password flow.
BE-5662: Fixed an issue where Safari was not properly launching records that had a port included in their URL field.
BE-5640: Fixed an issue where the Extension's Filter component could not be cleared using keyboard controls.
BE-5731: Fixed an issue where domain-specific enterprise enforcements for passwords were excessively strict.
BE-5609: Fixed an issue where an error message appears when entering the incorrect TOTP code, bumping certain text content below the border of the screen without generating a scroll bar - making that content unreachable.
BE-5602: Fixed an issue where the Extension's Search results string would show "Showing results for: '1'" rather than the actual search term entered, in cases where only one result was returned.
BE-5593: Fixed an issue where profile pictures would sometimes appear as a square instead of a circle.
BE-5663: Fixed an issue where multiple tooltips could appear when hovering over themes in the Extension's appearance settings.
BE-5540: Fixed issues with the Suggested Record section's "Create a Record" button, making it keyboard accessible, adding a tooltip, and adding hover states.
BE-5621: Fixed an issue where users were sometimes unable to access Options and Account modals via keyboard navigation if they had viewed a record first.
BE-5857: Fixed an issue where the Extension Tab for creating a payment record was sometimes missing an Address field.
BE-5894: Fixed an issue where folders were not being sorted alphabetically in the folder selector within the Extension Tab.
BE-5895: Fixed an issue where restoring the Extension's default settings was not resetting the Field Icon setting under certain circumstances.
BE-5972: Fixed an issue where the tooltip would not dismiss automatically after hovering over the dice icon when creating a record.
BE-5871: Fixed an issue where the Add to Keeper dropdown was appearing when it shouldn't be on the Login pages of certain websites.
BE-5898: Fixed a discoloration issue on the Cross-Domain iFrame warning prompt.
BE-5959: Fixed an issue where enterprise enforcement policies on passwords were not properly restricting the use of the plus symbol.
Browser Extension Version 16.10.2
Released late August, 2024
This release fixed a bug that impacted core functionality for Safari users.
Browser Extension Version 16.10.1
Released late August, 2024
This release fixed a bug related to the way records are sorted in the Browser Extension's List view.
Browser Extension Version 16.10.0
Released July 2024
Primary Improvements
Record Creation in Extension Tab
We've introduced new safeguards to user data with the addition of a highly secure Extension Tab.
Now, attempting to create a record from any on-site UI will open a new tab, where information can be entered with increased security.
This includes record creation from field icon prompts, fill prompts and the right-click context menu. You can find visual examples of the various workflows below.
Extension Tab Navigation
Any content entered in a website's username or password fields will be automatically populated in the Extension Tab's new record form.
Once a new record is saved in the Extension Tab, you will be automatically routed back to the website you were on and the Extension Tab will close.
Upon returning to the website, the username and password fields will be auto-filled with the values of your newly created record.
Password Generation Prompts
Keeper will no longer suggest new passwords on website login pages, because we assume you likely already have a password you'd like to enter.
This prompt will continue to appear on new account registration pages, where it's more likely to add value.
Simplified Prompts
We've streamlined the "New Record" prompt that appears when there are no suggested records for a site.
Username Suggestions
Keeper will no longer suggest users' emails on websites, which previously occurred when clicking on a website's username field.
This eliminates the risk of username data being compromised via third-party clickjacking.
This functionality has been improved upon and made available in the Extension Tab.
Creating Address & Payment Records
The extension tab can be used to create address and payment records as well. This can be done through the use of Keeper's context menu by right clicking anywhere on a website.
Other Improvements
New ARAM Event
An "Open Record" ARAM event will be triggered when users open records in the Keeper Browser Extension.
This event will not be triggered upon opening the edit record or create record screens, filling a record, or changing a password.
Screen Reader
Made the readout for the extension's search bar clearer and more simple, to increase accessibility.
Fixes
BE-5473: Prevented repeated clicks of Duo 2FA buttons from creating duplicative text notifications
BE-4266: Fixed issue where user was required to log in a second time to access the vault and browser extension after transfer account setup
BE-5520: Fixed issue where the region selector sometimes disappeared from the extension's login screen if the toolbar window is closed
BE-5511: Fixed issue where multi-line password values showed as a single line when hidden
BE-5504: Fixed an issue where custom records with 2 URL parameters did not match on each URL when "Match on Subdomain" setting was enabled
BE-5499: Fixed an issue where records that had multiple URL fields were at times not sorted correctly
BE-5590: Fixed an issue where a record remained after being deleted when certain actions were taken
BE-5727: Fixed an issue where the extension's "Stay Logged In" setting was being incorrectly overwritten by the vault's equivalent setting
BE-5758: Fixed an issue where an "Unable to load the key data" error was thrown when attempting to save a new record
BE-5739: Fixed an issue where viewing a password that included certain special characters would cause the extension's toolbar window to crash
BE-5772: Fixed an issue with incorrect profile pictures being displayed
BE-5767: Fixed an issue where TOTP code was at times not displaying in the extension after being added to a record
BE-5675: Fixed an issue where logging in was complicated if the user closed the SSO tab while being prompted for 2FA
BE-5677: Fixed an issue where custom login records with 20 URL fields would show indefinitely when opened in edit view in the toolbar window
Site-Specific Fixes
BE-5626: Fixed performance issues on azurewebsites.net
BE-5728: Fixed interference with rich text editor iFrame on ariba.com
humio.com
inkstation.com.au
insperity.com
intaact.com
jjbuckley.com
kixeye.com
mako-box.com
maykers.com
workforcenow.adp.com/theme/index.html
agencysmart.net
Browser Extension Version 16.9.1
Released June 1st, 2024
Fixed an issue where the Extension would incorrectly autofill & auto-submit username and password data on the Account Settings pages of certain websites.
Browser Extension Version 16.9.0
Released on May 25, 2024
Major UI Improvements
An entirely refreshed Browser Extension experience.
Records now appear directly on your homepage.
New, simple ways to find what you're looking for.
Easily fill credentials with Suggested records that match the website you're on.
Sort records by most recently used, name, or date modified. Filter by Favorites, record type, and more.
Favorite records will appear on top when more than one Suggested record is shown.
Create records with a click.
Start from scratch with the Create Record (+) button, or Quick Add a record by clicking (+) Add Record when no suggested records are found. Quick adding a record will auto-generate Title and URL based on the website you are on.
Know which account you are on with a glance.
Especially helpful for users who switch between Business and Personal accounts.
Streamlined user interface.
Tools and Settings have been consolidated into an easily-accessible Options menu.
Other Improvements
BE-5717: UI improvements to Record Details. Added a back arrow to the top left of the screen. Moved Favicon next to Record Title.
BE-5535: Gave users the ability to entirely disable Form Field Icons (The Keeper icons that appear inside of fields) without having to disable autofill and auto-submit functionality.
BE-5489: Released Manifest Version 3 to all users.
BE-5523: Added a security measure to prevent KeeperFill from detecting and filling into HTML elements in the body of emails.
Fixes
BE-5457: Fixed an issue where when users with expired trial accounts clicked “Upgrade Now” button in the extension, two tabs were opened instead of one.
BE-5456: Fixed an issue where the US Government Access Notice fails to appear if the datacenter is changed to US (GOV) with keyboard navigation.
BE-5446: Fixed an issue where master password was being asked for more than once when attempting to log in via SSO + Yubikey 2FA.
BE-5431: Fixed an issue where an error message was not reappearing when user’s master password was entered incorrectly more than once.
BE-5429: Fixed an issue where the Fill button was displayed on records that did not contain a URL.
BE-5509: Fixed an issue where the extension was using more memory than expected in certain scenarios where multiple tabs were opened and closed.
BE-5439: Fixed an issue where more than one popup was being displayed when attempting to fill Payment information into cross-domain iFrames.
BE-5427: Fixed an issue where, when using dark mode, text entered into the search field was unreadable due to font color matching the search field’s background color.
BE-5512: Fixed an issue where updates to a record’s favicon did not take effect immediately after a URL was added to or removed from the record.
BE-5185: Added a missing translation in Change Password flow.
BE-5526: Fixed detection issues causing Keeper icons to display in non-applicable fields in Figma, such as text size
BE-5468: Site Specific Fixes
Browser Extension Version 16.8.1
Released March 2024
Browser Extension Version 16.8.0
Released February 2024
Major UI Improvements
BE-5423: Significant updates to the UI/UX of Record Details on the Browser Extension:
1. Record Details Screen: Clicking a record will now display its details in new screen rather than expanding it like an accordion, resulting in easier navigation and greater consistency with Keeper's Web Vault & Mobile experiences.
2. Top Bar: A new top bar makes it easy to take common actions like filling, launching, editing, or favoriting a record
3. Keyboard Navigation: has been updated for compatibility with the new Record Details screen. After focus is placed on a record using the arrow keys:
Enter = Open Record Details
Shift+Enter = Launch/Fill Record
4. Favorites: Any record can now be added to or removed from Favorites via the Top Bar. Any Favorited records will appear with a Star icon to make them easy to spot in a list.
5. Password Strength: is now displayed on record details.
6. Favicons (BE-5164): Site-specific favicons will replace the majority of generic favicons, while maintaining zero-knowledge.
7. Record Icons: Small icons in record details indicate when a record is a favorite, a shared record, or contains a TOTP.
8. Quality of Life Improvements: The terminology for 'Save' and 'Cancel' buttons on the record edit screen, as well as the 'Autofill' and 'Autosubmit' settings in record details, have been updated for clarity & consistency with the Web Vault.
Other Improvements
BE-5482: Disabled the onboarding dialogue (the instructions on how to pin Keeper’s extension) in cases where the extension has been force installed.
BE-5452: DUO 2FA now supports alphanumeric characters.
Bug Fixes
BE-5407: Fixed an issue with duo 2FA not redirecting to master password entry screen.
BE-5405: Fixed an issue where Search UI deforms when taking certain actions in Edit Record screen.
BE-5420: Fixed an issue where shared folder records were still accessible via the extension to users who were removed from the team that gave them access.
BE-5434: Fixed an issue where passkey prompt still displayed on certain sites that the user disabled Keeperfill on via role enforcement policies.
BE-5466: Fixed an issue where the “back” button was blending in to the extension’s UI.
BE-5478: Fixed an issue where changes to the autofill or autosubmit settings on a record were sometimes reverted after logging out.
BE-5484: Fixed an issue with record types displaying as text keys in the record details view.
BE-5483: Fixed an issue where the options menu icon was difficult to see in search results when using dark mode.
