1 of 98

End-User Guides

Keeper End-User Guides

Guides for consumer and business end-users on desktop and mobile devices.

About Our Security

Keeper is a Zero-Knowledge platform. The data stored in a Keeper vault is encrypted and decrypted locally on the user’s device. Check out this blog article which reviews how Keeper protects your information:

For a more in-depth technical description of our encryption model documentation.

Keeper Security employees have no ability to decrypt customer data, because the encryption keys are managed by the customer. In addition to zero knowledge architecture, Keeper supports a number of two-factor authentication methods including FIDO2 WebAuthn devices, Google Authenticator, Microsoft Authenticator and SMS. Keeper Security is SOC2 Certified, ISO 27001, 27017 and 27018 certified, FedRAMP Authorized, StateRAMP authorized.

User Guides

Enterprise Guides

Helpful Links

System Requirements

The system requirements for Keeper applications are listed below.

Compatibility

Keeper works on every smartphone, tablet and computer. Keeper supports popular browsers including Chrome, Safari, Firefox, Edge, Opera, Brave and IE. Native app installation is available from the Keeper website and every public-facing app store (iTunes, Google Play, Microsoft Store, etc).

Device

OS Version Supported

The latest Keeper downloads can be found at

Keeper Web Vault

The Keeper Web Vault is a fully featured web-based application. To access the Keeper Web Vault login, visit:

US Data Center

US Public Sector / GovCloud

EU Data Center

AU Data Center

CA Data Center

JP Data Center

Keeper Desktop Application

Keeper Desktop is a cross-platform native desktop application for Windows, MacOS and Linux. Several installer files are provided at the links below.

Download Options

Windows AppInstaller
Microsoft Store
Mac OS .dmg

Enterprise Installation

See the for more advanced deployment options.

Checksum / Hash

Keeper Desktop SHA1 hashes for the latest version can be retrieved here:

Mobile App

iOS

Keeper for iOS can be installed directly from the App Store:

Android

Keeper for Android can be installed from the Google Play application at the link below:

KeeperFill Browser Extension

The latest Browser extensions can be installed by users at the links below: Chrome, Brave, Opera: Firefox:

Edge:

Safari:

Enterprise Deployment

For Keeper Enterprise administrators, please see the link below for Enterprise deployment options:

Quick Start Guides

The following Quick Start Guides will walk you through the setup steps and main features of Keeper for Web Vault & Desktop App, iOS, and Android.

Install for Chrome

Installation instructions for KeeperFill for Chrome, Brave and other Chromium-based browsers.

Chrome Web Store Install

Visit the link below to install Keeper Password Manager & Digital Vault from the Chrome Web Store.

In order for Keeper to be visible in your toolbar at all times, click on the puzzle icon and then the pin icon next to Keeper Password Manager.

Keeper needs to be enabled on all sites by default. To confirm, navigate to the extensions options screen. Site access should be enabled "On all sites".

Disable Chrome Built-In Password Manager

We recommend that you disable Chrome's built-in password saving features.

Navigate to: and ensure all autofill features are disabled.

Install for Firefox

Installation instructions for KeeperFill for Firefox.

Firefox

Visit the link below to download Keeper Password Manager & Digital Vault from Firefox Browser Add-ons.

Once installed, the Keeper icon will appear in the upper right corner of your web browser window.

Next we recommend you disable your browser's built-in password saving features:

Install for Edge

Installation instructions for KeeperFill for Edge.

Microsoft Edge

Visit the link below to download Keeper Password Manager & Digital Vault from Microsoft Edge Addons.

In order for Keeper to be visible in your toolbar at all times, click on the extensions puzzle icon then click on the eye icon next to Keeper Password Manager to "Show in Toolbar".

Disable Built-In Password Manager

Next, we recommend that you disable Edge's built-in autofill features.

Click on the Edge menu icon and select Settings and under "Microsoft Wallet".
Click Passwords > Settings.
Disable "Offer to save passwords" and "Autofill passwords and passkeys".

Install for Opera

Installation instructions for KeeperFill for Opera.

Opera

Visit the link below to download Keeper Password Manager & Digital Vault from the Chrome Web Store.

In order for Keeper to be visible in your toolbar at all times, click on the extensions box icon and then the pin icon next to Keeper Password Manager.

Enterprise Deployment

Deploying the Browser Extension through group policy

For business customers, see Keeper's Enterprise end-user deployment guide:

Autofill & Passkey Setup for iOS

Setup guide for Keeper's autofill & passkey features, KeeperFill for Apple iOS (iPhone, iPad) devices.

Overview

Keeper is fully integrated into the login experience of every website and app using the Passwords button that appears above your device's keyboard.

Autofill supports the following features:

Time-Limited Access

Time-Limited Access allows you to securely share records and folders with other Keeper users on a temporary basis.

Overview

Time-Limited Access allows you to securely share credentials or secrets with other Keeper users on a temporary basis, automatically revoking access at a specified time. Time-Limited Access prevents long standing privileges and ensures that information is removed from the recipient’s vault, greatly reducing the risk of unauthorized access.

Select the record from your vault and click Share, entering their email address or selecting it from your contacts list. Set their permission level and click Add.

Select the “Permissions” dropdown and click Set Expiration. Here you can select one of the default expirations or click custom date and time to set your own. Next, check the box if you would like the record owner, such as yourself, or users with edit access to be notified via email when the recipient's record access expires. Click Done to save.

The recipient of a shared record with time-limited access may have "view" and "edit" permissions but will not be able to share the record. If "share" permissions are applied, the expiration will be removed.

Open the shared folder from your vault and click the edit icon and from the “Users” tab, add the user or team you would like to share the folder with.

Set their permissions and from the dropdown menu click Set Expiration, following the same steps you would for a single record share (described above).

Next, check the box if you would like users with "can manage records" permissions over the folder to be notified via email when the recipient's record access expires. Click Done to save.

The recipient of a shared folder with time-limited access may have "can manage records" permissions, but the ability to "manage users" is restricted. If these permissions are applied, the expiration will be removed.

Self-Destructing Records

Self-Destructing Records allow you to share records with users outside of Keeper, while automatically deleting the record from your vault and disabling the share link at specified time.

Overview

Self-Destructing Record’s utilize Keeper’s existing One-Time Share technology which allows time-limited, secure sharing of a record to anyone, even if they don’t have a Keeper account.

Self-Destructing Records take our One-Time Share feature even further by automatically deleting the record from your vault once the share link is disabled and the recipient’s access is revoked. This reduces your workload to revoke record access and removing it from your vault at a later time.

Create a Self-Destructing Record

To create a Self-Destructing Record, create a new record as you normally would. Enter the record details and click Add Self-Destruct.

From the menu that is now presented, select when you want the share link to expire.

Once you've made your selection, click Save & Share to generate a One-Time Share link.

You have the option to copy the link directly, or send it in an invite or QR code format.

The recipient of a Self-Destructing Record simply clicks on the provided link and is instantly presented with the shared record in their web browser. One-Time Share links are bound to a single device, further strengthening security and preventing unauthorized distribution or viewing on multiple devices. The link will expire at the specified time or once the recipient has viewed the record for five minutes, whichever comes first.

Keeper's Self-Destructing Records allow you to securely share records with file attachments that self-destruct at a specified time.

Create a record as you normally would and click Add Attachments to upload your file, or simply drag and drop the file directly into your vault.

Click Add Self-Destruct, select when you want the share link to expire, then click Save & Share to generate a One-Time Share link.

The recipient of a Self-Destructing Record simply clicks on the provided link and is instantly presented with the shared record in their web browser. They can then click on the file to download it to their local device.

Delete a Self-Destructing Record

You can delete a Self-Destructing Record at any time, thus disabling the share link by clicking Delete Now. Deleted Self-Destructing Records will appear in your vault's “Deleted Items” with the option to "Restore".

Security Audit

Security Audit provides password security strength reporting in your vault.

Overview

The Security Audit screen gives the passwords stored in your vault an overall security score based on password strength. You can clearly view information about each record's password strength and reuse from this screen.

Calculation of Security Score

The calculation of password strength and reuse is performed continuously from your vault across all platforms including Keeper Desktop, Web Vault, iOS and Android devices.

Keeper's password "strength" is a calculated score based on the complexity of the password, with a score rating between 0 and 100 according to the metrics below:

Very Weak: < 20 Weak: 20-40 Good: 40-60 Strong: 60-80 Very Strong: 80+

For more information on how Security Scores are calculated, visit the following page:

You can easily view a record that contains a high-risk password by clicking on it from the provided list. To resolve the risk, you will be directed to change the password at the record's website and then update the corresponding record in your vault.

Click to learn how to easily change your passwords using Keeper's browser extension, KeeperFill.

BreachWatch

User guide for BreachWatch on Keeper's Web Vault & Desktop App.

Overview

BreachWatch is a powerful, secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch delivers the most in-depth monitoring available to the public with a database of over a billion records while upholding Keeper's state-of-the-art, zero-knowledge security architecture.

BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.

Emergency Access

Give trusted family and friends access to your Keeper Vault.

Give trusted family and friends access to your Keeper Vault in the event of an emergency or loss of life. You can designate up to five emergency contacts and decide how much time should pass before their access is granted.

Please note, the Emergency Access feature is only available for consumer accounts.

From the Account Dropdown Menu (your email address), select Account > Emergency Access.

Keeper Forcefield

End-user guide for Keeper Forcefield - Windows Endpoint Protection for Sensitive Data

Keeper Forcefield: Windows Endpoint Protection

Overview

Troubleshooting

This guide provides basic troubleshooting solutions to some of the more common questions users may have.

The proceeding pages in this section are dedicated to various troubleshooting guides. Have a suggestion? Email our team at [email protected].

Reporting Autofill Issues

How to report autofill issues to Keeper

Overview

Starting with version 17.1 of the Keeper Browser Extension, we have drastically increased the speed at which we can resolve autofill issues while also training Keeper's Machine Learning models to safeguard autofill accuracy across the web.

We've introduced a new "Snapshot Tool" in the Keeper Browser Extension that greatly simplifies the process of fixing autofill issues on customer-owned websites or internal tools that were previously difficult for our engineers to access. By submitting a snapshot to our team, we can turn around site-specific autofill improvements in a matter of minutes.

Reporting Autofill Issues with the Snapshot Tool

To report an Autofill Issue, there are 2 locations to access this feature: From the on-page form fill and the browser extension toolbar.

On-Page Form Fill

From the on-page form filling screen, click on the overflow menu > Report an Autofill Issue

From the browser extension toolbar window, click on the overflow menu > Report an Autofill Issue.

Submitting Snapshots & Reporting Issues

Next, click Take Snapshot to take a screen capture of your browser window.

If you are having trouble with a website's login page, simply select Report an Autofill Issue from the extension Options menu or from the fill tool.

Click Take Snapshot to take a screen capture of your current browser window. Click Next: Preview to review exactly what data will be sent to Keeper, ensuring there is no confidential information included before you proceed.

Next, select from the provided list of autofill issues or describe your own.

Keeper will NOT send credentials or confidential information. We only send the screenshot and HTML page structure exactly as displayed in the preview window.

Click Report Issue to send the information to the Keeper Team.

If you need to re-submit an issue for a website, return to the extension toolbar or fill tool and click Report an Autofill Issue > Retake.

Snapshot Resolution

The Keeper team will promptly receive the necessary information to diagnose and resolve the filling issue. Once a solution is implemented, an update will be released to all customers. You will receive an email notification confirming the update. In many cases, site-specific fixes can be turned around within the same day.

Troubleshoot Extension Issues

Steps to provide Keeper Support with Browser Extension debug information.

Autofill Issues

See the page to request a fix for a website that isn't filling properly. Our team can process fixes on the same day.

Troubleshooting Vault Issues

Troubleshooting instructions for troubleshooting vault issues.

Please follow the steps below to provide Keeper Support with information to assist vault related errors.

(1) Using Chrome browser, open the Web Vault at: https://keepersecurity.com/vault

(2) Click on View > Developer > Developer Tools.

(3) Login to your Keeper Vault.

(4) On the Developer Tools window, click on the "Console" tab and check for any errors in red.

(5) If there are errors, take a screenshot and/or copy-paste the information for the Keeper Team.

Clearing Your Browser Cache

Clear the browser and extension cache to reset Keeper on your device using Keeper's browser extension tool.

If you would like to reset Keeper on your web browser follow the steps below:

Navigate to the "Extensions" page in your preferred browser and select "Keeper Password Manager & Digital Vault".
Click "Extension options".

Website Developers

Helpful info for website developers

If you are a website developer and your users are experiencing a compatibility issue with Keeper's browser extension, please follow the steps below.

Keeper Icon Appearing in Wrong Field

Keeper uses pattern matching to determine if a field should display a lock icon. If a lock icon is showing on a form field in error, you can supply a CSS class of keeper-ignore to your form element. For example:

Tips & Tricks

This guide provides access to our top "tips & tricks" and assists users in optimizing their experience with Keeper on both desktop and mobile devices.

The proceeding pages in this section are dedicated to various FAQs, site-specific guides and other tips & tricks. Have a suggestion? Email our team at .

Protecting your Keeper Vault

Recommendations for protecting access to your vault

Overview

At the foundation, Keeper is an encryption platform with policies and controls in place to protect customer data. In this security model, the customer is also responsible for protecting access to their vault by following recommended security practices. This document outlines key recommendations that will help you secure the data stored within your vault.

