The proceeding pages in this section are dedicated to various troubleshooting guides. Have a suggestion? Email our team at feedback@keepersecurity.com.

This guide provides important compatibility information and troubleshooting tips for using hardware security keys with Keeper on iOS devices. If you're encountering issues with PINs, autofill, or NFC key support, this page will help you understand which iOS versions are compatible and how to resolve common problems.

Which hardware keys are supported with Keeper on iOS?

• Keeper works with any FIDO® Certified security keys. Ensure you have the latest version of Keeper installed for full compatibility with hardware keys.

  • For a complete list of certified keys from the FIDO Alliance, visit the FIDO® Certified Showcase.

• Unsupported Keys: Currently, software keys such as Passkeys or iCloud Keys are not supported for login or autofill with Keeper.

What are the iOS version requirements for hardware key compatibility?

To help you understand the compatibility of your iOS version with hardware keys and Keeper, refer to the table below:

Do I need a PIN for my hardware security key on iOS?

• Setting a PIN for your hardware security key is optional. You can choose whether or not to set up a PIN when configuring your key. The PIN setup process is done through the hardware key manufacturer’s software (e.g., Yubico Authenticator).

• Once a PIN is set for your security key, iOS will ask you to enter the PIN every time you use the key, whether for login or filling passwords.

• No PIN Bypass: Unlike the Keeper Web Vault, iOS does not support bypassing the PIN. You must enter the PIN each time the key is used.

What happens if I enter the wrong PIN for my hardware key too many times?

• If you enter the wrong PIN 6 times in a row, your hardware key will be locked. To unlock it, you will need to reset the key before you can use it again.

  • To reset your hardware security key please use the hardware key manufacturer’s software (e.g., Yubico Authenticator).

Can I use NFC hardware keys on iOS devices?

• Yes, NFC hardware keys are supported on most iOS devices.

• iPads do not support NFC hardware keys at all. This is a restriction at the OS level, and only physical hardware keys that plug into the device (via Lightning or USB-C) will work.

• NFC hardware keys are not supported in Keeper extensions (Autofill | KeeperFill) on iOS.

  • Recommendations to work around this limitation can be found HERE.

Can I use my hardware keys on my iPad?

• Yes, you can use hardware security keys with your iPad, but please note that only hardware keys that plug into the device (via Lightning or USB-C) are supported. NFC hardware keys are not compatible with iPads due to limitations at the OS level. This means that if you're using a hardware key with only NFC functionality, it will not work on iPad devices.

  • Combination hardware keys, that support both plug-in and NFC, will work via the plug-in method only.

  • USB-C keys require Keeper Version 16.12.0 or greater.

For iPad users, ensure your key is compatible with the appropriate connector (Lightning or USB-C) and that you have the latest version of Keeper installed to ensure full functionality.

Known Issues:

YubiKey FIDO PIN Loop

Issue Overview: Some users with FIDO CTAP 2.1 security keys (specifically YubiKeys with firmware 5.7) have reported being repeatedly prompted to enter their FIDO PIN in a loop, even after entering it correctly. This issue began after upgrading to Safari 18.1 or iOS/iPadOS 18.1. Users may experience difficulties authenticating with their security keys, as the prompt fails to complete the authentication process.

Affected Devices and Scenarios:

• iOS/iPadOS: On mobile devices, after upgrading to iOS/iPadOS 18.1, the following issues are observed:

  • Physical key plugged in: Users will see an error after entering the FIDO PIN.

  • NFC authentication: The system may not prompt users for authentication when attempting to authenticate via NFC.

• MacOS: This issue affects Safari 18.1 and certain 3rd-party browsers that rely on Safari’s WebKit engine. It can occur when a username allowlist and PIN verification are required during authentication.

Status: Yubico has acknowledged the issue and is working with Apple to resolve it. Apple has released a beta fix in macOS 15.2 Developer Beta 4 and iOS/iPadOS 18.2 Developer Beta 4. This update addresses the FIDO2 PIN prompt issue, but it is still in development, and users are advised to report any persistent issues to Apple.

Workaround Options: If you're experiencing this issue, consider the following options:

1. Upgrade to iOS/iPadOS 18.2 Public Beta: If you're not already on the public beta, upgrading to iOS/iPadOS 18.2 may resolve the issue, as it addresses the FIDO2 PIN loop problem. You can opt into the public beta via Apple's Beta Software Program.

2. Re-register Your Key: If you're already on iOS/iPadOS 18.2 public beta and still encountering the issue, try removing and re-registering your security key. This may help resolve any lingering issues.

3. As a temporary workaround, you can log into your Keeper account on another device or browser and remove the hardware key from your authentication settings. This will allow you to continue using other methods of authentication while awaiting a full fix from Apple.

For more details and updates, please refer to the Yubico support article.

Long-Tap Autofill and Hardware Security Keys

With the addition of iOS 18, Apple introduced a new long-tap autofill feature that allows users to quickly fill in login credentials from their password manager directly into apps or websites. However, when using a hardware security key for authentication, long-tap autofill will not work as expected. This limitation occurs because the system requires interaction with the hardware key to complete authentication, which isn’t compatible with the autofill feature’s workflow.