BE-5467: Fixed an issue where pressing the Enter key was not triggering an action while focus was placed on a record in the extension toolbar window.
Site-Specific Fixes
BE-5409, BE-5408: Fixed domain matching issues on a few sites to ensure that the proper records are surfaced.
BE-4402: Fixed an issue where form filler did not appear on a few sites.
BE-5422: Other site-specific fixes:
app.crewmeister.com
https://www.aliexpress.us/
https://www.delta.com/
https://www.eurowings.com/
https://accounts.netgear.com/login
https://app.tinypulse.com/auth
https://mft.askallegiance.com/webclient/Login.xhtml
https://www.slack.com/signin#/signin
http://share.minterellison.com/login
https://portal.schonfeld.com/
http://therapynotes.com/app/login/
https://tic.3cx.us:5001/
https://welcome.saas.mrisoftware.com/
https://bvsperformance.bvsinc.com/registrationbank.asp
https://online.corp.westpac.com.au/SignIn/Index
https://www.foundersport.com/?bmid=
https://www.bbva.es/empresas.html
Browser Extension Version 16.7.6
Released January 26, 2024
Bug Fixes
BE-5382: the Keeper lock icon was appearing on unexpected, unapplicable fields (fields other than login, email, password, etc.)
BE-4634: On Firefox, the Keeper app was not working on 'saved' websites that were automatically launched during Firefox startup
BE-5390: Keeper icons were not appearing on 'startup' pages that automatically launched during Chrome startup
BE-5371: Search results in the main Browser Extension window were capped at 10 results if user navigated to "Settings" after performing a search
BE-5388: The browser extension was unexpectedly filling forms populated by the ActiveInbox extension in Gmail
BE-5384: The change password prompt was not appearing when Azure's change password flow was launched from the Security Info tab
BE-5417: Some users' clients were invoking a translate function before store setup
BE-5424: The Security setting for "stay logged in" was unable to be updated for some users
BE-5488: When launching a new tab from the extension, Keeper would previously clean up the URL before launching it; this change has been reverted, and Keeper will now launch the exact URL stored in your vault
BE-5435: When using the Keeper Admin Console, some users were incorrectly receiving prompts from the Browser Extension
BE-5453: The Generate Password create-a-record flow was not automatically prepending "https://" in the URL as intended
BE-5313: Keeper lock icon was incorrectly displaying in Gmail's search bar when Gmail was being used in certain languages (e.g. Deutsch)
BE-5451: The prompt appearing after the change-a-password-via-Keeper flow was completed was missing certain elements
BE-5419: On certain websites, the Browser Extension was conflicting with Microsoft Editor: Spelling & Grammar Checker
Design
BE-5389: Slight adjustment to the placement of an accessibility settings toggle
BE-5416: In Browser Extension search results, the default payment card indicator was changed color from grey to green
BE-5415: In dark mode, Green indicator color was not consistent across screens
BE-5412: In dark mode, the color of certain text elements made them difficult to read
BE-5410: The color of password complexity checkmarks were changing based on theme color, when they are intended to remain blue
Compliance
BE-5393: Certain popups were unable to be navigated using keyboard controls
BE-5411: Users were unable to perform certain navigation with keyboard controls in the Browser Extension's Generator History screen
BE-5391: Adjusted color of a few elements in dark mode to meet compliance requirements
Site-Specific Fixes (BE-5395)
http://box.com/
https://accounts.zoho.com/signin
https://admin.private.zscaler.com/#
https://app.asana.com/-/login
https://app.dashlane.com/login
https://app.hubspot.com/login/beta/
https://auth.datto.com/login
https://auth.tesla.com/
https://auth.uber.com/v2/
https://auth0.com/
https://Aviation.agcs.allianz.com
https://courtier.wazari.fr/#/login
Browser Extension Version 16.7.5
Released on Jan 10, 2024
Browser Extension Version 16.7.4
In Preview. ETA Dec 28, 2023
Bug Fixes
BR-5318: Tooltip "copy" doesn't go away after clicking copy from password history screen
BE-5228: Not all subfolders are showing in the Edit/Create record screen
BE-5234: New password fails to save in Github if user updates the password first on Github before saving the changes on Keeper.
BE-4727: airbnb.ca login form fixes
BE-5368: Custom field
BE-5383: Yayoi website login fixes
BE-5368: Custom field website matching not working when port number is in URL
BE-5369: Extension isn't handling launching URLs without a protocol specified, need to just assume https
BE-5394: Clicking on "Create an Account" in the login screen does not take the user to "Create Your Account" on Web Vault.
BE-5402: Dark mode Keeper logo issues
Website Fixes
https://amers2.identity.ciam.refinitiv.net/auth/UI/Login
https://api.scm.dss.husqvarnagroup.net/createcontracts
https://app.pax8.com
https://crm.solshost.co.uk
https://customer.bmwgroup.com/oneid#/register
https://hub.connectwise.com
https://kws.okta-emea.com
https://solutionsforaccountinglimited.sage.hr
https://e01hosting.tessitura.com/vpn/index.html
https://icloud.com
Other Improvements
BE-5005: 508 compliance / high contrast items
Browser Extension Version 16.7.3
Released on Nov 22, 2023
Bug Fixes
BE-5375: Passkey management not working on Firefox 119+
BE-5366: TOTP filling On Google Not Working For Equivalent Domains (e.g. gmail.com, youtube.com, etc)
BE-3272: Enterprise KeeperFill domain restrictions are not working with special characters in the URL
BE-5341: Creating a record with title only throws an error in Form filler
BE-5264: When a Keeper DNA (Watch device) user opts to use “Two-Factor Method” during device approval and approves the push, the extension goes back to the “Select Method” menu rather than proceed to the Master Password entry.
BE-5338: Firefox BE main screen not closed when record is launched from search or matching records
BE-5002, BE-5003, BE-5004, BE-5011, BE-5007: 508 compliance items
BE-5353: Site-specific fixes
adminer.jump-biz.fr app.appogeehr.com app.pax8.com asp-eu.broadridgeims.com crm.solshost.co.uk customer.bmwgroup.com ds-ecommerce.konicaminolta.at login.midamericanenergy.com login.zoominfo.com mammatus.cluen.com one.kaseya.com secure.employmenthero.com solutionsforaccountinglimited.sage.hr us.cloudcare.avg.com
Browser Extension Version 16.7.2
Released on Nov 9, 2023
Browser Extension Version 16.7.1
Released on Nov 3, 2023
Bug Fixes
BE-5291: Multiple customer reported website fixes
https://ww6.autotask.net https://www.ebay.com https://hr.rozeroom.org https://dashboard.m1.com/login https://chase.com https://auth.auvik.com/ https://ally.com https://console.wasabisys.com/login https://login.microsoftonline.com
BE-5226: Logins with MFA fields are auto-filled with URL in some cases
BE-5288: Unable to edit multi-line notes in the extension
BE-5287: Improvements to password generator record creation flow
BE-5317: Automatic updates of the public suffix list
BE-5331: Shared folder-subfolder records are missing in the extension
BE-5352: With "match on subdomain" enabled, the extension does not autofill on a non-subdomain-matching site even if it's the only record.
BE-5348: Remove the user's search string from local storage
BE-5351: FIDO2 key prompt not appearing for some sites
BE-5365: Performance / browser crashing due to a large number of "hidden" input fields
Features
BE-4919: Upon installing the extension, we now auto-launch a helpful user guide page.
Browser Extension Version 16.7.0
Released on Oct 17, 2023
Features
BE-4356: Ability to control tab behavior with the Keeper lock icon within form fields. By disabling this accessibility setting, tabbing through forms will not focus on the icon.
BE-5058: Password generator history feature provides users with a way of retrieving any generated password (in case they forget to save it). Generated passwords are encrypted and only decrypted upon logging into the extension. Visit the Password Generator screen > Generator History. To clear the history, click on "Clear History".
Bug Fixes
BE-5336: Some sites are crashing with Keeper installed. The sites affected are using extremely large field identifiers, causing Keeper's regular expression parser to use too many resources.
BE-5328: Cloudflare WARP client breaks Keeper passkeys usage
BE-5218: When editing a record from the matching records screen, the record is not visually updated in the UI until user returns to main menu
BE-5253: On Windows devices, Passkey login on Google is not allowing the user to use a different passkey other than the one stored in Keeper.
BE-5282: Setting up a Microsoft security key while having Keeper installed hangs intermittently
BE-5267: Some sites in Safari are not loading our scripts on the first load when navigating directly to them either by putting the website address in the toolbar or using a bookmark.
BE-5231: Lock icons appear on the wrong side for some sites that are in Hebrew
BE-5290: Amazon.com auto-submit not working
BE-5239: Onboarding a new user directly from the browser extension with SSO having a 2FA enforcement fails to complete signup
BE-5210: Extension does not auto-append "https://" in the URL field if the user fills it in manually.
BE-5204: There are some scenarios where the enterprise Domain Restriction enforcement policy is not working properly when the domain changes while the user is navigating through a site. LinkedIn is an example of this.
BE-5190: PayPal website in German region not working
BE-5103: Deleted Shared Folder Is Not Removing Records Within That Shared Folder On Other Accounts. When User A that owns a shared folder with records in it and User B is shared that shared folder, then User A deletes the shared folder, the records persist in User B’s cache.
BE-4991: Re-Authentication policy for editing enterprise record is not enforced when using the right-click context menu
BE-5232: Fixed login issues on JP tax filing site (https://uketsuke.e-tax.nta.go.jp)
BE-5300: Fixed AWS login issue where Account ID is filled with TOTP code
BE-5165: Fixed https://yournextstep.com
BE-5299: Filling from the browser extension toolbar is not using Equivalent Domains (e.g. microsoft.com and azure.com)
BE-5298: Searching too fast causes no results then breaks search until logout.
BE-5295: Unable to save changes with V2 (general) records - checkmark (save button) does not work.
BE-4476: In some scenarios, the browser extension is not calculating enterprise audit scores.
BE-5216: Autofill issues on ADP.com
Various site-specific autofill issues as reported by customers
Security Updates
BE-5273: The "copy" icon appears on records with privacy screen enforcement policy. Occurs on custom templates w/ privacy screen, team enforced, and role enforced records
BE-5285: Improved security of Payment Card filling with additional system popup prompting.
BE-5278: The Default User Setting enforcement for the Stay Logged In option is not interpreted correctly in BE. The enforcement should only apply on the first login after the user has been added to a role. Any changes made to the "Stay Logged In" setting should stay saved whether its ON or OFF.