Create a Strong Master Password

For customers who login to Keeper with a Master Password, the key to decrypt and encrypt the Data Key is derived from the Master Password using the password-based key derivation function (PBKDF2), with 1,000,000 iterations by default. All customers who login to the vault are automatically migrated to 1,000,000 iterations.

After the user types their Master Password, the key is derived locally and then unwraps the user's 256-bit AES Data Key. After the Data Key is decrypted, it is used to unwrap the individual 256-bit AES record keys and folder keys. The Record Key then decrypts each of the stored record contents locally.

Keeper implements several mitigations against unauthorized access, device verification, throttling and other protections in the Amazon AWS environment. Enforcing a strong Master Password complexity significantly reduces any risk of offline brute force attack on a user's encrypted vault.

The National Institute of Standards and Technology (NIST) provides password guidelines in: . The guidelines promote a balance between usability and security; Or in other words, passwords should be easy to remember but hard to guess. The NIST instruction recommends an eight character minimum but a higher value will ultimately result in a harder to guess/crack password. Keeper enforces a minimum of 12 character master passwords.

Enable 2FA on Your Keeper Account

2FA can be added to any consumer or business account. Business customers can enforce the use of 2FA with various levels of control and security options. The 2FA step comes before the Master Password entry. Performing the device verification and 2FA step prior to the Master Password entry phase offers mitigation of several attack vectors including brute force attack, password testing and account enumeration.

To activate Two-Factor Authentication, visit the Settings screen of the Keeper Web App, Desktop App or mobile application.

Keeper also supports FIDO2-compatible WebAuthn hardware-based security key devices such as YubiKey and Google Titan keys as a second factor. Security keys provide a convenient and secure way to perform two-factor authentication.

Enable 2FA on Your Email Account

Access to your email account is a key component in the overall security of your personal information. Ensure that your email account uses a strong auto-generated password created by Keeper. And ensure that you are protecting your email account with multi-factor authentication. Follow the steps provided by your email provider to lock down your account with the most restrictive methods possible.

We recommend that customers protect email accounts using a hardware-based Yubikey or Google Titan key when possible. If this is not available from your email provider, or if you don't own a Yubikey device, the next best thing is using a TOTP code generator.

Keeper supports the ability to store TOTP codes for logging into your email account or other service. To learn more about protecting TOTP codes in your Keeper Vault, .

While using SMS as a two-factor authentication setting is better than having nothing at all, we don't recommend relying on SMS due to well documented .

Be Careful of Browser Extensions

As a general security practice, we recommend that our customers be very cautious with installation of 3rd party browser plugins / browser extensions, such as ad blockers, coupon tools and other "helpful" utilities. Many browser extensions request elevated permissions which have the ability to access any information within any website or browser-based application that you visit. Make sure you fully trust the company who developed the browser extension, and look for their security certifications before you install it.

If you have any other security related questions, feel free to email our team at [email protected].

Using Keeper TOTP with Azure or Office 365

How to use Keeper to manage TOTP codes for protecting your Office 365 accounts.

Microsoft 2FA Configuration

Keeper can protect Azure AD / Office 365 logins with our TOTP (time-based one-time password) feature. By default, Microsoft provides a different type of code which supports their push method. Below are the step by step instructions to setting up Office 365 TOTP code support properly.

(1) From your Microsoft Azure / Office 365 Profile Screen, visit your security settings screen. The Microsoft site seems to change often, so we won't add a hyperlink here. Click on "Add Method" to set up two factor authentication on your Microsoft account.

(2) Select "I want to use a different authenticator app" as your preferred option

The QR code will be generated and displayed:

(3) On Keeper from your record, click on "Add Two-Factor Code". Or if you're using the mobile app, you can tap on "Add Two-Factor Code" to scan it with the camera.

(4) Enter the verification code as displayed in your Keeper app

(5) Click Next and then Save the record in the Keeper vault.

Make sure to save the Keeper record before exiting the setup

(6) To ensure that Autofill works with all the various Microsoft sites you may be using, we recommend adding several custom fields to your Keeper record similar to the screen below.

Logging in with Two Factor Code

When logging into Microsoft Online, use Keeper's right-click menu as a simple way to fill the TOTP code.

Changing Passwords Using KeeperFill

KeeperFill provides unique features to help you change/rotate passwords on any website.

Login to the site using the KeeperFill browser extension
Visit the site's "Change Password" Page
Follow Keeper's on-screen instructions

See the below example video using Twitter.

One Record with Multiple URL Domains

One Record with Multiple Domains

Some sites have more than one domain (website address) that require the same exact login/password. If this is the case for any of your records, rather than creating an entirely separate record, Keeper allows you to store multiple website domains within one record.

So no matter what domain you are logging in from, KeeperFill will recognize that domain as an alias and allow you to log in with the same stored credentials.

To store multiple website domains within a single record:

KeeperFill Right-Click Context Menu

If a website form field does not display the Keeper lock icon, users can right-click on the field to produce a context menu with KeeperFill features. The context menu offers the ability to fill logins, payment cards, addresses and create new passwords.

The KeeperFill right-click context menu provides the following features:

Keyboard Shortcuts

If you prefer to use keyboard shortcuts instead of mouse clicks to make the process of auto filling your passwords even more seamless, follow the steps below:

Navigate to the site you would like to log in to.

Resetting Keeper Desktop App

Learn how to reset Keeper on Mac and Windows.

If you encounter an issue with the Keeper Desktop application and you need to reset the content and settings, follow the steps below.

Mac & Windows

While in the Keeper Desktop App, navigate to Help > Reset Keeper.

Login to Keeper with Windows Hello

How to configure Keeper Desktop with Windows Hello biometric login.

Keeper is compatible with Windows Hello, a biometrics-based technology that allows users to authenticate and log into their Windows device using biometric facial recognition, fingerprint reader, or pin (available on Windows 10). If Windows Hello is configured on a user's device and enabled in Keeper, this eliminates the requirement for users to enter their master password at the Keeper login screen, further expediting the login process.

Enable Windows Hello:

Open the Account Dropdown Menu.
Click Settings > Security.
Toggle "Windows Hello Login" on.
Once you have read the warning notification, click Enable to accept.

Windows Hello Setup

If Windows Hello is not yet configured on your device, you will receive a prompt to open your Windows Settings to configure it. Once you have configured Windows Hello, close out of the Settings window and return to your Vault to proceed with steps 3 & 4 above (Enabling Windows Hello).

Logging in with Windows Hello

Next time you log in to Keeper, Windows Hello will first attempt to authenticate your identity. Once authenticated, your vault will be decrypted and you will be automatically logged into Keeper.

By clicking Cancel you will be returned to the login screen to log in with your Master Password instead.

Windows Hello login became available in March 2020 in our new unified App Installer when Keeper Desktop is installed from the download page of our website or the Microsoft Store. Customers on a prior version will not receive the Windows Hello feature until they install the proper version. The Windows Hello-compatible version of Keeper can be installed one of two ways:

1. Via the link on our website download page 2. From the download site

Login to Keeper on macOS with Touch ID

How to login to Keeper with Touch ID on your Mac

Keeper is compatible with Touch ID on macOS, a biometrics-based technology that allows users to authenticate and log into their device using a fingerprint. If Touch ID is configured on a user's device and enabled in Keeper, this eliminates the requirement for users to use SSO or enter their Master Password at the Keeper login screen, further expediting the login process.

To enable Touch ID, click Account Dropdown Menu > Settings > Security and toggle "Touch ID" on.

Touch ID Setup

If Touch ID is not yet configured on your Mac, you will need to first enable the feature from your device settings. Once you have configured Touch ID , close out of the Settings window and return to your vault to proceed with the steps above.

Logging In with Touch ID

Next time you log in to Keeper, tap on the Touch ID icon from the login screen. Once authenticated, your vault will be decrypted and you will be automatically logged into Keeper.

By clicking Cancel you will be returned to the login screen to log in with your master password or SSO instead.

Using Windows Hello or Touch ID with SSO

Logging in with Windows Hello to a vault tied to SSO.

Keeper supports the ability to login with Windows Hello or Touch ID on a vault that is tied to an SSO provider such as Microsoft Azure. To set this up, please follow the instructions below.

(1) Login to your vault using your SSO as usual, and click the Account Dropdown Menu (your email) > Settings > Security.

(2) Enable Windows Hello (or Touch ID if you're on a Mac). Note that if you previously tried using this setting, you should turn it OFF and ON in order to reset the master password storage in your device.

(3) The next time you login to the Keeper Desktop App, simply click the "Windows Hello" or "Touch ID" button.

(4) You will now be able to login seamlessly to your vault using Windows Hello or Touch ID, without having to constantly login using your SSO provider.

Logging in with DUO

User guide for Enterprise customers who login using DUO for Two-Factor Authentication.

If you are new to logging into Keeper using DUO for Two-Factor Authentication, the videos below will demonstrate the process for Web Vault, iOS, and Android users. To learn more about DUO's Two-Factor Authentication method for Enterprise, click .

To login with DUO you must first activate it in your Keeper account's Two-Factor Authentication settings.

Import Records

Import from Mobile Apps

Keeper supports password import from iOS and Android devices.

iOS

If you are running iOS version 26 or higher, you can import your passwords, passkeys and two- factor codes from Apple Passwords directly into Keeper.

To begin, open the Apple Passwords app on your mobile device and tap the Options icon > Export Data to Another App.

Import from Chrome, Firefox, Edge, Safari

Instructions on how to import your passwords from popular browsers.

Overview

Keeper can automatically import unprotected passwords from web browsers such as Chrome, Firefox, Edge, and Safari, automatically from the Keeper Web Vault or Keeper Desktop Application using the Keeper Importer Tool.

To import from Safari 17+ and macOS 14.0 Sonoma,

Import Instructions

To import passwords from your web browsers, you must first install the Keeper Import Tool. To begin the installation, from the Account Dropdown Menu, click Settings.

Click Import > Import (next to "From a Browser").

Click Install.

Copy the code Keeper provides (you will need this later when prompted in the Keeper Importer).

For PC: click Run when prompted. For Mac: double click the "KeeperImport.zip" file located in your downloads and double click on the "Keeper Import App" to start the import process. You will encounter a few Keychain permission windows that will require you to enter your computer password to allow Keeper to access your web browsers.
Keeper will then ask for the code you received from step one; paste the code and click Import. Keeper will then import your credentials across all of your web browsers at once.

6. Once you have imported your credentials using one of the methods above, you can customize how you would like the information to appear in your vault in the field mapping screen. Here you'll see standard field names across the top that “map” to the data below for each Keeper record.

To adjust these mappings:

Click any field to open a dropdown menu
Select the appropriate field name from the list. Repeat this process across each column as needed
Click Next to finalize your selections.

Next, a summary screen will display a preview of your vault, showing the folder structure of your imported records. Here you can adjust the folder structure and click into individual records to preview their details before finalizing the import.
Click Confirm Import to complete the import process.

Once the import is complete, we highly recommend that you delete any unencrypted password files from your computer and disable any old password managers.

We recommend turning off your Web Browsers' password saving and autofilling features. Visit the Settings or Preferences menu of your web browser to disable these features.

Import from Chrome via Export

This guide details how to manually export saved passwords from Chrome and import them to Keeper.

IMPORTANT: Keeper can import password directly from your web browsers such as Chrome, using the automated import tool found in your Keeper Web Vault and Desktop App Settings. The import tool is an easy to use application that runs on your computer to quickly locate and import your passwords. Click here for further instruction on how to automate the import of your passwords from a web browser such as Chrome.

If you have attempted to use Keeper's automated import tool and have been unsuccessful, or you are running Linux OS, follow the directions below to complete the process manually. You will first need to perform a manual export of your passwords from Chrome and then import the file to Keeper as a Text File (.csv).

Export

Click the menu icon in the upper-right corner of your browser window (three vertical dots) and select Passwords and Autofill > Google Password Manager.

From the left menu select Settings.
Next to "Export Passwords" click Download File.
Save as a .csv file to you computer.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Text File.

Make sure to delete the local Chrome file from your computer.

Import from Avast

Instructions on how to import your passwords from Avast Passwords to Keeper

Export

To import from Avast, you must first export your records.

Log into your Avast account.
Select Import/export data.
Click Export to File.
Name the file and click Save

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
From your Account Dropdown Menu, click Settings.

Make sure to delete the local Avast file from your computer.

Import from Dashlane

Instructions on how to import your passwords from Dashlane to Keeper

Export

To import from Dashlane, you must first export your records. To export from Dashlane, you have two options.

Option 1: DASH: Dashlane Secure Archive

Log into your Dashlane account.
From My Account, select Settings > Export Data.

3. Click on Export to Dash.

4. Create and confirm a password.

5. Click on Export data.

6. An export file titled Dashlane Export.dash will be created.

Option 2: CSV

Log into your Dashlane account.
From My Account, select Settings > Export Data.

3. Click Export to CSV to create the export file.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Dashlane.

Make sure to delete the local Dashlane file from your computer.

Import from EnPass

Instructions on how to import your passwords from EnPass to Keeper

Export

To import from EnPass, you must first export your records.

Mac

Log into your EnPass account.
Click File > Export.

2. Select .json as your file format.

3. Choose the location to save the file.

4. Name the file and click Save.

Windows

Click on the menu in the upper-left side.
Click on File > Export.

Select .json as your file format.
Choose the location to save the file.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select EnPass.

Make sure to delete the local EnPass file from your computer.

Import from KeePass (.kdbx)

Instructions on how to import passwords from KeePass encrypted .kdbx files to Keeper

.KDBX File Import Overview

Keeper supports the ability to import directly from encrypted Keepass files in .kdbx file format. Keeper can import both password-protected and private key-protected formats. All versions of .kdbx files are supported.