BE-5242: The Keeper lock icon is showing in Gmail search fields in some languages
Browser Extension Version 16.6.4
Released on Sept 13, 2023
BE-5271: Various site-specific autofill fixes
BE-5280: Performance related field identification issue
Browser Extension Version 16.6.3
Released on Aug 30, 2023
Improvements
BE-5158: Searching from the "filter matching" screen will search the entire vault
BE-4986: Copy button added to Notes field
BE-5166: Auto-submit option is now default to OFF
Bug Fixes
BE-5227: Autofill from clicking Launch on Web Vault is not auto-filling
BE-5240: FIDO2 key login to Admin Console not working on Firefox
BE-5237: Moving a record between shared folders makes it disappear from Autofill
BE-4975: A team-enforced privacy screen applies the privacy screen to the record owner
BE-4969: Teams with "Hide Shared Folders" restriction are not hiding records in extension
BE-5217: Best Buy passkeys are not working on Firefox
Hundreds of site-specific bug fixes
Browser Extension Version 16.6.2
Released on August 23, 2023
Bug Fixes
BE-5237: Moving a record into a different shared folder causes it to disappear from Autofill
BE-5013: Searching KeeperFill with Kanji characters doesn't work
BE-5012: Twitter Japan autofill issues
BE-4862: Some favicons are showing broken images
BE-4986: No "Copy" button showing in Notes field
BE-4995: Date format does not change in different locales
BE-4985: Extension does not retain email when logging in from the web vault
BE-4984: The extension is overriding the enterprise enforcement complexity on random password generation when the enforcement’s generation is less secure than the default password generation.
BE-4936: When searching the matching records and deleting one character at a time, the matching records don't reload when the search field is cleared.
BE-4933: The Account select in the Change Password window erroneously shows the Create New Record at the bottom of the list.
BE-4904: Github 2FA code doesn't autofill
BE-4917: Amtrak login issues
BE-4876: There are customer reported cases that on startup on some chromium (opera in this case) browsers, the chrome.tabs.onUpdated function is called before the onBrowserStart function has completed. This causes some bugs.
BE-4840: BE is not resetting all matching records after user manually deletes all the characters in the query string.
BE-5127: Unable to use Passkeys on Best Buy in Firefox
BE-5240: Unable to login to the Admin Console using Firefox with a hardware security key.
Other Changes
BE-5166: Default Autosubmit to OFF on new accounts
BE-5206: Record UID is now searchable
Many other website-specific autofill fixes
Browser Extension Version 16.6.1
Released on Aug 17, 2023
Browser Extension Version 16.6.0
Released on Aug 12, 2023
Features
BE-4775: UI update for clearer visibility and 508 compliance
BE-4879: Support for Passkeys [User Guide]
BE-4837: Autofill for HTTP Basic Auth websites
BE-4619: Ability to manage HTTP "insecure fill warning" prompting in settings screen
BE-4410: Show long emails by hovering over with the mouse
BE-4974: Clear previous search after 5 minutes
BE-5060: Allow for longer logout timer values (no longer limited to 1440 minutes)
BE-5168: Removed "Off" setting for logout timer in favor of simple logout timer setting
Bug Fixes
BE-4090: Improvement to "Prompt to Update" flow
BE-3890: Firefox private windows
BE-4803: Dell.com delltechnologies.com alias
BE-4954: URL parsing breaks IPv6 hostnames in the record Autofill
BE-4786: Walmart payment cards
BE-4783: Custom record type with multiple URLs doesn't Autofill
BE-4781: Royal Mail doesn't fill payment cards
BE-4778: Ebay autofill issues
BE-4260: Porsche website autofill issues
BE-5095: Numerous Japanese translation issues
BE-5106: Several items related to SSO accounts with TOTP and Yubikey
Hundreds of other site-specific autofill fixes
Other Changes
Autofill from the browser extension toolbar is denied if there is no URL associated to a record.
Browser Extension Version 16.5.3 and 16.5.4
Released on June 27, 2023
This update contained a security update in reference to a bug which was discovered by the Meta Offensive Security Group (namely Godlove Penn, Samuel Manzer, Tom Ravenscroft, Aaron Grattafiori, Greg Prosser).
This release addresses ticket BE-5131 in which the Keeper browser extension was writing temporary ephemeral logs to a user's computer-device storage that contained local vault data and data typed into Keeper in some circumstances.
The issue required a fully-compromised, physical device to exploit. We resolved and published a security update within 12 hours of receiving and verifying the research findings. No reports of any customers affected by this bug have been reported to Keeper. Mobile Apps and Desktop Applications were not affected and do not require updates.
All users with affected Keeper browser extensions (versions 16.4.16, 16.5.0, 16.5.1, 16.5.2) have been automatically force-updated to version 16.5.4 (or newer) across all app stores. Access to affected versions was blocked. Customers do not need to take any further action.
If you have any questions please email security@keepersecurity.com.
Browser Extension Version 16.5.0
Released on May 20, 2023
Features
BE-4537: Handling of Web socket requests when MV3 browser extension service worker has been terminated
BE-4802: New Safari extension [User Guide]
BE-4536: Bootstrapping for MV3: When the service worker is stopped, all memory is lost. The next time the extension boots up, based on what the user's last action was, it grabs what it needs from physical storage, processes that, puts it into memory, then does perform the user's last action if there was one.
Bug Fixes
BE-4749: Login to Upwork.com is clicking the wrong button
BE-4938: Firefox using too much memory
BE-4979: Keeper throws errors on mapfreconnect.com
BE-4977: When you disconnect from the network and reconnect, the extension shows logged in; however, it prompts for 2FA and can send SMS 2FA incorrectly.
BE-4983: Form filling is broken for V2 (general) custom fields
BE-4990: Autofill broken on squareup.com
BE-4956: Based on customer feedback, we removed the "prompt to login" on page loads.
BE-4988: When the extension fills into an http / insecure site, the extension will ask the user through a window popup if the user would like to continue to fill the inputs because the connection is insecure. Clicking "OK" doesn't fill the contents or close the window and clicking cancel doesn't close the window.
Browser Extension Version 16.4.16
Released on May 2, 2023
Bug Fixes
BE-4973: Pasting text into the browser extension can sometimes scramble characters
BE-4972: In some rare scenarios, the browser extension is encrypting a record with a new key instead of using the existing record key. This can cause data corruption and require the user to revert to the prior version of a record.
Browser Extension Version 16.4.14
Released on April 3, 2023
Bug Fixes
BE-4923: Protection against Chromium crash when max IndexedDB reaches quota
BE-4928: SSO Logout generating duplicate requests to the server, creating replay error
BE-4952: Browser Extension crashes when switching VPN connections while logged in
BE-4953: Record matching stops working properly after network changes occur on the user's machine
BE-4960: When a user has Firefox set to "never to remember history" in the security settings and disconnects from the network, none of the records show for a specific domain after reconnecting.
BE-4942: When a user deletes a record from a domain then logs out and logs in again, the other records on that domain disappear when navigating to that domain.
BE-4943: The browser action window crashes on startup sometimes because the tabs value is undefined or null from a chrome listener. This makes it so that initialization steps in the extension don't complete because these thrown errors interrupt the startup process.
Improvements
BE-4682: Extension reverts to Backup 2FA over WebAuthn with Cloud SSO activated account With this update, SSO Cloud accounts that enforce 2FA will default to the use of WebAuthn instead of TOTP/SMS.
BE-4934: In order to reduce sync calls in large enterprise customers with many shared records, the browser extension will process closely received incoming messages in batches.
Browser Extension Version 16.4.13
Released on March 5, 2023
Bug Fixes
BE-4912: High CPU usage due to repeated message sending when many tabs in use
BE-4922: Prompt to Login is showing on the Okta login screen, in some flows
BE-4920: Credit card numbers not masked by default
BE-4926: Keeper prompts are taking mouse focus
BE-4923: Local storage cache growing too large causes browser to crash.
BE-4921: When typing an email during login to a site, the Autofill suggestion dialog is not clearing.
Browser Extension Version 16.4.12
Released on Feb 14, 2023
Overview
This Browser Extension release has been many months in the making, due to major restructuring of the codebase due to the new Manifest V3 requirement being enforced by Google. We took this opportunity to refactor syncing and performance for large vault accounts, with over 100 bug fixes.
Workflow Changes
BE-4515: When a user logs in with SSO, logout will go back to the "normal" login screen displaying the email address and "Next" button, instead of showing the SSO Enterprise Domain screen.
Features & Improvements
BE-4738: Support for upcoming "WiFi" Record Type
BE-4654: Geolocations API permission to set user's region upon install
BE-4559: Payment Card icons now compatible with all display modes
BE-4515: Unless user previously logs in using Enterprise SSO Login, login screen will always default to Master Password login
BE-4538, BE-4530, BE-4532, BE-4531: Manifest V3 migration including new record sharding, redux actions and message queuing.
BE-4744: New progress animation during sync
Bug Fixes
BE -4814: Significant performance improvements to extension on Firefox Browser
BE-4729: Issues with extension login via Azure SSO on-prem connect (Firefox)
BE-4729: Search results fail to update when a character is deleted in the search field (Firefox)
BE-3831: Crash occurs on master password re-authentication after six attempts
BE-4489: Changes to extension settings do not take effect until user logouts/logins
BE-3763: Autofill via right-click context menu fails for Amazon AWS new credit card entry
BE-4730: KeeperFill window unable to be moved by user on touch screen
BE-4683: Autofill does not detect password fields on various Google foreign language pages
BE-4640: User is unable to see Private Key field in an "SSH Key" Record Type without filling the Public Key field
BE-4616: Custom Fields within a custom record type fail to autofill
BE-4502: Prompt to login fails to appear on newly installed extension
BE-4440: "Payment Card" Record Type autofill via the right-click context menu fails for billing address fields
BE-4788: Logging into the Web Vault fails to simultaneously log user into the extension
BE-4811: Prompt to change password fails to appear when a user has an existing record for a domain and visits the change password page
BE-4631: After reverting a password during the password change workflow, the change is not reflected in the user interface of the BE until logout/login. This will be addressed in our next update.
Browser Extension Version 16.4.8
Released on Nov 5, 2022
Browser Extension Version 16.4.7
Released on Sep 7, 2022
Features & Improvements
BE-4595: Updated to the latest Keeper Javascript SDK
BE-4534, BE-4010, BE-4535: Migration to MV3
Bug Fixes
BE-4479: 2 single tab windows with different domains confuses the context menu
BE-4623: Extension does not allow users to retry with different Enterprise Domains
BE-4494: After moving a subfolder out of a folder, the extension shows info in 2 locations
BE-4593: User not taken to Web Vault when clicking vault button from sign-in screen
BE-4587: Mouse changes from arrow to hand on record title
BE-4639: Editing the URL from the extension does not reflect in the UI
BE-4659: Users in AU are not auto-logged-in to the extension when installing it from within the Vault.
BE-4646: Error message "object already exists" when logging into the GovCloud region.
BE-4661: MAPFRE website causes JS error
BE-4692: Open in Vault does not open the record when the vault is already open in another tab.
BE-4695: KeeperFill is showing in Gmail search box
BE-4703: Prompt to Save is not showing correctly when the user does not have a record in their vault.
BE-4701: Expiring the Master Password does not show the proper error message in the UI.
BE-4716: Filling on VMware Horizon with Autosubmit does not click the correct button.
BE-4717: Throttling message not being displayed in the UI properly in some cases.
BE-4691: Vault Transfer consent notice not showing in the browser extension
Browser Extension Version 16.4.6
Released on July 23, 2022
Bug Fixes
BE-4641: Reduce size of total package by lazy loading libraries
BE-4649: Existing session token login with Region Redirect is not redirecting
BE-4657: EU region not receiving Keeper Push approval notification
BE-4652: Very Large payload unable to decode response
BE-4645: Confirmation Popup on Show Cards/Address button
Browser Extension Release 16.4.4
Released on July 17, 2022
Browser Extension Release 16.4.3
Released on July 13, 2022
Browser Extension Version 16.4.2
Released on June 11, 2022
Browser Extension Version 16.4.1
Released on May 20, 2022
Bug Fixes
BE-4524: Legacy (general) records with non-latin1 characters are showing scrambled in the UI
BE-3890: Using Firefox in Private Browsing Mode not functional
BE-4547: Duo 2FA shows Voice Call option when not supported
BE-4553: Unable to log back in after user logged out by and admin-enforced Logout timer.
Manifest V3
BE-4526, BE-4527, BE-4528, BE-4529: Partial migration to Manifest V3 packaging. Local storage changes, bundling of Javascript, configuration of setting storage.
Security Updates
BE-4523, BE-4522: Updated crypto libraries to match Web Vault
Beta Installation
Customers can install the Keeper Beta Version: 1. Uninstall your existing Keeper extension
2. Install the Beta available here:
https://chrome.google.com/webstore/detail/keeper%C2%AE-password-manager/hlkdkmefjphnecdoiaajhndjmkpkhifo?hl=en&authuser=0 Please ensure that you only have one Keeper extension installed at a time.
Browser Extension Version 16.4.0
Released on April 2, 2022
Features & Improvements
BE-4326: Support for High Contrast (Dark Mode)
You can now activate Dark Mode in the Settings > Themes screen
BE-4316: Color indicators show on the list of records
BE-4329: Combined Stay Logged In and Logout Timers
To simplify the user experience, we have merged the Logout Timer and Stay Logged In setting into a new "Security" settings screen.
When logging in or registering for an account on a website with no stored credentials, Keeper provides the user with a user experience that quickly and seamlessly creates the vault record. The user is first presented with a list of possible email addresses to use for the login field.
On the password field, the user can instantly generate a password.
If you already know the password, when you start to type Keeper will allow you to instantly save the information, making it super easy to capture existing passwords.
This new workflow also solves another pain point for users by allowing the saving of credentials on single-page application websites such as sketch.com, hubspot.com and thousands of similar sites.
In addition to this workflow, we have also introduced Folder Selection so you can save a record directly to a private or shared folder without having to leave the current page. This highly requested capability is included in several workflows and will be incorporated into other areas of the browser extension moving forward.
While saving the new record, you can also directly set the "Autofill" and "Autosubmit" options.
This new workflow can be controlled through a new Settings screen called "Autofill Suggestions":
Bug Fixes
BE-4407: 2FA code filling on Slack.com
BE-4409: Improved behavior on login with "blocked" account status
BE-4408: Google social login button being clicked by Autofill
BE-4405: AWS multi-page login improvements
BE-4384: Improved filling of "textarea" form field types
BE-4350: Filling 2FA codes that are separated between different input fields such as newegg.com
BE-3937: Autofill causing errors on cashweb.nl
BE-4462: Search crashing from corrupt record data
BE-4411: If user has "Block 3rd party cookies" setting turned on, the extension screen is not visible.
Known Issues
Changes made to Autofill and auto-submit settings are not activated until the next logout/login
Few visual issues with Dark Mode
Enterprise Users with Vault Transfer enabled are not immediately logged into the browser extension upon first acceptance. Logout/login is required.
Browser Extension Version 16.2.0
Release on Jan 26, 2022
Features & Improvements
This new Browser Extension version 16.2 introduces a new and improved workflow and elegant user experience for saving new passwords.
When logging in or registering for an account on a website with no stored credentials, Keeper provides the user with a user experience that quickly and seamlessly creates the vault record. The user is first presented with a list of possible email addresses to use for the login field.
On the password field, the user can instantly generate a password.
If you already know the password, when you start to type Keeper will allow you to instantly save the information, making it super easy to capture existing passwords.
This new workflow also solves another pain point for users by allowing the saving of credentials on single-page application websites such as sketch.com, hubspot.com and thousands of similar sites.
In addition to this workflow, we have also introduced Folder Selection so you can save a record directly to a private or shared folder without having to leave the current page. This highly requested capability is included in several workflows and will be incorporated into other areas of the browser extension moving forward.
While saving the new record, you can also directly set the "Autofill" and "Autosubmit" options.
This new workflow can be controlled through a new Settings screen called "Autofill Suggestions":
Other changes:
BE-4311: Change "Sym" string to "!@#"
BE-4331: Improved sync speed and performance for accounts with a large number of records
BE-4400: Support for role enforcement policy "Autofill_Suggestion" which can disable the new workflow, if a customer requests it.
Bug Fixes
BE-4328: Role enforcement "Autofill Disable" is being ignored by the browser extension
BE-4342: Password filling prompts popping up in some unrelated pages
BE-4354: Saving a record fails after the extension appears to be logged in, even though the user is not logged in.
BE-4362: Prompt to Login is still appearing if it's toggled to OFF
BE-4379: Random lock appearing in brightree.net
BE-4341: Prompting not working on ADP website
BE-3493: TOTP filling not working with new Record Typed records
BE-4426: Improvements to autofill on Apache Guacamole
BE-4383: Header disappears when clicking Back from Edit screen
BE-4349: Form filling search screen does not allow typing space characters.
BE-4363: Form filler dialog shows visually cut off in some cases
BE-4413: Brand new records created on new Vault accounts are not syncing instantly to the extension
Older
Releases notes older than last 10 releases
Older release note content is still available, but anything older than the last 10 updates is placed here.
Browser Extension Version 16.1.1
Released on Dec 8, 2021 to Firefox Store Only
Browser Extension Version 16.1.0
Published on Dec 5, 2021
Bug Fixes
BE-4278: Expiration dates from payment card records not filling properly
BE-4256: Ensure minimum default password strength on "change password" screens is 20 characters.
BE-3920: Remember Email setting does not work
BE-4318: User gets infinite spinner when typing password wrong 2 times
BE-4319: User logged out with "throttle" error after attempting to on/off logout timer
BE-4304: User sometimes logged out from "throttle"
BE-4334: Error when logging into the extension when a URL contains a comma
BE-4335: Form filling issue on turborater.com
BE-4337, BE-4338: Remove old unused code references to resolve flagged vulnerabilities on crxcavator.io (https://crxcavator.io/report/bfogiafebfohielmmehodmfbbebbbpei/16.0.3?platform=Chrome)
BE-4301: Support for new Twitter.com login flows
BE-4291: Autofilling Facebook in German website does not fill
BE-4292: URLs with port numbers in the value are not showing properly on search results
BE-4346: Resolve login issues with Dell.com
BE-4344: Payment cards and addresses are auto-submitting, this should not occur.
BE-4355: BE does not enforce "require re-authentication" enforcement
BE-4301: Support for new Twitter login flow
BE-4314: Payment card filling broken on craigslist
Improvements
Several improvements for 508 compliance: Focus events, Voiceover, Labels and Field Instruction
BE-4332: Improved syncing in environments with thousands of shared records among thousands of users.
Browser Extension Version 16.0.3
Released on Sept 21, 2021
Browser Extension Version 16.0.0
Released on Sep 27, 2021
Features
Updated User interface, added workflow optimizations around filling and viewing sites.
Support for Record Types. Record Types are launching in late Sept across all devices, however it can be activated for customers on a per-request basis. More information on Record Types is available here: https://docs.keeper.io/enterprise-guide/creating-new-record-types
🇺🇸 Support for the Amazon AWS GovCloud environment. Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.
Enhanced 508 Accessibility / Ergonomics support with high contrast themes, larger fonts, better visibility and generally a cleaner layout. Support for screen readers and Keyboard navigation have also been improved.
Our password generator has has its special characters set expanto this set:
!@#$%()+;<>=?[]{}^.,Adding more special character is a balance between generating the most secure password possible, and ensuring the passwords generated do not cause issues on websites, this evolution increases our password entropy.
Bug Fixes
BE-4068: Disable Stay Logged In enforcement not allowing user to turn off the setting.
BE-4138: Better handling of the password strength slider
BE-4141: Master Password re-entry feature broken on enforcement
BE-4139: Auto-submit on Microsoft.com
BE-4085: Logout timer with blank input logs out of the extension
BE-4100: Extension remembers email when Remember Email is Off
Browser Extension Version 15.3.9
Released on August 16, 2021
Browser Extension Version 15.3.8
Released on Aug 9, 2021
Browser Extension Version 15.3.7
Released on Aug 9, 2021. Merged with 15.3.6.
Improvements
BE-4073: Increased the number of special characters to this set:
!@#$%()+;<>=?[]{}^.,BE-3898: Improved the clarity of the account selection when changing a password.
The right-click context menu is now usable on the entire page, not just over form fields.
Bug Fixes
BE-4097: The TOTP code on the browser extension is sometimes different than the Web Vault value.