This import will include passwords, folders, custom fields and file attachments.

Import from KeePass .XML

Instructions on how to import your passwords from KeePass .XML to Keeper

Keeper supports direct KeePass .kdbx file import which supports more content and file attachments. Please see those instructions .

Export

Import from mSecure

Instructions on how to import your passwords from mSecure to Keeper

Export

To import from mSecure, you must export your records first.

Mac

Log into your mSecure account.
Click File > Export CSV.

Accept the warning by clicking OK.
Select Export All Records.
Enter a name for the file and click Export.

Windows

Log into your mSecure account.
Click on the Settings icon.

Click on Backups > Export.

Enter a name for the file and click Save.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select mSecure.

Make sure to delete the local mSecure file from your computer.

Import from MyKi

Instructions on how to import your passwords from MyKi to Keeper.

Export

To import from MyKi, you must export your records first.

On Windows

Log into your MyKi account.
Click Settings > Import/Export.
Export to text file and Save.

On Mac

Log into your MyKi account.
Click on File > Export CSV
Select folder destination and Save.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select MyKi.

Make sure to delete the local MyKi file from your computer.

Import from Passpack

Instructions on how to import your passwords from Passpack to Keeper.

Export

To import from Passpack, you must export your records first.

Log into your Passspack account.
Click Settings > Export.
Click on Download.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Passpack.

Make sure to delete the local Passpack file from your computer.

Import from Passportal

Instructions on how to import your passwords from Passportal to Keeper

Export

To import from Passportal, you must export your records first.

Log into your Passportal account.
Click Settings > Import/Export.
Click Export and save the file.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Passportal.

Make sure to delete the local Passportal file from your computer.

Import from Password Boss

Instructions on how import your password from Password Boss to Keeper

Export

To import from Password Boss, you must export your records first.

Mac & Windows

Log into your Password Boss account.
Click File > Export Data.
Choose Password Boss JSON - Not Encrypted.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Password Boss.

Make sure to delete the local Password Boss file from your computer.

Import from Proton Pass

Instructions on how to import passwords from Proton Pass to Keeper

Export

To import from Proton Pass, you must export your passwords first.

Open the Proton Pass browser extension for Chrome or Firefox and click Settings.

Click on the Export tab. Ensure "Encrypt your Proton Pass data export file" is unchecked.

Click Export. A file title "Proton Pass_export_[date].zip" will be saved to your computer's downloads.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Proton Pass.

Make sure to delete the local Proton Pass file from your computer.

Import from Psono

Instructions on how to import your passwords from Psono to Keeper

Export

To import from Psono, you must export your records first.

Log into your Psono account.
Click your email address then select Other.
Click Export then select JSON and save the file.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Psono.

Make sure to delete the local Psono file from your computer.

Import from Safari via Export

This guide details how to manually export saved passwords from Safari and import them to Keeper.

Keeper can import password directly from your web browsers such as Safari using the automated import tool found in your Keeper Web Vault and Desktop App Settings. The import tool is an easy to use application that runs on your computer to quickly locate and import your passwords. Click here for further instruction on how to automate the import of your passwords from a web browser such as Safari.

Export

Open the Passwords App.
Navigate to File > Export All Passwords to File...
Click Export Passwords

If you are running an older version of macOS, you must export your files directly from Safari, Settings > Passwords.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select Text File.

Make sure to delete the local Safari/Passwords file from your computer.

Import from True Key

Instructions on how to import your passwords from True Key to Keeper.

Export

To import from True Key, you must export your records first.

Mac

Log into your True Key account.
Click on the Settings icon.
Click App Settings > Export Data > Export.

After warning appears, click Continue.
Enter your Master Password.
Save the file to your computer.

Import

Log into the Keeper Web Vault or Desktop App.
From the Account Dropdown Menu, click Settings.
Click Import > Import (next to "Use Another Source") and from the dropdown menu select True Key.

Make sure to delete the local True Key file from your computer.

Import from ZOHO

Instructions on how to import your passwords from ZOHO to Keeper.

Export

To import from ZOHO, you must export your records first.

Log into your ZOHO account.

Import from Commander CLI

Automated import through the Keeper Commander CLI

The Keeper Commander SDK provides command-line or scripted capabilities to import records and folders into your Keeper Vault. Supported import formats are below:

JSON import files can contain records, folders, subfolders, shared folders, default folder permissions and user/team permissions
CSV import files contain records, folders, subfolders, shared folders and default shared folder permissions
delinea/thycotic import includes private folders, shared folders, permissions, file attachments, TOTP codes
Keepass files will transfer records, file attachments, folders and subfolders
lastpass file format is supported, however for end-users we recommend the which supports folders, shared folders and file attachments.
lastpass full enterprise import supports shared folders
myki import method supports records and folders
1password method supports records, folders and file attachments
manageengine method supports records, folders and file attachments

Most features available in the Keeper Admin Console are available through Commander's interactive shell and SDK interface.

Learn more about Keeper Commander import methods at

Export and Reports

Vault Export

Export and Reporting Capabilities

The Keeper Web Vault and Desktop application provide export and reporting capabilities. For consumer accounts, this is available for all users. On Enterprise accounts, this may be restricted by the Keeper Administrator.

For Enterprise users, role policies must allow export.

iOS - iPhone & iPad

This quick start guide will walk you through the setup steps and main features of Keeper for iOS, linking additional user guides throughout for a more detailed look.

Getting Started

Once you have signed up for Keeper there are a few initial set-up steps on both your iOS device and desktop computer we recommend that you complete to help get you up and running with Keeper in no time.

Account Creation

Signing up for Keeper's iOS mobile app is easy. Simply visit the on your device and install Keeper Password Manager.

Once the download is complete, enter your email address. If you are not an existing user, you will be asked to create a Master Password which will be the only password you need to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!

Enable 2FA

After successfully downloading and logging into Keeper, it is highly recommended that you enable Two-Factor Authentication (2FA). Two-Factor Authentication provides an extra layer of protection against unauthorized access by requiring a second passcode verification at login. Using 2FA is advised to further increase the security and protection of the data stored in Keeper.

Tap Settings > Two Factor Authentication then tap ">".

Select your Two-Factor notification method and follow the on-screen prompts to complete the setup (more on that ).

Whether you choose text message or an authenticator app as your 2FA method, Keeper offers the convenience of not having to enter the verification code every time you login. To enable this feature, select Save code on this device forever during 2FA set-up and you will only have to enter the code once on each device you login into.

Enable KeeperFill

KeeperFill is fully integrated into the login experience of every website and app (iOS 12+), allowing you to enjoy its many benefits and conveniences seamlessly across your devices. Before you can utilize KeeperFill on your device, you must first enable it in your device settings.

On your device, tapSettings > Passwords > Password Options then toggle "AutoFill Passwords" on and from the list, select Keeper.

To make the most out of the Keeper Mobile App and ensure that your device's built-in password saving feature doesn't interfere with KeeperFill's autofill capabilities, we recommend that you only allow filling from Keeper.

Notice a Passwords button now appears above the keyboard when logging into an app or website.

Desktop Steps

When you first login to you vault, Keeper will give you the opportunity to import passwords from your computer and/or web browsers (If you're not near a desktop computer, you can perform the import at a later time).

After tapping I'm at my computer Keeper will ask you to navigate to to begin the process of importing your passwords.

Import Passwords

You can either manually enter your existing logins and passwords into your vault or Keeper can import existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).

To get started click your Account Dropdown Menu, then click Settings > Import

For instructions on how to import from your web browser, click .
For instructions on how to import from another password manager, click .
For instructions on how to import from a text file, click .

To learn more about manually entering your logins and passwords into your vault by creating new records, click .

Download KeeperFill for Desktop

KeeperFill is a browser extension that autofills your logins and password into websites and apps. Click to visit the Keeper website and download KeeperFill for your browser.

Browser-specific setup instructions and more information for KeeperFill:

Disable Browser Password Saving Features

To make the most of Keeper's Browser Extension, we recommend that you disable your browser's built-in password saving features. Keeper provides a much more secure and seamless solution to save and autofill your passwords across all browsers, devices and computers. For browser-specific instructions click .

Record & Folder Creation at Your Fingertips

Quickly create new records and folders on your mobile device using the convenient Create Button.

Create a Record

Tap then tap Create New Record.

Choose a from the dropdown menu ("Login" is the default type)
Name Your Record
Enter Your Email or Username

You can also create a new record while logging into a site with KeeperFill, more on that .

Create a Folder

Tap then tap Create New Folder.

Enter the name of the folder and tap Save.

Create a Shared Folder

Tap then tap More > Create Shared Folder.

Enter the name of the shared folder and tap Save.

Learn more about record and folder sharing .

Move a Record

Tap on the record you would like to move and drag-and-drop into a folder.

Alternatively, tap on the folder then tap and Add Existing Record.

Select the record(s) you would like to add from the list, then tap Add .

Organize Your Records & Folders

The Edit Tool allows you to manage the location of one or more records at once. With this tool, you have the ability to accomplish the following record actions: create a shortcut, move to a new folder, move to existing folder, and move to the trash.

Shortcut, Move and Delete

Tap the pencil icon and select the folder(s) or record(s) then select the action you would like to perform by tapping on one of the listed icons and following the on-screen prompts.

Shortcuts = like alias files, can exist in two or more places and when edited, change together.

Boost Your Efficiency with KeeperFill

KeeperFill is fully integrated into the login experience of every website on app (iOS 12+), allowing you to enjoy its many benefits and conveniences seamlessly, across your devices.

For more information on KeeperFill for iOS 11 and older, click .

Enable KeeperFill

Before you can utilize KeeperFill on your device, you must first enable it in your device's Settings app.

On your device, tapSettings > Passwords & Accounts > AutoFill Passwords then toggle "AutoFill Passwords" on and from the list, select Keeper.

To make the most out of KeeperFill and ensure that your device's built-in password saving feature doesn't interfere, we recommend that you only allow filling from Keeper.

Notice a Passwords button now appears above the keyboard when logging into an app or website.

Autofill Logins & Passwords

From the app or website login screen tap Passwords to open KeeperFill.

If there is a record match, tap Fill.

Keeper will attempt to match records when possible, to search for a record enter your record search terms into the search bar to display relevant records.

Autofill 2FA Codes

Tap the copy button next to the Two-Factor Code.

Fill your login credentials, then when prompted, long-press on the Two-Factor field and Paste the copied code.

Create a New Record

If Keeper is unable to find a matching record when logging into an app or site, you will have the opportunity to create one by tapping Create New Record.

Enter your login credentials and tap Fill & Save to fill your login credentials and save them as a new record to your vault.

Securely create, share and manage records with family, friends and colleagues.

From your vault, tap on a record to view it in detail, then tap Share.

Tap Share with User and enter their email address and toggle on/off permission types, then tap Save.

Add Records to a Shared Folder

From your vault, tap on a record to view it in detail, then tap Share.

Tap New Shared Folder.

Enter the name of the shared folder and use the search field if you want to add additional records, then tap ">" and toggle on/off the permission types. Tap Back when done.

To add users to the new shared folder, tap Users.

Enter the email address of the user(s), tapping Done on you keyboard between each to add them, then tap Save to finish.

More Features

Many familiar Keeper features can be accessed in the record detail view such as, creating favorites and viewing record history. The following actions can also be accessed from the edit screen:

Add to
Create Duplicate

From your vault, tap on a record to view it in detail, then tap More.

Tap on an action item from the generated menu and follow the on-screen steps.

Biometric login, especially when paired with Keeper is a time saving, convenience feature that allows you to login to Keeper with your fingerprint (Touch ID) or through face recognization (Face ID).

Tap Settings and toggle Biometric Login on.

At the login screen, simply tap either theor in the Master Password field to login.

Watch the video below to learn more about biometric login support on iOS.

Scan Documents & Notes to Reference Later

Keeper's Scan a Document feature uses optical recognition (OCR) to scan a picture, document, card or credentials written on paper and transcribes and securely stores them in plain text within you record's "Notes" section (available on iOS 13+).

Scan a Document

While viewing a record, tap Edit > Scan a Document.

Using your device's camera function, save your scan and you can either add it as an image to the record or save it as text only to your "Notes" field. Tap Save to finish.

Before you save a scan, you will have the opportunity to review and modify the transcribed text if needed.

Enterprise End-User (SSO)

This end-user guide was created for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.

Account Creation & Setup

Keeper is simple to install, easy to use and you’ll be up and running in just minutes. You can create your Keeper account using either one of the methods below.

Option 1: Click the Set Up Your Account Now button located in the email invitation sent by your Keeper Administrator. Since your Keeper account is deployed through Single Sign-On (SSO) you will automatically be routed to authenticate with your SSO provider to launch your Keeper Vault.

Option 2: Log in to your existing SSO provider dashboard as you normally do and click the Keeper icon to launch your Keeper Vault.

Enable Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) adds an extra layer of security to your vault by requiring a second passcode upon logging in. Some 2FA methods like Duo or RSA, require admin configuration. Others, like the Google or Microsoft Authenticator Apps, can be set up by individual end-users.

Click the Account Dropdown Menu (your email address) then click Settings > Security to enable 2FA for your vault.

Import Passwords

You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your (e.g. Safari, Chrome, Firefox), another , or from a (.csv).

To begin the import process, click the Account Dropdown Menu (your email address), then click Settings > Import.