BE-3995: Better handling of expired Enterprise accounts
BE-3935: Wells Fargo login with Single Click Fill
BE-2107: PNC Bank autofill
BE-3721: ebanking-services.com autofill
BE-3404: ZenQMS autofill
BE-3781: Kaysera autofill
BE-2215: ringcentral.com, sainsburys
BE-4054: Compatibility with sites that use craftcms.com
BE-4060: ESPN.com autofill
BE-3615: Fixed interference with Vimeo .woff files
BE-4083: Display if the user's account is throttled
BE-4095: When there is one username field and 3 password fields, autofill fails
BE-3397: Autofill on AT&T business portal
BE-4065: Autofill on abramscapital.com
BE-4063: Autofill on Staplescopyandprint.ca
BE-4062: Autofill on smart-trial.co
Browser Extension Version 15.3.5
Released on June 25, 2021
Bug Fixes and Improvements
BE-4000: The password generator only allows a maximum of 51 characters (should be 100)
BE-4008: IP Addresses are displayed and linking incorrectly in record view of search results
BE-3916: SSO login to extension generates "update your account settings" error
BE-3742: "Prompt to Update" dialogue disappears too quickly on page redirect
BE-3707: Payment card autofill fails on portal.azure.com
BE-4013: Creating a record at walmart.com registration screen submits the form prematurely
BE-4036, BE-4016, BE-4017, BE-4019, BE-4021: Fill button fails to fill existing record on various sites
BE-4020, BE-4022: Auto Submit fails on various sites
BE-4025: Auto Submit occurs on various registration forms when it shouldn't
BE-4026: The second password fields of various registration forms are not filled when a new record is created
BE-4015: Privacy Screen allowed user to copy password in one particular flow
BE-3998: If user explicitly turned Autofill OFF, don't prompt to turn autofill on anymore.
BE-4002: Improved Password Change detection routine to ensure password is saved even if the user forgets to click Save.
BE-4035: Records are not deleted for the user immediately when the user is removed from a Team.
BE-2358: Fixed auto-submit on Lifelock website
BE-3968: Locked down Content Security Policy embedded within the extension.
BE-4012: Improved synchronization with the Web Vault and backend system for Logout persistence.
Browser Extension Version 15.3.3
Released on May 10, 2021
Bug Fixes & Security Updates
BE-3803: Improved memory management / clearing after logout
BE-3864: Right click menu to create payment card not working
BE-3956: Select-all Ctrl+A appended 'a' to end of the string
BE-3864: Google sign-in screen not prompting to save password
BE-3914: Stay Logged In sometimes not keeping the user logged in
BE-3840: Crowdstrike login interferes with icons
BE-3991: When a user creates a new record from the the password generator, the autofill and autosubmit toggle settings don't save
BE- 3988: Unable to login to extension when Yubikey is activated (Firefox)
Accessibility (508 Compliance)
Keeper has been making UI changes across all web-applications and browser extensions to comply with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d). The Keeper browser extension now supports keyboard navigation and it's compatible with popular screen readers and other assistive technology.
Persistent Search Bar
The vault search bar is always visible, and the search logic matches the Web Vault and Desktop App algorithm exactly. Therefore, the same search can be applied in both platforms. Users can search for a website login or any other piece of other information stored in their Keeper vault by simply opening the extension and entering their search criteria. The search feature is case insensitive and will match any record within your vault as you type, even partial words. The search results can also be sorted by name and date.
Password Generator
Keeper's password generator is now within easy reach in the extension toolbar landing screen. Users can generate and copy the secure password or use it to create a new record directly from the main screen.
Matching Records
The new "Matching Records" screen will now appear in the extension toolbar window.
Clicking the copy icon next to a record gives you the option to quickly copy the username and password or you can autofill the record by clicking the fill button. If there are many record matches, users can enter search terms to narrow down the results and even sort them by name or date.
Autofill & Auto Submit Setting at the Record-Level
The Autofill and Auto Submit settings can be enabled or disabled for individual records from both the extension toolbar and fill window.
Important Notes:
This setting will override the global Auto Submit setting.
If you have multiple records that match the same website, Keeper will not auto-fill and you will be prompted to select the record to fill. When there are multiple matches to a domain, you must click "Fill" to prevent undesirable behavior.
Search for Matching Records by Domain
From the on-page fill window, users can filter on all records matching the current site's domain name. This is helpful for sites with many stored records.
Browser Extension Version 15.3.0
Release ETA May 5, 2021 on Firefox, Chrome, Edge Browsers.
Bug Fixes & Security Updates
BE-3803: Improved memory management / clearing after logout
BE-3864: Right click menu to create payment card not working
BE-3956: Select-all Ctrl+A appended 'a' to end of the string
BE-3864: Google sign-in screen not prompting to save password
BE-3914: Stay Logged In sometimes not keeping the user logged in
BE-3840: Crowdstrike login interferes with icons
Accessibility (508 Compliance)
Keeper has been making UI changes across all web-applications and browser extensions to comply with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d). The Keeper browser extension now supports keyboard navigation and it's compatible with popular screen readers and other assistive technology.
Persistent Search Bar
The vault search bar is always visible, and the search logic matches the Web Vault and Desktop App algorithm exactly. Therefore, the same search can be applied in both platforms. Users can search for a website login or any other piece of other information stored in their Keeper vault by simply opening the extension and entering their search criteria. The search feature is case insensitive and will match any record within your vault as you type, even partial words. The search results can also be sorted by name and date.
Password Generator
Keeper's password generator is now within easy reach in the extension toolbar landing screen. Users can generate and copy the secure password or use it to create a new record directly from the main screen.
Matching Records
The new "Matching Records" screen will now appear in the extension toolbar window.
Clicking the copy icon next to a record gives you the option to quickly copy the username and password or you can autofill the record by clicking the fill button. If there are many record matches, users can enter search terms to narrow down the results and even sort them by name or date.
Autofill & Auto Submit Setting at the Record-Level
The Autofill and Auto Submit settings can be enabled or disabled for individual records from both the extension toolbar and fill window.
Important Notes:
This setting will override the global Auto Submit setting.
If you have multiple records that match the same website, Keeper will not auto-fill and you will be prompted to select the record to fill. When there are multiple matches to a domain, you must click "Fill" to prevent undesirable behavior.
Search for Matching Records by Domain
From the on-page fill window, users can filter on all records matching the current site's domain name. This is helpful for sites with many stored records.
Browser Extension Version 15.1.4
Released April 2, 2021
Browser Extension Version 15.1.2
Release ETA March 19, 2021
Improvements
BE-3897: Support for HTTP fill enforcement in the Admin Console. Disabling this enforcement removes the HTTP fill warning from the browser extension prompts.
Bug Fixes
BE-3917: The "Stay logged In" feature fails when a user closes out of their browser. Affected certain SSO Cloud users.
BE-3909: Custom field matching fails when a record's "Website Address" field is left blank
BE-3889: Clicking on a row within a list of matching records fails to expand/collapse the row
BE-3773: The extension's search field should clear upon returning to it when the user begins typing
Browser Extension Version 15.1.0
Released March 6, 2021 and rolling out over a few days
Improvements
Multiple: "Stay Logged In" improvements to prevent edge cases where the extension logs out
BE-3822: Added capability for Browser Extension to perform Vault Transfer acceptance
BE-3787: Improved the performance of Firefox when Keeper is running
BE-1873: Improved performance with Dynamics 365
BE-2008: Improved performance with Microsoft Sharepoint
BE-2508: Improved performance with Gitbook.com
BE-2630: Improved performance with eSource
BE-3506: Additional support for Role Policy enforcements in the KeeperFill section of the Admin Console / Role Policy / Enforcements section.
Bug Fixes
BE-3820: Improved handling of Web socket disconnections (Syncing is broken until logout/login)
BE-3815: Back button freezes the extension in certain paths
BE-3787: Slow performance on Firefox
BE-3808: If Web Vault access is restricted, don't auto-login the user to the Web Vault.
BE-3040: Copy of masked custom field / masked note from search results
BE-3267: Country list with Samoa listed in the wrong location
BE-3331: Certain letters chopped off in the country name list
BE-3335: Extension closes the vault after logging in with Yubikey
BE-3637: Error message appears when trying to login to US data center after having logged into the EU data center with an SSO account.
BE-3651: Login sequentially to accounts on both US and EU region causes the extension to be confused
Browser Extension Version 15.0.5
Estimated Release Date February 5, 2021
Improvements
BE-3506: Implemented KeeperFill role enforcement policy that enforces all settings/features of the Browser Extension
Bug Fixes
BE-3637: Error message appears when logging into US SSO after been logged into EU SSO
BE-3378: Logging into EU SSO Vault fails to simultaneously log user into browser extension
BE-3335: Extension closes Vault after logging in with Yubikey 2FA
BE-3113: Character length doesn't update when user clicks on dice icon in record view
BE-3040: Copying masked note or custom field copies the wrong values
BE-3020: Password strength indicator doesn't work as expected
BE-3014: Fill button is not active when user attempts to fill password from browser extension
BE-3685: Character checkboxes don't function as expected
BE-3710: Users are unable to save Vault records with v15 extension on Beta Edge on Linux
BE-3699: Infinite spinner appears after user sets up DUO for US SSO Cloud account
BE-3389: Denying DUO push doesn't close DUO screen
BE-3736: Record match doesn't appear at corresponding website when the site's URL is entered in the custom field
BE-3734: Error message persists after user attempts to save record after filling out the password field
BE-3738: User experiences infinite loop at dropbox.com/dropins/login
BE-3794: Custom field matching doesn't work with subdomains
BE-3811: RSA 2FA method doesn't allow alphanumeric codes
BE-1873: Chrome browser extension causes errors on Dynamics 365 CRM tool
BE-3815: User receives an infinite spinner after clicking back button on device approval
Browser Extension Version 15.0.4
Estimated Release Date: December 23, 2020
Browser Extension Version 15.0.3
Estimated Release Date December 16, 2020
Browser Extension Version 15.0.2
Released on December 10, 2020
Special Notes
Keeper now prompts for 2FA **before** Master Password. This is part of our new Login V3 security protocol.
We have 2 extensions in the store, version 14 and version 15.
Please ensure that you only have one Keeper browser extension installed. Do not install both v14 and v15 on the same browser or you'll run into issues.
Improvements
BE-3362: This release includes the addition of a session persistence setting, "Stay Logged In". The purpose of this setting if enabled, allows the user to resume their session based on their "Logout Timer" value, regardless of exiting the application, restarting their computer, etc... This feature can be restricted by the Keeper Admin via Role Policy.
BE-3680: Support for multiple monitors
BE-2334: A new event is created to track when a user selects the "copy" button for a password from the record detail screen
BE-3650: The password generator character limit has increased from 50 to 100 characters
Bug Fixes
BE-3680: Users with multiple monitors experience visual issues when entering their Master Password and selecting browser extension buttons and switches
BE-3640: Auto-logout fails to clear old timer setting
BE-3439: Edit option is not available when email field is pre-filled in login screen
BE-3375: User receives incorrect error message when the email address field is left empty upon attempted login
BE-3364: Filling of custom field values fails on special character regex
BE-3349: Disabling KeeperFill for specific website fails to prevent form filling from extension toolbar
BE-3347: Device restriction error dialogue offers user incorrect "Forgot Password?" action
BE-3345: Warning message is missing when an Enterprise user attempts to change timer with a logout timer enforcement policy present
BE-3337: Create Record form fails to reset after creating and saving a new record in the form filler
BE-3336: Error message fails to appear when a user leaves the 2FA code field empty upon attempted login
BE-3626: Expected behavior fixes for various vault and browser extension interactions for "Stay Logged In" setting
BE-1851: New user unable to dynamically provision via SSO Connect
BE-3645: Auto-submit fails from search field for various sites
BE-3658: A user is prompted twice for their Master Password when certain conditions are met
BE-3659: User is unable to open their vault from browser extension toolbar at first attempt (FirefoxESR)
BE-3389: DUO push prompt persists after user selects "Deny" button
BE-3344: DUO accounts fail to send a new code when user selects "Resend Code"
BE-3669: Empty records, payment cards and addresses appear editable to the user
BE-3667: A user re-authentication is triggered in attempt to create a new record
BE-2913: Change password action by user fails to trigger change password event
BE-3610: Keeper Push acceptance is not reflected in both windows upon SSO Cloud user login
BE-3676: Keeper Push device approval fails for SSO cloud account that has 2FA (SMS) enabled
Post a Review
Since v15 is a new store listing, we would appreciate if you posted a rating and review.
Browser Extension Version 15.0.1
Release ETA November 11, 2020
v15 Installation Note
The Keeper Browser Extension supporting SSO Connect Cloud is available as a new download from the respective app store on Chrome, Firefox and Microsoft Edge.
New extension v15 is required for SSO Connect Cloud customers
Both v14 and v15 will be maintained during the first phase of deployment
Migration from v14 to v15 is planned for November
🖥️ BETA LINK: https://chrome.google.com/webstore/detail/hlkdkmefjphnecdoiaajhndjmkpkhifo?authuser=1&hl=en
Please ensure only one extension is running at a time. Having multiple Keeper extensions will cause conflicts and errors.
Send any issues to feedback@keepersecurity.com
Bug Fixes
(Multiple Tickets) login scenarios improved for Cloud SSO user authentication in US and EU regions.
BE-3593: Filling from Search doesn't work
BE-3577: Add additional protections to prevent auto-submit loops
BE-3681: Error "This object no longer exists"
BE-3611: Admin device approval fails for Cloud SSO user with the Account Transfer enforcement policy enabled
BE-3605: Logging into the Web Vault fails to automatically log user into the browser extension when 2FA is enabled (extension v15)
BE- 3606: User unable to login with Cloud SSO after switching between accounts
BE-3603: Upgrading Firefox browser extension from version 14.4.0 to 15.0.0 causes several extension settings to reset
BE-3601: Autofill fails when "Require Re-Authentication" enforcement policies are enabled
BE-3604: Duo push doesn't work from first attempt on a new install
BE-2830: Login on redbox.com
BE-3618: Login on disneymovieinsiders.com
Improvements
BE-3677: Right-click menu show more than 5 credit cards
Browser Extension Version 15.0.0
Released October 1, 2020
v15 Installation Note
Keeper Browser Extension supporting SSO Connect Cloud is available as a separate install from the respective app store on Chrome, Firefox and Microsoft Edge. Chrome: https://chrome.google.com/webstore/detail/kbedblbpfmeicfpadihimgombbafaeeh?authuser=1&hl=en Edge: https://microsoftedge.microsoft.com/addons/detail/keeper%C2%AE-password-manager-/mpfckamfocjknfipmpjdkkebpnieooca?hl=en-US Firefox: https://addons.mozilla.org/en-US/firefox/addon/keeper-password-manager/
Please note the following:
New extension v15 is required for SSO Connect Cloud customers
Do not run v14 and v15 extensions at the same time
Both v14 and v15 will be maintained during the first phase of deployment
Migration from v14 to v15 is planned for November
Browser Extension Version 14.2.2
Released August 25, 2020
Bug Fixes
Fixed: The logout timer switch is not defaulting properly when enforced.
Fixed: User receives "Decryption Error" message when attempting to login with SSO Master Password rather than their enterprise domain.
Fixed: After user checks "Don't Ask Again" box, prompt to login to the extension still persists after browser restart.
Browser Extension Version 14.2.1
Released August 22, 2020
Bug Fixes
Fixed: If a record's "Website Address" field is empty, no record matches are presented to the user based on domains that are entered in the custom field values.
Fixed: Following a user's search for a record in the extension toolbar, the "Fill Record" button doesn't work.
Fixed: Various alignment and design inconsistencies.
Browser Extension Version 14.2.0
Released August 20, 2020
Features & Enhancements
New Browser Extension User Interface - This release introduces major improvements to our existing KeeperFill Browser Extension UI. The changes include a complete overhaul of the existing design elements featuring a cleaner, more intuitive user interface. Users can expect increased accessibility to Keeper's tools and features directly from the browser extension, resulting in a streamlined workflow and efficient browser extension usability. In addition to significant visual enhancements, there are a number of noteworthy features that are introduced in this extensive update, including:
Record Creation and Editing
Users now have the ability to create new records and edit existing records directly from the browser extension toolbar.
Autofill Preferences
If there is more than one matching record for a site, users can designate which record Keeper will autofill moving forward or simply opt-out of the autofill feature for that single site entirely.
Filter Record Matches
From a site's login field, users can search within the various matching records to locate and fill the desired login credentials. It is important to note the key factors (in order) that determine record matches:
A email address match that is present on the login page
The website subdomain and domain of the Keeper record URL (e.g. xyz.microsoft.com will first match xyz.microsoft.com and second, microsoft.com)
The website path (e.g. /some/path/to/file)
When a record was last filled or edited
Simpler Settings
Users can expect simpler, more intuitive navigation of Keeper's dynamic browser extension settings; including the addition of font size adjustability and easier access to the logout timer. The familiar settings users have come to know such as themes, hover locks, auto-submit and match on subdomain still remain within the Settings menu.
Search Bar Improvements
This update presents a larger, more accessible search bar for improved usability as well as a significantly faster search experience.
Record Favorites Accessibility
Users can quickly view and search their record "Favorites" containing the most frequently visited sites directly from the browser extension toolbar.
Browser Extension Version 14.1.2
Released June 1, 2020
Browser Extension Version 14.1.1
Released May 20, 2020
Bug Fixes
Fixed: A communication key is generated when a user attempts to login to their vault from the browser extension.
Fixed: Browser extension does not offer "Remember for 30 Days" option when only DUO push is available for 2FA method.
Fixed: Various issues causing site slowdowns.
Fixed: Email field in the extension login screen fails to clear after user clicks "Add Account".
Browser Extension Version 14.1.0
Released May 5, 2020
Features & Enhancements
Master Password Re-entry Enforcement - This role enforcement allows Admins to further enhance their security policies by requiring users to re-enter their Master Password in order to unmask or copy a password. Once unmasked, the password will be re-masked after 30 seconds have passed.
Support for Duo Push with SSO Login - Duo Push authentication is now supported for users who login to the Keeper browser extension using SSO.
Bug Fixes
Fixed: The search function fails to display any results.
Fixed: The Master Password login prompt appears in the Keeper browser extension after logging in and out the Vault with SSO.
Fixed: The autofill feature fills both the first name and city fields of an address form with the user's first name.
Browser Extension Version 14.0.6
Released March 26, 2020
Features & Benefits
KeeperFill Browser Extension Role Enforcement Update - Administrators now have the ability to prevent their users from enabling the Auto Submit and Prompt to Fill features in the KeeperFill Browser Extension.
Bug Fixes
Fixed: TOTP code (Time-based One-time Password) is failing to autofill at first login attempt to Facebook, requiring the user to manually enter the code and enable "Remember Browser" setting.
Fixed: Both Auto Submit and autofilling of TOTP codes are not working when logging into Snap Chat.
Fixed: Record favorites from the vault are not appearing in the "Favorites" section of the browser extension.
Fixed: When logging into their web vault, users are not automatically logged into the browser extension as expected. (Chromium Edge).
Fixed: Various sites are missing Keeper locks and do not allow the user to fill their credentials using the right-click context menu.
Browser Extension Version 14.0.5
Released March 23, 2020
Bug Fixes
Fixed: Auto submit fails when logging into Instagram when TOTP (time-based one-time password) is enabled.
Fixed: Infinite loop occurs when autofilling an Instagram record containing an authenticator app's 2FA code (two-factor authentication).
Fixed: The Firefox browser console is unnecessarily flooded with "Error on Firefox" messages (MacOS)
Browser Extension Version 14.0.2
Released February 19, 2020
Bug Fixes
Fixed: 2FA codes upon submission are not stored properly in memory and instead are saved to custom fields.
Fixed: "Undefined" appears in the domain field of the extension toolbar following a user logging in and out of an Enterprise domain through the browser extension.
Fixed: SSO accounts with alternate passwords are presenting decryption errors.
Fixed: The "Country" field in address records, is defaulting to the United States when left blank in the Web Vault and then accessed through the browser extension (Chrome).
Fixed: Various website specific autofill issues.
Browser Extension Version 14.0.0
Released January 9, 2020
Features & Enhancements
New Login API - This version introduces move to the new Restless Server API.
Bug Fixes
Fixed: Enterprise users that have created Generated Password Complexity Rules (by domain) force every domain, including those not listed in the enforcement, to use these rules when creating records.
Fixed: An issue causing EU SSO redirect to not function as expected.
Fixed: Users with EU account are unable to login through the browser extension; receive "region_redirect" error message.
Fixed: Logging into the browser extension does not simultaneously log user into their Vault (Edge).
Fixed: "Add Account" button in the toolbar extension window redirects users to the registration page rather than the login page.
Fixed: An issue related to the extension's change password feature at the Salesforce site. The form fields do not appear activated when password feature inputs both password and TOTP entries.
Fixed: User unable to uncheck "Remember Email" box at login screen.
Fixed: An infinite spinner appears when user attempts to login with an expired trial account.