The next time you log in to your Keeper Vault, you can either visit the Keeper Vault Login page or your SSO provider dashboard. Both options are described below. To access the Keeper Web Vault Login page, visit:

US Data Center:

US Public Sector / GovCloud:

EU Data Center: AU Data Center: CA Data Center:

JP Data Center:

Keeper Application Download

Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.

Visit: to download the Keeper App for all of your desktop and mobile devices.

Supported Platforms:

PC, Mac and Linux desktops
Chrome, Firefox, Safari, Edge and IE11 Web Browsers
iOS (iPhone & iPad)

Enter your email address at Keeper's Vault login page and click Next. You will then be routed to authenticate through your SSO Provider.

From Keeper's Vault Login page, click on the Enterprise SSO Login dropdown menu and select Enterprise Domain and enter your Enterprise Domain (provided by your Keeper Administrator). You will then be routed to authenticate through your SSO Provider.

Keeper provides two ways of authenticating into the Keeper Desktop application with SSO identity providers. By default, the Keeper Desktop app will open the identity provider login screen in a popup window as seen below.

This popup window is part of the Keeper Desktop application and will work for most scenarios. However, if your identity provider requires the use of a FIDO2 WebAuthn device or Passkey for authentication, using the desktop web browser method may be the best option.

Using Default Browser for SSO

To use the web browser on the device for SSO login with the Keeper Desktop app, open the Keeper menu and select "Use Default Browser for SSO".

When this option is selected, clicking "Next" will route you to the desktop web browser. After logging into your SSO provider (or if you already have an active SSO session), the web browser will redirect you back to Keeper Desktop and complete the login process.

Keeper supports IdP-initiated login from the SSO identity provider dashboard (if enabled by your Keeper administrator). Log in to your existing SSO as you normally do then from your SSO dashboard, click the Keeper icon to launch your Keeper Vault.

If you sign into Keeper on a new platform, you may encounter a "device approval" request (SSO Cloud Users Only). Please read the section below - "Device Approvals" for instructions on how to proceed.

Device Approvals

If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper Vault. Users have two methods of approval to choose from, "Keeper Push" or "Admin Approval".

Keeper Push

Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. This is a self-service process that allows users to handle the device approval on their own.

If you select Keeper Push, a notification (push) will be appear in your vault at an approved device or browser. Select Yes to approve the new device. Once the device has been approved, you will be able to proceed to your Keeper Vault.

You must be actively logged into a different, recognized/approved device to receive the notification.

Admin Approval

Admin Approval will send a notification to your Keeper Admin requesting device approval. If you do not have an existing, recognized device, this will be the only path gain access again.

if you select Admin Approval, your Keeper Admin will receive notification for approval. Once the device has been approved, you will be able to proceed to your Keeper Vault.

Automated Device Approvals

Keeper's platform supports automated device approvals through a product called the Keeper Automator service. If your Keeper Administrator has configured this service, device approvals will occur automatically upon successfully logging into your SSO identity provider.

about the Keeper Automator service.

Create a Record

Your passwords, databases, SSH keys, bank accounts and other sensitive data are saved in your private digital Keeper Vault (as "Records") and are encrypted on your device using 256-bit AES.

To begin, click + Create New > Record.

Choose a from the dropdown menu ("Login" is the default type)
Enter a name for the Record and click Next
Enter the Login (Username or Email)

For more information, please see our comprehensive .

Autofill With KeeperFill

Keeper's Browser Extension called KeeperFill, autofills your logins and passwords into websites and apps. To download KeeperFill for your browser, visit . KeeperFill is available for every web browser.

Records appear directly on the home screen as a list, with “Suggested Records” at the top to easily fill the credentials that match the website you're on. Select the record, then click Autofill to fill the credentials into the site's log in form.

Account Recovery

When you log into your vault for a second time, you'll be prompted to set up a 24-word recovery phrase. If you forget your Master Password, this feature will help you quickly regain access.

Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.

If Account Recovery is not available, your Keeper Administrator may be able to transfer your vault to another Keeper account.

Create a Personal Vault (via Business or Enterprise Account)

Keeper Business and Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices. Once the user sets up the Family Plan, each family member receives their own vault. They can also share passwords between family members using either Shared Folders or individual record sharing.

Log in to your Keeper Business or Enterprise Web or Desktop Vault.
Click on your email address in the upper-right corner.
Select Account from the dropdown menu.

This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.

Importing Data from Other Sources

Keeper provides several methods of importing data into the vault. Each method is fully documented with screenshots and example data. (1) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Web Vault

(2) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Desktop App From the Desktop App, simply click on Settings > Import > click "Import" to begin the import process.

(3) Import from .CSV file

(4) Import from a structured .JSON file

(5) Import from LastPass (Fully Automated)

(6) Import from 1Password

(7) Import from Dashlane (8) Import from Encrypted KeePass (.kdbx) Files

(9) Import using the Commander CLI

(10) Custom import coding using the Keeper Commander SDK

Use Cases

This document covers the most common use cases for the Keeper Enterprise product.

End-User Vault

Upon deployment of the Keeper Enterprise product, each user is provided a secure, private Keeper Vault. Keeper works on all device types, platforms and operating systems to enable users to:

Create and manage strong passwords across all device types
Securely store files and other private information
Autofill passwords across web browsers, apps and mobile devices
Share confidential information between users and teams

Deploy a Zero-Knowledge Vault to Employees

Keeper zero-knowledge, secure vault is protected with multiple layers of encryption. Each user’s vault is protected by a Master Password which is used to encrypt and decrypt data on the local device. Additionally, Two-Factor Authentication protects cloud access. Below are some of the key vault security features:

A user's Master Password is used to derive an encryption key using PBKDF2, which will encrypt and decrypt their vault.
Each password and file stored in the vault are protected with a separate, strong 256-bit AES key.
Users who login with Keeper SSO Connect integration don’t require a master password, since the encryption keys are managed by the Enterprise. For convenience, Admins can permit Biometric Login to the vault (Face ID/Touch ID, Windows Hello, etc.).

Generate Strong Passwords

Creating strong, randomly generated login passwords for each website is critical in protecting against data breaches, password stuffing and password spraying attacks. Keeper’s password generator and auditing capabilities ensure password compliance company-wide.

Protect All Platforms and Devices

Keeper protects passwords and private information on all devices and operating systems. Deployment options are available through the Keeper Security website and every major app store. SCCM deployments and virtual environments (e.g. Citrix) are fully supported.

Keeper® Desktop App

Keeper's fully-featured desktop application for fast and secure access to your Keeper vault.

KeeperFill®

The KeeperFill browser extension quickly autofills your login credentials into your favorite websites.

Keeper® Mobile App

Keeper's fully-featured mobile application for fast and secure access to your Keeper Vault.

Autofill Website Passwords with KeeperFill®

KeeperFill for web browsers provides a powerful and easy-to-use autofill feature. Various paths and scenarios are covered by the browser extensions, including the following:

Filling a login and password
Selecting from multiple passwords on the same website
Autofilling a login, password and two-factor code

The ability to customize the behavior of the browser extension can be configured from the extension's Settings Menu.

Change Passwords and Monitor Security with KeeperFill

KeeperFill makes it easy to change your passwords. When visiting a site's "Change Password" form, you will receive a prompt from Keeper asking if you would like help changing your password. By agreeing, Keeper will walk you through a few quick steps to change your password and simultaneously update the record in your vault. Additionally, using Keeper’s Security Audit feature within the vault, users can identity which accounts contain weak passwords and take the necessary steps to change them.

Autofill Native Desktop Applications with KeeperFill for Apps

KeeperFill for Apps is a convenient tool used to further enhance your experience with the fully-featured Keeper Desktop App. Used in conjunction with your desktop applications, KeeperFill for Apps provides a simple login solution and quick access to your vault records.

Additionally, KeeperFill for Apps provides a unique and powerful native app form fill capability using simple hotkey commands. IT admins who are accessing remote services can make use of this capability without having to resort to “copy” and “paste”. By storing all of your passwords in the vault and using KeeperFill for Apps, you can rest assured that even your application passwords aren't left vulnerable in plain text.

KeeperFill for Apps works across Mac and PC platforms with popular native applications such as:

Skype, Slack, Evernote and other productivity apps
Custom and/or proprietary applications
Remote Desktop, VNC, Terminal and other command-line utilities

KeeperFill for Apps can be configured via Settings > KeeperFill within the Keeper Desktop App. Once opened, it can be accessed through your computer's menu bar (MacOS) or system tray (Windows) via the familiar Keeper icon.

Stay Organized and Efficient with Keeper’s Advanced User Interface Features

Folders & Subfolders

Folders and Subfolders (or folders within folders) provide greater control and organization over your private Keeper records and files. Subfolders also increase organization across teams and accounts types.

Grid View Layout

Grid view allows you to view your records in a graphical, tile format which displays beautiful, curated logos for popular websites. To enter Grid view, simply click on the grid icon in your vault.

Record History

Every change made to a record creates a backup version that can be viewed and restored at any time. Similarly, deleted records can be recovered and there is no limit to the number of record versions that can be stored.

Shortcuts

A record can exist outside of a folder, inside a folder or inside a shared folder. A record can also be linked to multiple folders or shared folders and is referred to as a “shortcut”. Shortcuts like alias files, can exist in two or more places and when edited, change together.

Protect Confidential Files, Photos and Videos

Keeper offers Secure File Storage to protect your confidential files, photos, and videos. Keeper protects these files with 256-bit AES encryption using record-level keys, just like our password encryption technology. Users can easily drag-and-drop files directly into their vault and take pictures & videos directly from their mobile devices. These files can be easily and securely shared with other Keeper users, from vault-to-vault.

Examples of files that might be stored in the vault include:

Customer Information
Financial and Banking Documents
Tax Returns

Protect Secure Certificates and SSH Keys

The growing threat of trust-based attacks is opening security risks for IT organizations who rely heavily on access to critical systems via digital certificates and keys. Keeper protects certificates and keys with 256-bit AES zero-knowledge encryption. Examples of the types of certificates that can be stored include:

SSL Certificates
SSH Keys
RSA Key Pairs

Certificates and SSH keys can be stored in any Keeper vault record as either a custom field, note, or file attachment.

In addition to storing SSH keys, they can be used to securely establish connections.

, a command-line SDK and toolkit for DevOps users allows you to connect to remote systems using stored credentials or SSH keys.

For more information on establishing connections using Keeper Commander, click .

Keeper uses RSA encryption to share passwords and files. You can share passwords or files directly with another Keeper user or with a team. Behind the scenes, information is encrypted with the recipient’s public key and decrypted with their private key. Permissions (can edit, can share, can edit & share, and read only) can be assigned to individual users or to teams of users.

View, edit and share permission sets can be applied to individual users. Shared folder permissions can provide control over the management of the folder, users and records.

Teams are created and managed in the Keeper Admin Console. Teams can also be provisioned automatically using our Active Directory Bridge software, SCIM protocols or the Keeper Commander SDK.

Separate Business and Personal Information

Since Keeper Enterprise provides a mechanism for administrators to suspend and transfer end-user vaults, Keeper recommends that end-users keep business and personal vaults separate. This easily be achieved by using Keeper’s Account Switching features. Every platform supports the ability to easily switch between business and personal vaults.

Log in with Existing Identity Providers

Through the use of Keeper SSO Connect technology, end-users can seamlessly log in to their Keeper Vault with any existing SAML 2.0 compatible identity provider such as Okta, Centrify, Microsoft AD FS / Azure, G-Suite, JumpCloud and F5 BIG-IP APN.

Once this capability is activated by the Keeper Administrator, logging in is seamless across all device types and platforms. Alternatively, users can first log in to their identity the provider and then launch their Keeper Vault.

Administration and Deployment

Keeper Enterprise provides a web-based Admin Console application. The Admin Console allows administrators to:

Onboard and offboard users
Apply role-based enforcement policies
Manage two-factor authentication

Manage and Onboard Users

The Keeper Admin Console provides several solutions to deploy Keeper to users based on the size of the organization. Users can be provisioned through one of the following methods:

Active Directory or LDAP sync via AD Bridge
Single Sign-ON (SAML 2.0)
SCIM and Azure AD

Different organization units (nodes) can be provisioned in different ways. For example, end-users within one organizational unit can onboard via Active Directory and another group of users can be provisioned with an identity platform like Microsoft Azure or Okta.

Enforce Role-based Permissions

Keeper’s role-based enforcement policies provide organizations with the most flexibility to customize their solution to meet the needs of internal controls, this includes:

Master password complexity rules
Two-Factor Authentication channels
Physical location, IP addresses and device platforms

Administrative permissions are also applied at the role level. Any role with administrative permission can log in to the Keeper Admin Console and perform specific job functions.

Transfer an Employee's Vault When They Leave the Organization

Retaining critical and confidential data is important when employees leave the organization, especially users that are in some administrative or management capacity.

Through the use of Keeper’s secure “Account Transfer” feature, a user’s vault can be locked and then transferred to another user within the organization. The process of account transfer remains fully zero-knowledge, and the responsibility of performing the account transfers can be limited based on roles within the organization. For example, only the Engineering Manager can transfer the vault of an Engineer or the Marketing Manager can only transfer the vault of a Marketing Coordinator.

Keeper’s security model is based on the least-privileged access, meaning, Keeper implements least-privileged policies, so when a user is a member of multiple roles, their net policy is most restrictive. Administration of groups can be delegated and restricted based on job function or any other criteria.

Account Transfers are a one-directional action. Upon account transfer, the source account is deleted and the vault records are transferred to another user account.

Monitor the Security Score of the Company

The overall security score of the organization can be monitored by delegated Keeper administrators to ensure compliance with password policies. Detailed reports identify users who need to take corrective action. Record password strengths, master password strengths and two-factor authentication usage can all be monitored in the Security Audit tab and are what make up an organization's security score.

Audit Event Logs and Perform Forensic Analysis

Advanced Reporting & Alerts Module

Keeper’s Advanced Reporting & Alerts Module (ARA Module) provides event logging and log event tracking for over 75 event types, the ability to send event based alerts and the capability to log events to an external system.

Admins can create customized reports by specifying what criteria to filter and present in each column. Reports can now be filtered and saved based on Event Types (Policy Changes, Sharing, Logins, etc), Users, and Attributes (Nodes, Devices, Location, etc).

Alerts can be triggered based upon any event criteria, such as role policy changes, privileged password access or other security events. Alerts can be sent via SMS or email and can also be viewed within the Admin Console interface.

The ARA Module integrates with 3rd party Security Information and Event Management (SIEM) tools for external logging. Integrations include the following:

Splunk
Sumo Logic
Amazon S3

The ARA Module supports over 75 event types (e.g. Expired Master Password, Changed Master Password, Shared Record, Disabled Two-Factor Authentication etc. ) that can be automatically pushed to popular SIEM products such as Splunk, Sumo and QRadar.

Recent Activity

Keeper’s “Recent Activity” report provides event logging and forensic analysis capabilities to comply with corporate governance and audit requirements. Events are tracked throughout the system while maintaining zero-knowledge. Only privileged users with sharing or ownership rights to decrypt individual vault records are capable of viewing the stored vault information.

Android Phone & Tablet

Comprehensive guide for Keeper on Android phones and tablets.

Your Keeper Vault

With Keeper, your passwords, logins and other personal information are saved in a private, digital vault. It is here where you can view and edit all of your website login credentials and details, as well as store important files and photos.

Signing up for Keeper's Android mobile app is easy. Simply visit the on your device and install the Keeper Password Manager. Watch the video below to learn more about account creation and login.

New Users

To create your Keeper account, first enter your email address then you will be asked to create and confirm a Master Password which will be the only password you have to remember. We recommend that you choose a strong Master Password that is only used for Keeper — don't forget your Master Password!

To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.

Enterprise users who log in with SSO do not require selection of a Master Password.

Existing Users

If you are an existing user, tap Login and enter your email address. If you are attempting to log in on an unrecognized device, a device approval must take place before you can proceed to your Keeper Vault. Users have three methods of approval to choose from:

Email Verification
Keeper Push
Two-Factor Method

Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device.

If you select Send Keeper Push, a notification (push) will appear in your Keeper Vault in an alternate, approved device or browser.

On the alternate device, log in to Keeper and tap Yes to approve the new device. You must be actively logged in on an approved device to receive the notification.

Once your device has been approved, you will be prompted for 2FA (if enabled) and asked to enter your master password to proceed to your vault.

If you are an Enterprise customer using SSO Login, you can enter your email address and tap Next to login through SSO. Alternatively, you can tap Use Enterprise SSO Login and enter the enterprise domain provided by your Keeper administrator and tap Connect.

Next, you will be directed to the Safari browser for web-based SSO Enterprise authentication. After you have successfully entered your SSO credentials and two-factor authentication code (if enabled), you will be returned to Keeper to complete the login. You may be required to approve your device using Keeper Push or administrator approval after the SSO login process has been completed.

For more information about Enterprise SSO login, click .

Importing Passwords

When you first log in to your vault, Keeper will prompt you with two options: Import Passwords or Later. If you choose Import Passwords, you can import directly from Google via a CSV file upload.

Importing from other password managers is still supported via the Keeper Web Vault. If you're not near a desktop computer, you can select Later to perform the import at a later time using the Keeper Web Vault. Password Import is always available from the left menu.

Import from Google

Open the Keeper App: Launch the Keeper app on your Android device.
Access the Menu: Tap on the Hamburger Menu (three horizontal lines) in the top-left corner.
Select Import Passwords: From the menu, choose Import Passwords.

Import from a CSV File

If you already have your Google Password CSV file on your Android device:

Open the Keeper App: Launch the Keeper app on your device.
Select Import Passwords: Go to the Hamburger Menu and choose Import Passwords.
Choose CSV Import: When prompted, select the Upload CSV File option. This will open the Files app, filtering to show only CSV files.

Keeper on Android directly supports importing from Google Password Manager via CSV file. While CSV files from other sources may work, their compatibility can vary based on formatting—only Google’s export is guaranteed to function seamlessly.

Import from Other Password Managers

If you're importing from another password manager:

Keeper will ask you to navigate to on your desktop computer to begin the process of importing your passwords.
For detailed instructions on importing passwords from web browsers and other password managers to your Keeper Web Vault, click .

Creating New Records

Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital vault (as "Records") and are encrypted on your device using 256-bit AES.

Tap the create icon (+) select Create New Record.

Enter a Title for the record
Choose a from the dropdown menu ("Login" is the default type). Depending on the record type you select, the default record fields will vary.
Enter the Username

Organization

With Keeper you can organize your records into folders and subfolders. To create a folder, tap the create icon (+) and select Create New Folder, then enter a name for the folder. To add records to the folder, Tap + and Add Existing Record or you can tap Create New Record to add a new record to the folder.

To create a subfolder within the folder, tap + and Create New Folder.

Please note, once created, regular folders cannot be converted to a shared folder. To learn how to create a shared folder, click .

Moving & Shortcuts

Keeper makes it easy to move records around within your vault. Individual or multiple records and folders can be moved and shortcuts can be created. Shortcuts, like alias files, can exist in two or more places and when edited, change together.

To move or shortcut a folder, record or multiples thereof, long press on the record or folder and select any additional folder(s) or record(s) you would like to move or shortcut. Next, select the action you would like to perform by selecting an icon located in the upper right corner of your screen. The options include:

Create a Shortcut
Move to a New Folder
Move to an Existing Folder

You can select Create Shortcut, Create Duplicate, or Move a record from the Options menu within the record detail screen.

Favorites

Adding a record to your Favorites list is an easy way to locate your most frequently used records and websites. You can add a record to your vault Favorites or from the Options menu within the record detail screen.

Securely create, share and manage records and folders with other Keeper users such as friends, family, friends and colleagues.

Open the record you would like to share and tap Share > Share with User. Enter the user's email address, then use the toggle switches to select permissions (Can Edit, Can Share, Make Owner) then tap the checkmark icon to save.

If this is the first time you are sharing with this person, you will first need to establish a "sharing relationship". The user will receive an email prompting them to login to Keeper and either accept or deny the share request. Once you establish a sharing relationship, the user will appear in the email dropdown list.

Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone without requiring them to create a Keeper account. One-Time Share is the most secure way to send confidential information to a friend, family member or co-worker without exposing information over email, text message or messaging.

To Create a One-Time Share:

Open the record you would like to share then tap Share > One-Time Share.

Tap the share icon in the lower right corner of your screen.
Select a record access expiration from the provided options or select a custom date and time.
Once the share link has been created, tap Share, Copy Link (to paste into a message) or the recipient can scan the provided QR code to view the record. When the recipient of the share link opens the record, it will open in their web browser and will be bound to their device. The record access will automatically expire after the set amount of time.

Click for more information on Keeper's One-Time Share feature.

Shared folders allow you to share multiple records at once with others and new records can be added to the folder as needed.

Tap the create icon (+) and select Create Shared Folder.

Enter a name for the folder and tap Save.
Tap the options icon in the upper right corner of your screen and select Manage Users & Records.

Tap Add Users and enter the email addresses of the user(s) (or Team name for Enterprise users) you would like to share the folder with and tap the checkmark to save.
You can assign permissions for each user by tapping on their email address under the "Users" tab (Can Manage Users, Can Manage Records).

Add Records

To add records to the folder, switch to the "Records" tab and tap Add Records.

Select the record(s) you would like to add to the shared folder and tap the checkmark icon to save.

Once a record has been added, select it from the list to assign permissions (Can Edit, Can Share).

Identity & Payments

Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely.

Payment cards can also be stored in your vault as records using the "Payment Card" record type which allows them to be shared with other users. See our Guide for more information.

Key Features

Password & Passphrase Generators

Long, random passwords that are created for each account help protect your information and reduce your exposure to data breaches. Alternatively, by combining multiple words, passphrases are an even more secure alternative to traditional passwords.

Keeper's password generator can create and securely store strong, random passwords or passphrases for all of your sites and apps.

Generate a Password

To begin, tap the dice icon within a new or existing record. You can customize your password by character length (8-99 characters) and choose to include lowercase and uppercase letters, numbers and symbols.

Check the box at the bottom of your screen if you'd like to make your selections the default setting for all passwords moving forward. Tap Use Password to update the record or Copy Password to copy it to your device's clipboard.

Generate a Passphrase

Tap the dice icon and from the dropdown menu next to "Type" and select Passphrase.

You can customize your passphrase by setting the length, including capital letters and numbers in the passphrase and choosing from various symbols to separate the words.

Passphrases can be up to 20 words long, with a minimum length of 5 words and each word including at least 3 characters.

Check the box at the bottom of your screen if you'd like to make your selections the default setting for all passphrases moving forward. Tap Use Passphrase to update the record or Copy Passphrase to copy it to your device's clipboard.

This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password. Click to learn how to easily change your password with KeeperFill.

To generate a password or passphrase from your vault home screen, tap the yellow create icon (+)and select Generate Password. Select either password or passphrase next to "Type". You can either use the password/passphrase to create a new record or copy it to your device’s clipboard to use elsewhere.

Generator History

To view your password/passphrase history, tap Generate Password from either your vault home screen or create one within a record and tap the clock icon. You can delete your generator history at any time by tapping on the trash icon.

Password Zoom

To produce a zoomed-in view of a record's password or passphrase, tap the eye icon then long press on the password field. An enlarged view of your password/passphrase will appear at the bottom of the screen. Any numbers and symbols can be easily identified by blue and red color-coding.

Password Enforcement Policies (Business/Enterprise Users)

The password generator on end-user vaults will adhere to the minimum character length, minimum number of lowercase/uppercase/numbers/symbols and allowed list of symbols as defined by your Keeper Administrator.

The passphrase generator on end-user vaults is enabled by default, but can be disabled by your admin. Passphrases will adhere to the minimum number of words and can be configured to include capital letters and numbers. The separators between words will be selected from the list of allowed symbols.

For more information on record password enforcement policies, please see our .

Wi-Fi Record Type with QR Code

Keeper's "WiFi Login" record type simplifies creating and sharing Wi-Fi passwords. This record type includes the ability to generate a shareable QR code that can be scanned by others to automatically join the Wi-Fi network.

To create a Wi-Fi login record, select WiFi Login from the "Record Type" dropdown and enter the record details.

To generate a Wi-Fi network QR code, ensure the "Network Name (SSID)" and "Password" fields are entered.

Security Audit

Security Audit gives your passwords an overall security score and lets you clearly see what passwords are weak from a password strength visual indicator (red being the weakest, green being the strongest).

If a record is indicated as having a high risk password, Keeper recommends changing the password at the affected site immediately and updating the corresponding record in your Keeper Vault.

Record History

Users also have the ability to conveniently restore previous versions of a record. While viewing a record, tap the menu icon in the upper right corner of your screen and select Record History.

To restore a record back to a previous state, tap on the version you would like to restore. Review the record information by tapping the info icon then tap Restore.

A few notes on Record History:

Restoring a record does not place it back into the original folder structure.
Record History is only available as part of the paid consumer and business plans.
Deleted records can be reviewed and restored by visiting "Deleted Items" in the left navigation menu.

KeeperFill

Use KeeperFill to quickly autofill passwords into web browsers such as Chrome, Firefox, Edge, Brave, DuckDuckGo and all other native apps like banking and social media. Once enabled, KeeperFill login prompts and fill results are seamlessly integrated into your device's keyboard.

KeeperFill is currently supported for Android versions 9 and above.

Setup

To enable KeeperFill, navigate to Keeper's Settings menu, then toggle "KeeperFill" on.

You will then prompted to enable various settings on your device including:

Selecting Keeper as the Autofill service
Enabling KeeperFill in Chrome by selecting "Autofill using another service" (if Chrome is set as the default browser on your device)

Autofill for Apps & Web Browsers

From the app or website login screen, tap Sign in to Keeper located above the keyboard and enter your Keeper master password.

If Keeper identifies a record match, your login will then be displayed. Simply tap on your login next to the Keeper icon to autofill your credentials and log in.

Some apps and sites have more than one login screen and may require you to tap your login on each screen.

If your device's keyboard does not support autofill, KeeperFill's appearance and location will vary like in the example below.

Passkeys on Android

Passkeys on Android devices, a highly anticipated feature for enhanced security and convenience, is now available on Android devices running Android 14+. This update marks a significant enhancement in our mobile applications capabilities, offering users an even more secure and streamlined experience. To learn more about Passkeys with Keeper, click .

Passkeys work on websites and applications that have been specifically built to support them. Keeper maintains a passkey directory, which can be found .

Creating a passkey for a website or app is a simple process on your Android device.
Tapping Create Passkey on a site or app will triggerKeeper to intercept the request. Keeper then prompts you to create a passkey for your associated login and saves it to your vault.
Returning to sites or apps where you have a stored passkey you will either be prompted to sign in with passkey or will be able to select Sign in with Passkey. Keeper does the rest!

Passkey functionality is not enabled by default on Android devices. To enable passkeys with Keeper follow the steps below.