Browser Extension Version 14.0
Pre-release notes for the upcoming Keeper Browser Extension v14.0
Features & Benefits
Offline Mode The Browser Extension will support full Offline Mode capability to align with the Keeper Web Vault offline mode. Offline mode will be enforced by the Keeper Administrator on Enterprise accounts via role enforcement policies.
Security Updates
Integration with new Keeper Backend API The Keeper v14 API platform supports an enhanced level of encryption utilizing encrypted Protocol Buffers instead of JSON. The Keeper Web Vault, Desktop App, iOS, Android and Safari extensions have already migrated to the v14 API.
Bug Fixes
Autofill improvements on a variety of customer-reported sites
Payment card filling improvements
Release Date
The estimated release date is August 1, 2019.
Browser Extension Version 12.6.4
Released December 17, 2019
Features & Benefits
Forced Reload Updates Vault Version - The extension now identifies when the user's Vault is out-of-date and initiates a hard reload to update it to the latest version.
Bug Fixes:
Fixed: An infinite spinner appears in Enterprise accounts with an expired master password when user clicks on "Web Vault".
Fixed: When a user logs into their Vault and installs the extension, the onInstall login to extension does not work.
Fixed : An issue causing the extension to open two tabs upon use of the "Fill from Vault" button (Firefox and Edge).
Browser Extension Version 12.6.0
Released on December 17, 2019
Enhancements & Benefits
Match on Subdomain - This release introduces a new setting that enables the in-page extension to recognize and differentiate a record's subdomain from its domain.
Only records that match the subdomain of the page visited will be populated into the in-page extension window upon log in.
Alternatively, if no records exist for the subdomain of the page visited but they do for the domain, the in-page extension window will populate all of the existing records containing that domain.
Keyboard Shortcut to Browser Extension Toolbar + Automatic Search Upon Typing - This feature further streamlines the ability to quickly open the browser extension as well as automate the use of the search bar upon typing, essentially eliminating the need for mouse clicks.
Command+Shift+k (for Mac OS) and Alt+k (for Windows) will automatically open the browser extension toolbar.
Once the browser extension is open, the user can simply begin typing their search terms using the up and down arrows on their keyboard to easily navigate to the desired record. The highlighted record can then be autofilled by pressing the enter key.
Launch Button Triggers Automatic Fill and Login - A new enhancement to the "Launch" button within the Vault with one click, automatically takes the user to the site, autofills their credentials, and logs them in a matter of a few seconds.
Bug Fixes
Fixed dozens of reported website autofill issues
Browser Extension Version 12.5.8
Released on October 11, 2019
Bug Fixes
Fixed: Firefox SSO users with 2FA unable to login.
Fixed: Performance issues when extension is active on complex CRM and Chat applications
Fixed: Inconsistent issue with sorting matching records within the same subdomain
Fixed: Extension errors when using Firefox ESR 60.9
Fixed: Right-click menu can still be used when the domain is restricted by the Enterprise "KeeperFill" enforcement policy.
Browser Extension Version 12.5.7
Released on October 2, 2019
Browser Extension Version 12.5.6
Released on September 30, 2019. Full rollout after 24 hours.
This is a feature update, bug fix and security update for the Keeper browser extension on Chrome, Firefox and Edge browsers.
Features & Benefits
Changed default password generator length to 20 characters
Improved filling for sites that separate login and password on different screens (Google, IBM Cloud, etc...)
Improved several sites for two-factor code filling (Amazon AWS, Rackspace, Dropbox, several others)
Bug Fixes
Fixed: Sites that override iFrame styles (datto.com)
Fixed: Zendesk.com login
Fixed: caremark.com
Fixed: Pasting a Password string into an edited record not functioning consistently
Fixed: Removed locks appearing on buttons (Okta.com)
Security Updates
Security Update 1: UI Clickjacking on partially visible form To prevent malicious websites from performing "clickjacking" attacks against the Keeper extension on partially visible forms (specifically the payment card and address info), we have added additional protections. Users are now prompted to confirm their intention to load payment card and address details. The methods used to load information are blocked until such time that the user approves the action. If the user has a login/password saved for the website previously, the user will not be prompted for the additional confirmation.
Special thanks to the security researcher who submitted the report to Keeper's security team via the Bugcrowd Bug Bounty program.
Security Update 2: Renderer compromise scenario
Chrome's "Site Isolation" protects users against attackers who have an ability to compromise renderer process. This means that an attacker who can run arbitrary code inside renderer process can't steal information from other sites. In the remote case that an attacker has successfully compromised the Chrome web browser and defeated the "Site Isolation" capabilities of Chrome, additional protections can be put in place to ensure that the Keeper extension cannot also be compromised by sending arbitrary messages to the Keeper background process. A link to a discussion on this topic can be found here: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-extensions/0ei-UCHNm34 Although an attacker would need to first defeat Chrome's site isolation, the Chrome team and a prominent security researcher now recommends that all browser extension developers implement the necessary changes. To resolve this potential issue, Keeper now performs additional message checks to ensure the originator of the message, even in the case of a compromised Chrome browser. Special thanks to the security researcher who submitted the report to Keeper's security team via the Bugcrowd Bug Bounty program. For more information about the Keeper Security Bug Bounty Program or to submit a bug, please visit: https://bugcrowd.com/keepersecurity
Browser Extension Version 12.5.2
Released on August 29th, 2019
Enhancements & Benefits
This release encompasses new two-factor authentication functionality and a feature improvement along with bug fixes. Below you can find the summary of these items and their benefits.
Two-factor Authentication - This release adds new two-factor authentication functionality to our existing list of capabilities. The new method using TOTP (Time-based One-time Password) adds
tokens to records which are unique time-based multi-digit codes commonly used by websites and apps for two factor authentication and makes the capability available across the Chrome Web Store, Mozilla Add-ons and Windows Store. TOTP covers the following functionality:
Protects Two-Factor Codes in an encrypted vault record
Prevents lost access to a Two-Factor Code due to continuous backup
Synchronize Two-Factor Codes to multiple devices and computers
Sharing of Two-Factor Code among individual users & teams
Autofill Two-Factor Codes on most browsers
Emergency Access to your vault
Account Transfer of a user’s vault with Two-Factor codes to admin when off-boarding
Free trial users are restricted to 2 TOTP-enabled records
Changing a "Password Attach Save" to "Submit Button" - This feature improvement allows for the save password button to be attached to the save button in the confirmation screen as well as the submit button on the change password form of the site. This allows the user to skip the confirmation screen going forward.
Bug Fixes:
Fix for Autofill issue filling out the UN/Pass on the wrong url
Fix for an issue which caused password changes to save the 2 FA to be saved as a custom field
Fix for clickjacking vulnerability
A multitude of record "lock" issues
Adding auto-submit restrictions from vault
A fix for a bug which caused custom field changes to not be published on incremental syncs
Browser Extension Version 12.5.1
Released to BETA on August 16, 2019. Production ETA Aug 20, 2019.
Browser Extension Version 12.5.0
Released on August 6, 2019
This is a bug fix release to address several site-specific Autofill issues. Chrome, Firefox and Edge browsers have been released. Safari will release with the next Desktop application update.
KeeperFill was removing some form elements of certain sites. The reason this was happening is because certain websites liked to inject an "eyeball" element to allow users to see the password that they were typing in. We attempted to control this by removing the feature of the target website, but unfortunately it caused issues with certain sites. This has been reverted and we have addressed the issue.
Resolved performance issues that affected the BlackBoard university systems.
Improved Fill issues on dozens of reported websites
Created Backend support for upcoming TOTP field types release
Browser Extension Version 12.4.1
Security Update to Keeper Browser Extension published on July 20, 2019.
Background
This update addresses a potential security vulnerability on the Keeper Browser Extension version 12.4.0. Within three hours of receiving the security researcher’s vulnerability report, Keeper Security’s development and security team released a new version of the Keeper Browser Extension to eliminate the risk associated with the reported vulnerability. The version number for Chrome and Firefox is 12.4.1. Version 12.4.0 has been blocked and is no longer available for use. Version 12.4.1 is now live on Chrome and Firefox app stores.
For the exploit to be realized, a sequence of conditions would be required which in turn, would impact the Keeper Browser Extension. No customer reported being affected by this issue.
Special thanks to Jun Kokatsu for the discovery and documentation of this issue.
Reporting Sequence
The security researcher’s findings were reported via Keeper's Bugcrowd Public Vulnerability Disclosure Program today, marked on July 20, 2019 at 3:50AM PST. Discussions between Keeper’s Security Team and the security researcher occurred within three hours of receiving the researcher’s report. The issues disclosed in the report were accepted, validated and submitted for publication to the app stores, within five hours of receipt.
Summarized Findings in the Security Researcher’s Report
The security researcher reported that a user’s stored data could be read by a malicious website utilizing a cross-site scripting attack against the browser extension code.
Keeper’s Security Team’s Response
In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist:
The user must visit a malicious website using version 12.4.0 of the Keeper Browser extension released between July 19, 2019 at 7PM PST and July 20, 2019 9:35AM PST on Chrome or Firefox.
The Keeper user would require a password stored in their Keeper Vault for xyz.com.
The malicious website would then request the password and associated data stored for the size xyz.com upon visiting the malicious website.
How to Update
The Keeper Browser Extension will auto-update from Chrome Web Store and Firefox Add-ons. The old extension version 12.4.0 which was released approximately 12 hours earlier has been disabled.
We appreciate the detailed report, reproduction steps and supporting documentation provided by the security researcher, Jun Kokatsu.
All security and vulnerability reports are managed and submitted to Keeper's Bugcrowd Public Vulnerability Disclosure program at:
Browser Extension Version 12.4.0
Released on July 19, 2019
This is a major feature and bug fix release for the Chrome, Firefox, Edge and Safari browser extensions. This release has been published on Chrome and Firefox as of July 19, 2019. Microsoft Edge and Safari will be live as soon as they are approved by the App Store, ETA July 21, 2019.
Features & Benefits
Only show Lock Icon on Login and Registration Forms Feedback from customers is that the "Lock Icon" is showing on too many fields in websites and applications. With this update, the lock icons will only show on Login and Registration form fields. If accessing the extension is required on a field in which Keeper is not showing the lock, you can simply use the new right-click menu.
Location of Popups Based on customer feedback, we have moved the "Prompt to Save", "Prompt to Fill", "Prompt to Change" and "Prompt to Login" dialogs to the top right section of the web browser window, instead of obstructing the view over the login form. You can customize the location and animation that is used when displaying the popup screens. Visit the Settings -> Prompt Appearance screen.