Passkey Setup

Some Android devices do not have passkeys enabled by default. To enable passkeys on your device follow these steps:

Open Chrome or Chromium based browser on your Android device.
Enter chrome://flags into the address bar.
Next, enter "Passkeys" in the search bar.

Record Search & Creation

If you would like to search for a record in your vault or create a new record, tap the Search/Add button above your keyboard.

You can then tap Create New Record, enter the record details, then Fill & Save to save the record to your vault and autofill the newly created login into the app or site.

Or if you'd like to search for an existing record, select the record from your records list and tap Fill to autofill the login into the app or site.

Keeper for Wear OS

Available for download in the , Keeper's smartwatch app for Wear OS provides users with quick access to their favorite records as well as a convenient two-factor method for logging in to your Keeper Vault.

For the best experience, the Keeper Wear OS app requires a phone running Android 9.0 (API level 28) or newer and a watch running Wear OS 5.0 or greater.

Two-Factor Authentication

To setup two-factor authentication for you Keeper Vault using Keeper for Wear OS as your second factor, first ensure your smartwatch is paired with your mobile phone.

On your phone, navigate to Keeper's Settings menu and tap Two-Factor Authentication. From the "Authentication Method" dropdown menu, select Smartwatch then follow the prompts to verify your identity.

If you don't receive notifications, they may not be enabled for Keeper. To turn on notifications, from your phone, navigate to Settings > Notifications > Keeper and toggle "Allow Notifications" on.

Next time you login to Keeper, you will receive a push verification request on your smartwatch to approve or deny the login attempt.

Alternatively, you can enter the time-based verification code from the Keeper app home screen. This is especially useful in cases where the Keeper Push notification times out.

Secure Add-Ons

Secure File Storage

Keeper offers Secure File Storage to protect your confidential files, photos and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper Vault.

You can either add an attachment to any existing record or create a new record (optionally using the "File Attachment" record type). Tap Attach Files, Photos & Videos to upload your file.

To learn more about Secure File Storage, click .

BreachWatch

BreachWatch is a powerful, secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.

To start your BreachWatch scan, tap BreachWatch in the lower menu of your screen tap then Let's Begin > Scan.

BreachWatch will then scan your records and report any risks associated with them. Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper vault with the same password.

If you tap Ignore, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.

To learn more about BreachWatch, click .

Settings

The Settings menu allows you to customize the display, personalization and security features of the application, including:

Dark Mode
Theme
Login Options (Two-Factor Authentication, Biometric Login, Allow Offline Access, Stay Logged In, Auto-Logout)

Please note that some security settings may be enforced by your Keeper Administrator if you are part of a Keeper Business account.

Dark Mode

You can enable Dark Mode from the Settings menu. Tap the Match System dropdown menu to turn Dark Mode for Keeper on or off. By default, the app will match your device's system display settings.

Account Recovery

If you forget your master password, Account Recovery will help you quickly regain access.

Settings > Account Recovery
Confirm your Master Password and tap Generate New Phrase.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.

Reset Master Password

Settings > Reset Master Password.
Enter your current master password.
Create and confirm a new master password.

If you have Biometric Login enabled, you won't be required to enter your current master password.

If you are unable to login with your current master password, and you've set a recovery phrase, go to to recover your account.

Two-Factor Authentication

Two-Factor authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in.

Enabling two-factor authentication is especially advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts).

Keeper offers two ways to take advantage of 2FA:

To log into your Keeper Vault.
To log into any site or application from your Keeper Vault by embedding a TOTP (time-based one-time password) into your records.

2FA for Your Keeper Vault

To enable 2FA for your Keeper Vault, tap Settings > Two-Factor Authentication, tap the dropdown menu under "Primary Method" and select a method from the list of options.

Text Message Setup:

Select a Region (US+1 by default), enter your 10 digit phone number including your area code and tap the checkmark icon to save.
Select how long you want the two-factor method to be valid for (not again for the device, every 30 days, 24 hours, 12 hours or at every login).

Business customers may be required to enter the code every login as determined by their Keeper Administrator.

Enter the code that was sent to the phone number you provided then tap the checkmark icon to save. Codes will only last for a minute; if you need another code sent, tap Send a new code.

Backup codes will be shown next. If you are unable to receive two-factor codes via the phone number you entered, you can enter one of the backup codes listed instead. Tap one of the listed options to confirm you saved the codes somewhere safe.

If you are not receiving SMS messages from Keeper, please use the TOTP method or submit a support ticket at .

Authenticator App (TOTP) Setup:

Once you select "Authenticator App" tap the checkmark icon to save.
Select how long you want the two-factor method to be valid for (not again for the device, every 30 days, 24 hours, 12 hours or at every login).

Business customers may be required to enter the code every login as determined by their Keeper Administrator.

You will be prompted to scan the QR code or enter your secret key into your authenticator or TOTP app. If you don’t have an authenticator app installed, the app will show the QR code for you to scan directly. If you already have one or more authenticator apps installed on your Android device, a menu will appear at the bottom of the screen, allowing you to select the app you wish to use.

If you have multiple authenticator apps installed: Choose the app you want to use. The selected app will open and ask you if you want to add the token.
If you only have one authenticator app installed: The installed app will automatically open, and you'll be asked if you want to add the token.
Save the Token in Your Authenticator App

Once the token is registered in your authenticator app, return to Keeper and enter the TOTP code provided by your app to complete the setup.

Backup codes will be shown next. If you are unable to receive two-factor codes via the phone number you entered, you can enter one of the backup codes listed instead. Tap one of the listed options to confirm you saved the codes somewhere safe.

In order for Azure MFA (using the Microsoft Authenticator app) to be utilized as a TOTP, the Azure Administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure.

Keeper for Wear OS Setup:

To setup two-factor authentication for you Keeper Vault using Keeper for Wear OS as your second factor, first ensure your smartwatch is paired with your mobile phone.

Next time you login to Keeper, you will receive a push verification request on your smartwatch to approve or deny the login attempt. Alternatively, you can enter the time-based verification code from the Keeper app home screen. This is especially useful in cases where the Keeper Push notification times out.

For more information about the Keeper WearOS app, click .

2FA Frequency

You can manage how often you are prompted to sign in on your device with your selected two-factor method at any time. Once you have set up two-factor authentication for your vault (following the steps above), the 2FA Frequency setting will be available within the "Settings" menu. Tap 2FA Frequency and select from: every login, every 12 hours, every 24 hours, every 30 days, or don't ask again on this device.

2FA for Websites & Apps

Keeper can fill 2FA codes on any website or application that supports TOTP by scanning a QR code to generate a code (requires a second device).

Open and edit the Keeper record on your mobile device and tap Add Two-Factor Code (this will open your device's camera).

In order to open your device's camera you must first "allow" Keeper permission when prompted.

On a secondary device (e.g. tablet, computer), navigate to the corresponding record's 2FA set up screen to retrieve the site's QR code.
Scan the QR code with your mobile device. You will see the code has been added to the record.
Tap the checkmark icon to save, then tap the code to copy it to your device's clipboard.

From the Settings menu, toggle "Biometric Login" on.

For security reasons, Android has designated only certain biometric authentication methods as secure. Samsung face biometric is considered insecure by the Android operating system (because it can be ). Keeper Security does not permit insecure biometric access to the vault.

Once enabled, at the Keeper login screen, tap Biometric Login and touch the fingerprint sensor when prompted (or use Face/Iris Authentication where available).

FIDO2 WebAuthn Security Keys

Keeper provides two-factor authentication (2FA) on Android with compatible hardware keys such as the , and . Listed below are supported physical keys on Android.

Supported Physical Keys

NFC Support

Plug-in Support

Keeper is committed to enhancing the security and flexibility of your experience. Support for more plug-in style physical keys will come with a future release.

Setup & Registration

Before you add a security key, a two-factor authentication method must be in place as a backup.
Navigate to Settings > Two-Factor Authentication and tap Add next to "Security Keys".
Tap + Add Key and enter a name for the security key, then tap REGISTER.

Your security key has been registered. You can register up to 5 security keys. Any one of those keys will unlock the account.

Prompt Frequency & Offline Access

The FIDO2 WebAuthn device will be required for login based on the configuration of the first 2FA method. For example:

If the first 2FA method is set to "Prompt Every Login", then the Yubikey will be required on every login, and offline login will be disabled.
If the first 2FA method is set to "Every 30 days", then the Yubikey will be required every 30 days, and offline login will be disabled.
If the first 2FA method is set to "Remember Forever", then the Yubikey will only be required one time on each new device. Offline vault login will be enabled.

Account Switching

Have more than one Keeper account? Keeper supports the use of multiple vaults on the same device and makes it easy to seamlessly switch between your personal and business accounts without having to log out of your current session.

To switch accounts, navigate to the "Account" menu by tapping on your user icon in the upper right corner of the screen and selecting Account. Next, tap the dropdown menu icon to the right of your email address.

Select the account you would like to switch to or tap Add Account to login into and register another account on that device.

Quick account switching only works for active sessions where you've already logged in.

Easily remove unwanted accounts from the device by swiping left on an account email then tapping the remove icon.

You can also switch and add accounts from the Keeper login screen.

2FA Prompting Behavior & Offline Access

When 2FA is activated on an account, it protects the user on all devices and all platforms because 2FA is protecting access to the backend cloud system.

By definition, two-factor authentication protects access to the cloud and it protects access to online accounts. It therefore requires an online connection to be prompted for 2FA. 2FA is triggered when a request is made from the client device to the server. For example when logging into a new device, syncing new information on an existing device or performing any other cloud-based features.

By default, the native Keeper app for iOS, Android, Mac and Windows allow users to login quickly with their master password (offline mode) to access their vault. After typing in the master password or using biometric login, the user decrypts the data locally, then the app sends a sync request to the server at which time the user may be prompted for their 2FA code. Depending on the speed of the Internet connection, the 2FA prompt may be received a couple seconds after logging into the native application because the local decryption of data occurs much faster.

Offline authentication and vault access is permitted by all consumer customers. Enterprise customers may restrict the use of offline access for their employees.

2FA Token Retention & Timing

When activating 2FA on your Android device for the first time, the user selects how often they want to be prompted. Users can be prompted for 2FA at every login, once every 12 hours, every 24 hours, every 30 days, or only one time per device. It's important to understand that 2FA is always enabled on the Keeper servers. After a successful login on a device, a "token" is generated from the 2FA code and stored locally on the device as long as it's deemed valid by the server. This is why you are still able to login to the same device over and over without being re-prompted. By default, consumer customers will be prompted only one time per device. Enterprise customers may enforce users to be prompted every time for a new code.

Currently, the 2FA token retention timing on Android will default to "only one time" on a device if the 2FA was initially set up on the Web Vault or Desktop App. To change this behavior, please turn 2FA off and then re-activate 2FA on the iOS device.

Import & Export

To import and export data from your Keeper vault, visit the Keeper Web Vault or download Keeper Desktop for your computer.

Keeper Web Vault:

All Downloads:

Uninstall & Account Reset

The instructions below apply to the latest OS. Third party operating system instructions may differ.

Uninstall Keeper:

Uninstalling Keeper will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.

Open your device's Settings menu.
Tap Apps or Application Manager (depending on device).
Navigate to the Keeper App.

Account Reset:

Resetting Keeper will erase all records from all Keeper accounts stored locally on your device. Data stored on Keeper's Cloud Security Vault is NOT erased.

Open your device's Settings menu.
Tap Apps or Application Manager (depending on device).
Navigate to the Keeper App > Storage.

Privacy

Keeper's mobile apps do not contain any trackers. All mobile apps go through vulnerability testing with Keeper's 3rd party testers and the Bugcrowd Bug Bounty Program.

Exodus Privacy is an organization that monitors the applications that perform user tracking. Keeper's Android application showing zero trackers is listed below:

Helpful Links

Customer Support Form:

Business Customers:

System Status:

Web Vault & Desktop App

A comprehensive guide for the Keeper Web Vault and cross-platform, Keeper Desktop Application.

Your Keeper Vault

Watch the video below for an overview of the vault with master password login.

If you've already signed up for Keeper on your mobile devices, you can simply login to the Web Vault or Desktop App (links below) with your email address, Master Password and Two-Factor Authentication (if enabled on your account).

(United States)
(Europe)
(Australia)

Download the Keeper Desktop App:

Device Approvals

Upon logging in, you may encounter a "Device Approval" request. If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper Vault. Users have three methods of approval to choose from: Email, Keeper Push or Two-Factor Method.

Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device.

If you select Keeper Push, a notification (push) will be appear in your Keeper Vault on an approved device or browser.

Select Yes to approve the new device.

You must be actively logged into a different, recognized/approved device to receive the notification.

Once your device has been approved, you will be prompted for 2FA (if enabled), then you can enter your Master Password to proceed to your vault.

New User Account Creation

To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.

Enterprise users who login with SSO do not require the selection of a Master Password.

Upon logging in, you will be prompted to follow our Get Started wizard, which will guide you to , install the and set up .

Watch the video below to learn how to create your account.

Users who login with an existing identity provider have various login choices. Users can either enter their email address at the login screen or click Enterprise SSO Login and select their login method from the dropdown menu as determined by their Keeper administrator (Enterprise Domain Login or Master Password Login).

Enterprise (SSO) users, should refer to our "" Guide for more information regarding account creation, login flows, device approvals and much more.

Create a Record

Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital Vault (as "Records") and are encrypted on your device using 256-bit AES.

Click + Create New > Record.

Choose a from the dropdown menu ("Login" is the default type)
Enter a name for the Record and click Next
Enter the Login (Username or Email)

Importing Passwords

Keeper makes it easy import your existing logins and passwords directly from your web browsers (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv, .xls, .tsv). Watch the video below or continue reading to learn how.