Right-Click Menu You can now access many different and useful filling functions from the new Right-Click Menu. Fill logins, payment cards, addresses, and create new passwords with just one click.
Credit Card and Identity Info can now be filled on sites without the restriction of requiring a password stored for that site.
Bug Fixes
Autofill issues on several reported sites
Locks appearing in non-login forms
Improvements to the Admin Console enforcement policy to disable KeeperFill on specific sites/domains
Improved checks to prevent ability to fill a password into a non-password field
Record moved into a shared folder not recognized by extension until logout/login
Creating new address or payment record not appearing immediately
Browser Extension Version 12.3.7
Released on July 12, 2019
Security Updates to Keeper Browser Extension
Background
This update addresses two reported potential security vulnerabilities affecting websites that have installed an IFrame from a malicious source. For the exploit to be realized, a sequence of conditions would be required which in turn, would impact the Keeper Browser Extension. No customer has reported being affected by this issue. Despite the fact that this is an extremely rare and improbable situation, Keeper takes all reported bugs seriously.
Within five hours of receiving the security researcher’s vulnerability report, Keeper Security’s development and security team released a new version of the Keeper Browser Extension to eliminate the risk associated with the reported vulnerabilities. The Keeper Browser Extension has been submitted to the app stores for publication. The version number for Chrome, Firefox and Edge is 12.3.7. The Safari version is 14.0.4.
Special thanks to Alesandro Ortiz for the discovery and documentation of this issue.
Reporting Sequence
The security researcher’s findings were reported via Keeper's Bugcrowd Public Vulnerability Disclosure Program today, marked on July 12, 2019 at 2:51 PM PST and 2:53PM PST. Discussions between Keeper’s Security Team and the security researcher occurred within one hour of receiving the researcher’s report. The issues disclosed in the report were accepted, validated and submitted for publication to the app stores, within five hours of receipt.
Summarized Findings in the Security Researcher’s Report
1. Autofill in a sandboxed, untrusted, malicious IFrame
The security researcher reported that a user’s website login credentials could potentially be autofilled into a website containing a malicious sandboxed IFrame to capture the user’s login credentials for that specific site.
Keeper’s Security Team’s Response:
In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist:
The website owner / developer (e.g. xyz.com) must explicitly embed a malicious iFrame into their website’s HTML served from the same origin or another domain origin with "sandbox" property set that contains a login form.
The Keeper user would require a password stored in their Keeper Vault for xyz.com.
The Keeper user would need to visit the subject website, xyz.com.
The Keeper user would need to enable Autofill for the subject website, xyz.com, if prompted by the user's Keeper software. If the user previously clicked "Yes" on the Autofill prompt for site xyz.com, the user would not be prompted again.
Keeper then fills the password for the saved xyz.com site into the malicious iFrame which contains the sandbox property.
2. Autofill in untrusted malicious IFrame from different domain
The security researcher reported that a user’s website login credentials could potentially be autofilled into a website containing a malicious IFrame, served from a different domain, to capture the user’s login credentials for that specific site.
In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist:
The website owner / developer (e.g. xyz.com) must explicitly embed a malicious IFrame into their website's HTML served from an untrusted origin (e.g. somesite.com) that contains a login form, or the website owner has embedded a 3rd party library from an untrusted origin which injects a malicious IFrame.
The Keeper user would require a password stored in their Keeper Vault for xyz.com.
The Keeper user would need to visit the subject website, xyz.com.
The Keeper user would need to enable Autofill for the subject website, xyz.com, if prompted by the user's Keeper software. If the user previously clicked "Yes" on the Autofill prompt for site xyz.com, the user would not be prompted again.
Keeper then fills the password for the saved xyz.com site into the malicious IFrame served from a different domain.
It would be extremely unlikely and unusual for a website owner to purposely inject an untrusted IFrame into their page source from a different origin. Despite this, Keeper Security’s development team made the security improvements to its browser extension to prevent an autofill operation under the two reported scenarios.
How to Update
The Keeper Browser Extension will auto-update from each respective app store (i.e. Mac Store, Chrome Web Store, Firefox Add-ons and Microsoft Edge Store).
We appreciate the detailed report, reproduction steps and supporting documentation provided by the security researcher, Alesandro Ortiz. If you have any questions regarding this update please email security@keepersecurity.com. Alesandro's website is https://AlesandroOrtiz.com.
All security and vulnerability reports are managed and submitted to Keeper's Bugcrowd Public Vulnerability Disclosure program at:
https://bugcrowd.com/keepersecurity
Browser Extension Version 12.3.5
Released April 30, 2019
Browser Extension Version 12.3.4
Released April 22, 2019
Features & Benefits
When creating a new account on a website, we made an improvement to simplify the user flow if the username or password is rejected at the target site.
Bug Fixes
ADFS SSO Login improvements
Don't Ask Again prompt not behaving to user expectation
Ability to edit a password without unmasking
Other site-specific issues
Browser Extension Version 12.3.1
Releasing Chrome, Firefox, Opera and Edge on February 28, 2019. Note: Safari extensions are not available for update until version 14.0.0 which is deployed via the new Mac App Store.
Enhancements & Benefits
Subdomain matching and sorting improvements. The sorting of records offered by the KeeperFill on-page login screen will prioritize the subdomain first, followed by the root domain matches. Within each subdomain, the results are sorted by date of last login.
Custom Field matching on website label form field is improved
Account Switching feature implemented for faster selection of previously used accounts
Support for upcoming Password Complexity role enforcement policy on Admin Console
Support Website Address matching on any custom field values
Bug Fixes
"Do not ask again" is not turning off Prompt to Login
Change Password "Yes" button on Firefox not working
KeeperFill not prompting immediately upon login
Firefox timing related bug fixes
Firefox issue with various websites reported by customers
Improved login to ConnectWise applications
Locks showing on some Date Pickers
Autofill not working for some Russian sites
Locks not showing on staples.com
Ignore email sign-up forms
Fix login for schwab.com
Fix auto-filling of multiple fields on registration forms
Turn off the Browser Extension on the Keeper Admin Console screen
Known Limitations (Mac/Safari Users Only)
Apple has implemented a major architecture change in Mac OS Mojave and Safari 12 in regards to browser extensions. In the past, the KeeperFill browser extension for Safari has shared a common development platform with Chrome, Firefox, Opera and Edge browsers. Apple now requires developers to publish browser extensions in the Mac App Store using a platform that is unique to the Mac OS ecosystem. We are currently creating a new version of KeeperFill for Safari 12 and Mojave that complies with our strict security requirements. We plan to publish the new Keeper Safari 12 soon. If you haven't updated to Mojave yet, we recommend waiting until the new KeeperFill extension is released. If you have already updated and are no longer able to use KeeperFill, you may use KeeperFill on Chrome, Firefox or Opera browsers until our new Safari extension is published.
Coming Soon
Browser Extension Release 14.0.0 adds support for the Mac App Store
Browser Extension Version 12.3.0
Major update to Browser Extensions for Chrome, Firefox, Edge, Opera.
Note: Safari extensions are not available for update until version 14.0.0 which is deployed via the new Mac App Store.
Enhancements & Benefits
Improved overall user flow for performing "Change Password" on a website
Over 50 site-related bug fixes
Full support for Admin Console v13.1 role enforcement policies
Added "Prompt to Disable" feature
Show On/Off indicator on the status of each prompting feature
Hiding custom fields when masking is enabled
Known Limitations (Mac/Safari Users Only)
Apple has implemented a major architecture change in Mac OS Mojave and Safari 12 in regards to browser extensions. In the past, the KeeperFill browser extension for Safari has shared a common development platform with Chrome, Firefox, Opera and Edge browsers. Apple now requires developers to publish browser extensions in the Mac App Store using a platform that is unique to the Mac OS ecosystem. We are currently creating a new version of KeeperFill for Safari 12 and Mojave that complies with our strict security requirements. We plan to publish the new Keeper Safari 12 extension this month. If you haven't updated to Mojave yet, we recommend waiting until the new KeeperFill extension is released. If you have already updated and are no longer able to use KeeperFill, you may use KeeperFill on Chrome, Firefox or Opera browsers until our new Safari extension is published.
Bug Fixes
Sites with many input fields freeze the Edge browser
French website fixes with AutoFill
Duo Security issues in Edge browser
Custom field filling in subsequent pages
Amazon credit card filling
Coming Soon
Browser Extension Release 12.3.1 adds support for improved subdomain filtering
Browser Extension Version 12.2.7
Release date: December 10, 2018
Enhancements & Benefits
Over 40 bug fixes
Select and fill proper record when launching from desktop or web vault
Mask passwords in Edit/New mode
Additional "equivalent domains" added
Localization / translation fixes
Enabled KeeperFill within the Keeper Admin Console
Known Limitations
Full support for v13.1 Admin Console role enforcements are not completed.
Bug Fixes
Firefox BE is auto logging user after 5 minutes
Intralinks site prompts wrong message
Adding a char to notes and deleting it makes prompt freeze
Last record used not being saved for subdomain
Create a new record after editing a record doesn't generate new password
Prompt to Save leaves behind artifact on the screen
Cannot Save Address Edits
Can't create a new record if there's an existing record with the "disable edit" enforcement
Stripe payment widget not working with KeeperFill
Payment fill and new account registration fill on Shopify sites
Amazon.com loops at logout with auto submit
YubiKey issues
Missing Translations (Addresses, Set to Default)
UATP credit card type not being validated
Icon in the Windows store is missing
Google Sheets lock appears in input for conditional formatting
Paypal doesn't bring up prompt only in Safari browser
Autosubmit Not Working on United.com
Digital River e-commerce checkout page doesn't fill credit card
myclientline.net login form
CVC eyeball toggle not working
Password Strength Bar Not Showing Color
Check and X buttons for edit mode do not disappear after edit restriction error message
Twitter change password not working
Adobe account payment screen
Payment card doesn't work on Calendly.com
Credit card filling on Pagerduty.com
Credit card filling on Github.com
Credit card fill doesn't work on JIRA
Credit card filling on Monitis.com
Indeed.com credit card filling doesn't work
Restore Default Settings doesn't default logout timer
Save new password for an existing record does not open vault to view
Southwest.com Payment Fill
GitHub password reset not filling both fields
Console Popup issue
Coming Soon
Browser Extension Release 12.3.0 contains a new user experience for "Change Password" flows to address all non-standard websites. In addition, we are completing all role enforcement policy changes for v13.1.0 Admin Console requirements.