From Web Browsers

To import passwords from your web browser, you must first install the Keeper Import Tool. To begin the installation, from the Account Dropdown Menu, click Settings > Import > Import (next to "From a Browser") > Install.

If you have started the import process from a mobile app and came to the Web Vault, you will be prompted to import your existing passwords, click Next > Install.

Keeper will then walk you through a few steps to download the Keeper Import Tool:

Copy the code Keeper provides (you will need this later when prompted in the Keeper Importer).
For PC: click Run when prompted.
For Mac: double click the "KeeperImport.zip" file located in your downloads and double click on the "Keeper Import App" to start the import process. You will encounter a few Keychain permission windows that will require you to enter your computer password to allow Keeper to access your web browsers.

From Password Managers

Keeper can quickly import your logins and passwords from other password managers. From the Account Dropdown Menu, click Settings > Import > Import (next to "Use Another Source").

From the dropdown menu, select the password manager you want to import from, then click View Instructions which will involve logging into the password manager and exporting your existing password records. If an automated import using the Keeper Desktop App is available for your selected password manager, additional instructions will be provided.

Once you have created the export file per the instructions, drag-and-drop the file onto Keeper's "Drop a File Here" window or browse for the file on your computer and click Next. Skip to our below to finalize your import details.

Confirm the export file has the correct extension at the end of the file name (e.g. export.csv).

From Text Files (.csv, .xls, .tsv)

Keeper can import your logins and passwords from a text file (.csv). To begin, from the Account Dropdown Menu, click Settings > Import > Import (next to "Use Another Source").

From the dropdown menu, select Text File (.csv, .xls, .tsv), then click View Instructions. Keeper's CSV import method supports advanced structure including folders, subfolders, shared folders, TOTP codes and any number of custom fields.

Once you have created the export file per the instructions, drag-and-drop the file onto Keeper's "Drop a File Here" window or browse for the file on your computer.

Check the box if your file includes column headers, otherwise, the first row will be treated as data and click Next. Skip to our below to finalize your import details.

File Format Examples

• To specify subfolders, use backslash "\" between folder names

• To make a Shared Folder specify the name or path to it in the 7th field

Example 1: Create a regular folder at the root level with 2 custom fields

Example 2: Create a shared subfolder inside another folder with edit and re-share permission

Keeper also supports advanced JSON structured file formats. We recommend using JSON files for import and export of structured data instead of CSV files. This is described in the

See the full instructions and file format of our CSV import .

Field Mapping

Once you have imported your credentials using one of the methods above, you can customize how you would like the information to appear in your vault in the field mapping screen. Here you'll see standard field names across the top that “map” to the data below for each Keeper record.

To adjust these mappings:

Click any field to open a dropdown menu
Select the appropriate field name from the list. Repeat this process across each column as needed
Click Next to finalize your selections.

Change the title of each column to accurately represent the information below (e.g. If you see a column of URLs and the column title says "Notes", change that column title to "URL").

Next, a summary screen will display a preview of your vault, showing the folder structure of your imported records. Here you can adjust the folder structure and click into individual records to preview their details before finalizing the import.

Click Confirm Import to complete the import process.

Once the import is complete, we highly recommend that you delete any unencrypted password files from your computer and disable any old password managers.

Specific import instructions based on your import source can also be found in the section of our user guides.

Download Keeper Applications

Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.

Visit: to download the Keeper App for all of your desktop and mobile devices.

Organization

With Keeper you can organize your records into folders and subfolders. To create a folder, click on + Create New > Folder. Enter the name of the folder and click Create.

To create a subfolder, right-click on an existing/parent folder and select New Folder.

Move, Shortcut & More

Drag and drop the record(s) you would like to store in a folder or subfolder and click Move or Create shortcut. To move multiple records, hold "shift" and click the items to drag-and-drop.

Record shortcuts = like alias files, can exist in two or more places and when edited, change together.

You can perform a number of actions by right-clicking on a record or folder to generate a contextual options menu.

Delete a Record or Folder

Right-click on a record or folder and select Delete. Click OK to confirm.

If you are deleting a folder, all records in the folder will also be deleted.

Delete Multiple Records or Folders at Once

To delete multiple records and folders simultaneously, hold down the Ctrl/Cmd key on your keyboard while selecting the records/folders for deletion. Next, right-click on the selection and select Delete and OK to confirm. "Shift-click" for selecting a list of items is also supported.

If a folder is included in your selection, all records in the selected folder will be deleted.

Deleted records can be found in the "Deleted Items" section of your vault (for paid consumer accounts). More information on Deleted Items can be .

Favorites

Record Favorites are used to easily identify your most frequently used records. Right-click on a record and select Add to Favorites.

Securely share records and folders with other Keeper users such as family, friends and colleagues.

If you attempt to share a record or folder with someone who is not an existing Keeper user, they first receive an email inviting them to sign-up for Keeper.

While viewing a record, click Share.

Enter the email(s) of the user(s) you would like to share with, then choose their permission type from the dropdown menu.

User Permissions

Permission Name

Permission Level

Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone without having to create a Keeper account. To learn more about One-Time Share, click .

Shared folders allow you to share multiple records at once and new records can be added to the folder as needed.

To create a Shared Folder, click Create New > Shared Folder.

Choose where you would like to nest the folder using the dropdown menu and enter a name for the folder. Set the User and Record Permissions and click Create.

Learn more about Keeper's sharing features .

Identity & Payments

Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely.

From Identity & Payments enter a username and click + Phone Number and + Address.

Enter the corresponding personal information and click Save to finish.

To store a payment card, click the Payment Cards tab, enter the card information and click Save to finish.

You can also create a "Payment Card" Record by using the record type dropdown menu during record creation.

Create a Payment Card Record

Click Create New > Record and select "Payment Card" from the dropdown menu, enter a title and click Next. Enter your payment card info and click Save.

Key Features

Password Generator

Long, random passwords that are created for each login help protect your information and reduce your exposure to data breaches. Keeper generates and securely stores strong, random passwords for all of your sites and apps by clicking on the dice icon. The default password length for generated passwords is 20 characters. The length slider can be used to generate longer or shorter passwords for specific sites.

Character Sets Used for Password Generation

Lowercase Letters

Uppercase Letters

Digits

Symbols

Passphrase Generator

Similar to Keeper's password generator, a click of the dice will generate a highly secure, random, yet easy-to-remember passphrase for any of your accounts stored in Keeper. By combining multiple words, passphrases are a more secure alternative to passwords.

Click on the dropdown and select Passphrase.

A strong passphrase includes a mix of uppercase and lowercase letters, numbers and symbols. You can use numbers, symbols or spaces to separate each word of the passphrase.

Password Zoom

Password Zoom allows you to view password character positions in the Password Zoom tray. To reveal the Password Zoom icon, first you must click the View Password Button (eye icon). Next, hover your cursor to the left of the copy icon and click on the Password Zoom icon.

Custom Fields

Custom Fields allow you to store additional data within a record, such as the answer to a site's security question or a passport number. Any record created with one of Keeper's , can be further enhanced with various custom field options.

Custom field labels can be edited and if you are creating multiple custom fields, you can drag and drop them in your preferred order.

To learn more about Record Types, click .

While creating or editing a record, click Custom Field.

Select the custom field you would like to add to the record.

Available Custom Fields:

Text
URL (website address) used for Autofill
Security Question & Answer

Enter the field values and click Save to finish.

Keeper autofills the custom fields of login forms as long as both the Website Address and Custom Field Name of the Keeper record match those of the login form.

"General" Record Types (Keeper's Legacy Record Version)

Within a "general" record type, custom fields can be created in pairs: a "Custom Field Name" and a "Custom Field Value".

Advanced Filters & Quick Search

Use advanced search filters to quickly narrow down your results and find exactly what you need.

Quick search shows recently viewed items and improves sort results. Click within the "Search" field to narrow down your results based on search terms or to reveal recently viewed items.

Launch

Launch allows you to quickly navigate to your favorite websites. Simply click a record's Website Address, Launch button, or launch icon to launch the target site and login with Keeper in a new window.

Notification Center

Keeper's Notification Center creates a secure, in-app hub for viewing and managing notifications. Types of notifications you can expect to receive include:

Security Alerts - Notifies users in real-time about suspicious login attempts or changes to their account settings.
Access Requests - Notifies users when someone requests access to shared files or records, enabling quick approval or denial.
Device Management - Alerts users to new device logins or provides reminders to review active device sessions.

Click the bell icon to open your Notifications Center.

Quickly review and respond to actionable events such as device approvals and sharing requests with one click.

Options like the "Unread Only" toggle and "Mark all as read" allow you to simplify and filter your view.

To learn more about the Notification Center, click .

Security Audit

Learn more about Security Audit .

Record History

Keeper provides you with the ability to view and restore previous versions of a record by clicking on the record's information icon and View Record History.

Select the version of the record you want to review/and or restore based on the last modified date and time. Click Restore to revert the record back to the selected version.

Deleted records can be reviewed and restored by visiting the Deleted Items section of your vault (this is available for paying customers only).

Emergency Access

The Emergency Access feature is only available for consumer accounts.

From the Account Dropdown Menu, click Account > Emergency Access

Click Trusted Users and enter the email addresses of up to five contacts (Keeper users). Optionally, select a "Delay Access" duration from the dropdown menu for each user, then click Send.

The amount of time between your request to provide emergency access and access granted can be set up to three months per contact. If a delay is configured, the countdown begins the moment the trusted user attempts to login to your vault.

In order for the recipient to accept the request, you must first establish a "sharing" relationship if one hasn't already been established through Keeper's record/folder sharing features.

If prompted, click Send Invite.

If the recipient is not an existing Keeper user, they will receive an email inviting them to sign up for a Keeper account. Once they sign up and login to their account, they can accept the sharing relationship request.

Once the recipient accepts your sharing request, you will need to invite them to be your emergency contact once more from the “Emergency Access” section of your vault. This step is not necessary if a sharing relationship has previously been established.

To learn more about Emergency Access, click .

Deleted Items

You can view and restore previously deleted records from the "Deleted Items" section of your vault by clicking Restore.

Delete Forever

Records in the Deleted Items can be purged permanently by selecting the "Delete Forever" option.

Data Retention Policy

Business customers have the option of applying data retention policies in the enforcement policy section of the Keeper Admin Console. If a retention policy is set, you may be denied the ability to permanently delete items from the vault. If this occurs, you will receive a message similar to below:

Lost Access

The “Lost Access” tab contains records that you own, but are no longer accessible (e.g. You delete a record that you own that has also been shared with another user). This feature allows users to individually add these records back to their vault.

Click Add to My Vault to add a record back to your vault.

Shared Item Recovery

Recently deleted shared records from within shared folders can be recovered from the tab called "Shared Folder Contents". This tab contains records that were deleted by a user of the shared folder with "Can manage records" permission. Records which appear in this tab are able to be restored from any user who currently has access to the shared folder. This feature was created to make the restore process accessible from any shared folder participant when a record has been removed by any team member.

For security reasons, if a change was made to the record after it was removed from the shared folder, it cannot be restored and the original owner must re-share it.

Two-Factor Codes for TOTP

For extra security on supported sites and apps, click Add Two-Factor Code to store Two-Factor Authentication (2FA) codes for standard TOTP (Time-Based One Time Passwords) in your Keeper records.

Storing two-factor codes in your vault has several advantages:

Keeper two-factor codes are more secure than using SMS text messages.
Two-factor codes stored in Keeper are protected with strong Zero-Knowledge encryption.
Codes can be auto-filled quickly while logging in to a site, saving time and reducing friction.

KeeperFill

The KeeperFill Browser Extension allows you to autofill your passwords and save new login credentials to your vault. KeeperFill is available for every web browser.

Download KeeperFill for your browser by visiting our .

To learn more about the KeeperFill Browser Extension, click .

Changing Passwords with KeeperFill

KeeperFill makes it easy to change your passwords. When visiting a site's "Change Password" form, you will receive a prompt from Keeper asking if you would like help changing your password. By clicking Yes, Keeper will walk you through a few quick steps to change your password and simultaneously update the record in your vault. These steps will include a series of prompts detailing the following actions:

Autofill your old/current password
Automatically generate and autofill a new secure password
Confirm the changes and save them to your vault

Secure Add-Ons

Secure File Storage

Files can either be added to an existing record or you can create a new record to store the file independently of other login information.

Click Files or Photos to upload a file, or simply drag-and-drop the file directly into your Vault.

To learn more about Secure File Storage, click .

BreachWatch

BreachWatch is a powerful secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.

To start your BreachWatch scan, from the left navigation menu, click BreachWatch > Let's Begin.

BreachWatch will then scan your records and report any risks associated with them. Clicking each record listed will allow you view the steps needed to resolve each risk.

Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper Vault with the same password.

If you click Ignore, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.

To learn more about BreachWatch, click .

Settings

Users can configure specific features like language, theme and two-factor authentication from the Settings Menu. You can access the Settings Menu by clicking on the Account Dropdown Menu (your email) in the upper-right corner of your screen.

General

Choose a Theme: Select from a number of available themes. The theme will affect coloring of buttons, backgrounds, icons and other components.
Clipboard Expiration (Desktop App Only): This will clear any data copied to the clipboard via a copy button after a period of time. Note: If your operating system maintains a clipboard history, this information may still be available after it has been cleared.
Choose another language: English US & UK, Spanish, Japanese, Romanian, Chinese Simplified & Traditional, French, Korean, Russian, Arabic, Greek, Dutch, Slovak, Brazilian Portuguese, Hebrew, Polish, German, Italian, and Portuguese

Security

Auto-Logout: Logout of Keeper after a number of minutes of inactivity. On the web vault, this is controlled in the browser extension settings. On desktop you have the ability to also wipe application memory and restart the desktop app on logout.
Stay Logged In: If Auto-Logout is enabled, this setting will maintain the inactivity timer and preserve your login if the system is rebooted or your browser is restarted. If "Stay Logged In" is disabled, you will be logged out if the application closes.
: Enable a second factor of authentication such as SMS, RSA token, DUO security token, Authenticator or KeeperDNA. This will be used in addition to device verification and a master password.

KeeperFill

: KFFA allows interaction with desktop and thick clients to input passwords and other fields into apps via shortcut keys. This requires the desktop app to be installed.
: The browser extension provides most keeper capabilities directly from the browser.

Accessibility

Optionally extend display of temporary confirmation messages.
Zoom keyboard shortcut: Cmd +/-

In order to properly utilize the vault's +Create New button and various dropdown menus, users must first disable the JAWS "Virtual Cursor" setting if applicable (or ALT + arrow up/down for NVDA).

In JAWS navigate to Utilities > Settings Center and search for "use virtual PC cursor", then uncheck "Use Virtual PC Cursor".

Advanced

Search Settings: Control the visibility of Keeper’s search results dropdown overlay and advanced search filters.
Automatic Syncing Delay (Business Customers Only): Set your vault sync delay frequency to improve syncing performance across large user groups.
Show Numbering In Record List View: Choose whether you want records in "list view" to be numbered.

Import & Export

Import: Import passwords from browsers or other password managers. Web imports are typically file based. Keeper Desktop has more availability for automated imports from other solutions.
Export: Export your vault to CSV, JSON or PDF. This includes the ability to include records that have been shared with you that you are not the owner of.
Shared Records Report: Generate a report in CSV, JSON or PDF format. This provides a list of records that you own, and who those records are shared with.

Keeper Forcefield

Keeper Forcefield is an advanced endpoint security feature for Microsoft Windows that protects sensitive applications and processes from unauthorized access. It is specifically designed to defend against threats such as infostealers and password-stealing malware installed from phishing or other attacks. Forcefield will only show on the Windows version of the Keeper Desktop application.

See the page for more information.

Two-Factor Authentication

Two-Factor Authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in.

Enabling Two-Factor Authentication is advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts).

Keeper provides two ways to take advantage of 2FA:

To log into your Keeper Vault.
To login into any site or application from your Keeper Vault by embedding a Two-Factor code into your records.

2FA for Your Keeper Vault

To enable 2FA for your Keeper vault, from the Account Dropdown Menu, click Settings > Security, toggle "Two-Factor Authentication" on and select your 2FA method.

Keeper support several methods of Two-Factor Authentication:

Text Message (SMS)
Authenticator App (such as Google Authenticator, Microsoft Authenticator, etc)
RSA SecurID (for Enterprise customers)

Text Message Setup

(1) The Text Message toggle is on by default. Select a Region from the dropdown (US+1 by default), enter your 10 digit phone number including your area code and click Next.

(2) To verify that you trust this number and device, enter the Keeper web code that was sent to the phone number you provided. Select your 2FA code duration from the dropdown menu and click Next. Codes will only last for a minute; if you need another code sent, click Send a new code.

You will be prompted for 2FA every time you login to your Vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.

(3) Backup codes will be shown next. If you are unable to receive Two-Factor codes via the phone number you entered, you can enter one of the codes listed instead. Click I have written these codes down to finish.

If you are NOT receiving SMS messages from Keeper, please use the TOTP method.

Authenticator App (TOTP) Setup:

(1) Toggle "Authenticator App" on and click Next.

(2) Using the device that runs the the TOTP application, scan the QR code provided or manually enter the secret key. The app will then acknowledge the QR code and produce a verification code.

(3) Enter that verification code and click Next.

(4) Backup codes will be shown next. If you are ever unable to receive Two-Factor codes, you can enter one of the codes listed instead. Click I have written these codes down to finish.

In order for Azure MFA (using the Microsoft Authenticator app.) to be utilized as a TOTP, the Azure administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure.

KeeperDNA Setup:

Keeper DNA is a Two-Factor Authentication method that uses your smart watch as your second factor.

To use this feature, toggle the switch next to Keeper DNA, then follow these links to set up KeeperDNA on your preferred platform:

Security Key Setup:

Keeper supports any FIDO2-compatible WebAuthn security key, including hardware-based security key devices such as YubiKey and device passkeys on your web browser or operating system. A user can register up to five security keys. Any one of those keys will unlock the account.

Go to Settings > Security and enable Two-Factor Authentication then select "Set Up"
Make sure the security key is NOT already inserted into your USB port and click Next.
Insert the security key into the USB port, name the key and click Register.

If you have a PIN associated with your security key, you will be required to enter the PIN when registering your key. If you would like to remove the requirement for PIN entry, this can be done after registration.

Security Key with Fallback Method

If you don't always have your security key on hand, or if you are using mobile devices which don't support hardware security keys, you may add additional methods of 2FA such as a TOTP code. When logging into a device, you will then have the option of using either method.

Security Key as the Only Factor

For the highest level of protection, you can elect to use Security Keys as the only 2FA method. There are some important things to know about this configuration:

Support for enforcing a FIDO2 Security Key can vary based on the device operating system and device firmware capabilities.
Keeper on iOS currently requires using NFC-enabled keys.
The PIN requirement is supported based on the capabilities of the device. As of this writing, mobile OS support for PIN enforcements is limited. We do not recommend enforcing the PIN if users are accessing Keeper on their mobile device.

Managing the Security Key PIN Requirement

To manage the entry of PIN every login with a security key, go to Settings > Security > Security Keys > Edit > Edit > and see the "Require PIN if set on security key" setting.

2FA for Websites & Apps

Keeper can protect, manage and store TOTP codes for authenticating into any 3rd party website.

(1) At the target website, visit the two-factor authentication screen which is usually located within security settings. It is sometimes referred to as "login verification" or "two-step verification". Screengrab the QR pattern or copy the secret code to your clipboard.

(2) Within a record, click Add Two-Factor Code.

(3) Upload the screengrab of the two-factor QR pattern (with security key) associated with the site or application. If there isn't a QR pattern, use the manual entry method. Enter the code given under “Secret Key”, often a 32-digit code and fill out the rest of the fields.

If you're using Keeper Desktop, you can also use the handy "Scan" feature to automatically capture the code.

(4) After adding the security key to the record, a two-factor code will be generated inside the Keeper record.

(5) The two-factor code will be regenerated frequently and can then be copied and filled into the site or app when prompted after logging in with a username and password.

KeeperFill for Apps

Using a hotkey, KeeperFill for Apps also provides autofill features for native desktop applications. Please note, this feature is only available when using the Keeper Desktop application.

To learn more about KeeperFill for Apps, click .

Platform-Specific Features

On supported Mac devices equipped with the Apple M1 chip, users with can use their fingerprint to log in to the Keeper Desktop App.

Touch ID Configuration

To configure your Touch ID Magic keyboard fingerprint login capabilities, you must first be running the latest version of macOS (Big Sur 11.5.2 or newer). Once updated, navigate to your computer's System Preferences > Touch ID > Add Fingerprint. Follow the prompts to register your fingerprint to the device.

Enable Touch ID in Your Keeper Vault

Once you have registered your fingerprint, log in to the Keeper Desktop App and click on the account dropdown menu in the upper-right corner of your screen, then click Settings > Security and toggle "Touch ID" on.

The next time you login to the Keeper Desktop App, the "Touch ID" button will appear at the login screen. Click Touch ID and when prompted, apply your registered fingerprint to the Touch ID sensor on your keyboard to log in.

To enable Windows Hello Login for Keeper, from the Account Dropdown Menu, click Settings > Security and toggle "Windows Hello Login" on.

Next time you log in to Keeper, click the Windows Hello login button.

Windows Hello will then attempt to authenticate your identity. Once authenticated, you will be automatically logged into Keeper.

To learn more about logging into Keeper with Windows Hello, click .

Keychain Access (Mac OS)

When accessing your Keychain, a popup will be triggered asking you to enter your Mac password. This is because Keeper Desktop App saves local storage protected by a key saved in Keychain Access which is used to encrypt local app data. Enter your Mac password and click Always Allow.

Password Export (Backup)

To backup your records or generate a Shared Records Report, from the Account Dropdown Menu click Settings > Export. There are 4 formats for export: CSV, JSON, PDF and encrypted KeePass (.KDBX). To begin backup, select your preferred file format and click Export.

The encrypted KeePass format (.kdbx) is the only format which includes attachments saved in records. For advanced backup capabilities see .

Uninstall

The instructions below are for uninstalling Keeper Desktop App (Keeper Password Manager) for Mac and Windows OS.

Uninstalling the Keeper Password Manager will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.

Mac

Drag the Keeper Password Manager app to the Trash.
Empty the Trash.

Uninstalling Keeper Password Manager will also remove KeeperFill Browser Extension from Safari. Data stored in Keeper's Cloud Security Vault will NOT be erased.

Windows

Navigate to the Windows Start Menu > Settings > Apps & Features.
Within Apps & features, click the Keeper Password Manager application.
Click Uninstall.

Additional user tutorial videos are available at:

End-User Guides

Keeper End-User Guides

hashtagAbout Our Security

hashtagUser Guides

hashtagEnterprise Guides

hashtagHelpful Links

System Requirements

hashtagCompatibility

hashtagKeeper Web Vault

hashtagKeeper Desktop Application

hashtagDownload Options

hashtagEnterprise Installation

hashtagChecksum / Hash

hashtagMobile App

hashtagiOS

hashtagAndroid

hashtagKeeperFill Browser Extension

hashtagEnterprise Deployment

Quick Start Guides

Install for Chrome

hashtagChrome Web Store Install

hashtagDisable Chrome Built-In Password Manager

Install for Firefox

hashtagFirefox

Install for Edge

hashtagMicrosoft Edge

hashtagDisable Built-In Password Manager

Install for Opera

hashtagOpera

Enterprise Deployment

Autofill & Passkey Setup for iOS

hashtagOverview

Time-Limited Access

hashtagOverview

hashtagShare a Record

hashtagShare a Folder

Self-Destructing Records

hashtagOverview

hashtagCreate a Self-Destructing Record

hashtagSecurely Share Files Using Self-Destruct

hashtagDelete a Self-Destructing Record

Security Audit

hashtagOverview

hashtagCalculation of Security Score

BreachWatch

hashtagOverview

Emergency Access

Keeper Forcefield

hashtagKeeper Forcefield: Windows Endpoint Protection

hashtagOverview

Troubleshooting

Reporting Autofill Issues

hashtagOverview

hashtagReporting Autofill Issues with the Snapshot Tool

hashtagOn-Page Form Fill

hashtagBrowser Extension Toolbar

hashtagSubmitting Snapshots & Reporting Issues

hashtagSnapshot Resolution

Troubleshoot Extension Issues

hashtagAutofill Issues

hashtag

Troubleshooting Vault Issues

Clearing Your Browser Cache

Website Developers

hashtagKeeper Icon Appearing in Wrong Field

Tips & Tricks

Protecting your Keeper Vault

hashtagOverview

hashtagCreate a Strong Master Password

hashtagEnable 2FA on Your Keeper Account

hashtagEnable 2FA on Your Email Account

hashtagBe Careful of Browser Extensions

Using Keeper TOTP with Azure or Office 365

hashtagMicrosoft 2FA Configuration

hashtagLogging in with Two Factor Code

Changing Passwords Using KeeperFill

One Record with Multiple URL Domains

hashtagOne Record with Multiple Domains

KeeperFill Right-Click Context Menu

hashtagKeeperFill Right-Click Context Menu

About Our Security

User Guides

Enterprise Guides

Helpful Links

Compatibility

Keeper Web Vault

Keeper Desktop Application

Download Options

Enterprise Installation

Checksum / Hash

Mobile App

iOS

Android

KeeperFill Browser Extension

Enterprise Deployment

Chrome Web Store Install

Disable Chrome Built-In Password Manager

Firefox

Microsoft Edge

Disable Built-In Password Manager

Opera

Overview

Overview

Share a Record

Share a Folder

Overview

Create a Self-Destructing Record

Securely Share Files Using Self-Destruct

Delete a Self-Destructing Record

Overview

Calculation of Security Score

Overview

Keeper Forcefield: Windows Endpoint Protection

Overview

Overview

Reporting Autofill Issues with the Snapshot Tool

On-Page Form Fill

Browser Extension Toolbar

Submitting Snapshots & Reporting Issues

Snapshot Resolution

Autofill Issues

Keeper Icon Appearing in Wrong Field

Overview

Create a Strong Master Password

Enable 2FA on Your Keeper Account

Enable 2FA on Your Email Account

Be Careful of Browser Extensions

Microsoft 2FA Configuration

Logging in with Two Factor Code

One Record with Multiple Domains

KeeperFill Right-Click Context Menu

Keyboard Shortcuts

Mac & Windows

Windows Hello Login

Windows Hello Setup

Logging in with Windows Hello

macOS Login with Touch ID

Touch ID Setup

Logging In with Touch ID

iOS

Overview

Import Instructions

Export

Import

Export

Import

Export

Option 1: DASH: Dashlane Secure Archive

Option 2: CSV

Import

Export

Windows

Import

.KDBX File Import Overview

Export

Export

Import

Export

Import

Export