Affected Devices and Scenarios:

• iOS/iPadOS 18+ Devices: The long-tap autofill feature does not work with accounts secured by hardware security keys.

Recommendation: To work around this limitation, we recommend using the following steps:

1. Enable "Stay Logged In" from the Desktop App:

   1. Open the Keeper web/desktop app (this option is not available in the mobile app for now) and enable the "Stay Logged In" option. This will ensure you remain authenticated for a longer period, allowing long-tap autofill to function without needing to re-authenticate with your hardware key.

2. Log into the Keeper Main app on your iOS device and then you can proceed to use the long-tap autofill feature as intended.

Overview

Keeper is a zero-knowledge platform. Please note that if you forget your master password and lose your recovery phrase, you will not be able to login to your vault and Keeper Support will be unable to help you regain access.

Consumer and Family Plan customers: If you have forgotten your master password and have lost your recovery phrase, please create a new account. To create a new account with the same email address, please reach out to deleteme@keepersecurity.com for assistance. If you still need assistance, open a support ticket with our consumer support team.

Enterprise and MSP end-users: Business accounts may login to Keeper using a Single Sign-On product, and there is no master password involved. If you are an end-user in a business account, please contact your Keeper administrator for assistance. If you still need help, open a ticket.

Enterprise Admins: Please open a ticket with Keeper support.

What to do if you forget your Master Password

• From the Web Vault or Desktop App, click on Need Help > Forgot Master Password to begin the account recovery process. If you forgot your master password and you lost your recovery phrase, Keeper support cannot help you.

• If you are able to login with biometrics (Face ID, Touch ID) on a mobile or desktop device, simply login and then visit the Settings > Reset Master Password screen.

• If you exceeded the number of failed attempts, please contact support and we'll reset the throttling system for you to try again.

• Once you recover your account, make sure to back up your Master Password and Recovery Phrase somewhere safe, so this doesn't happen again.

Account Recovery

Keeper provides account recovery using a randomly generated 24-word recovery phrase. The recovery phrase can be used to regain access to your Keeper Vault in case you forget your Master Password.

Keeper implements recovery phrases using the industry-standard BIP39 word list, which is a set of 2,048 words used to generate an encryption key with 256 bits of entropy. Each word in the BIP39 list is carefully chosen to improve legibility and make the recovery process less error-prone.

The recovery phrase is generated locally on the user's device using the BIP39 word list. Keeper's backend systems do not have access to this recovery phrase, nor do any employees of Keeper. Keeper is a zero-knowledge platform and we cannot assist in the recovery process.

Resetting Your Master Password

Web Vault & Desktop App

If you would like to change your master password from the Web Vault & Desktop App, click the account dropdown menu (your email), select Settings and next to "Master Password" click Reset Now. You will then be prompted to enter your current master password and create and confirm a new master password.

If you are able to log into Keeper's mobile app using Biometrics, you can reset your master password without having to enter your current master password. Navigate to Settings > Reset Master Password and authenticate with Biometrics.

iOS and Android Mobile App

To change your master password on iOS and Android devices, from Settings, scroll down and tap Reset Master Password. You will then be prompted to enter your current master password (unless Biometrics is enabled and you are authenticated), then create and confirm a new master password.

Account Recovery Setup

Upon initial vault login, new users will be prompted to set up Account Recovery. Click Generate Recovery Phrase to begin.

Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it. Check the box to acknowledge you have stored it in a safe place and click Set Recovery Phrase to complete the setup.

Reset Recovery Phrase

If you know your master password and would simply like to setup Account Recovery, from the account dropdown menu (your email) select Settings > Recovery Phrase.

Check for Extension Updates (Chrome)

To experience the latest KeeperFill updates and features, you want to make sure you running the latest version of the Keeper Browser Extension. To update KeeperFill, follow the steps below:

1. In your browser's search bar, navigate to chrome://extensions.

2. In the upper right corner, toggle "Developer mode" on.

3. In the list of your current browser extensions, locate the "Keeper Password Manager & Digital Vault" extension and click Details.

4. In the upper left corner, click Update.

Check for Extension Updates (Firefox)

To update KeeperFill in Firefox, follow the steps below:

1. In your browser's search bar, navigate to about:addons.

2. In the upper right corner, click the gear icon and select "Check for Updates"

3. Ensure that Keeper is updated to the latest version.

Capturing Error Messages (Chrome)

If you are experiencing an error, it is helpful to provide Keeper support with any console errors that might be occurring. To capture the errors, follow the steps below.

• In your browser's search bar, navigate to chrome://extensions.

• In the upper right corner, toggle "Developer mode" on.

• In the list of your current browser extensions, locate the "Keeper Password Manager & Digital Vault" extension and click on "background.html"

• Click on the "Console" tab. Check for any errors in red. Take a screenshot of any error messages and send them to support.

Site Not Working with Browser Extension

If you encounter a website that does not appear to be working with the Keeper Browser Extension, our Support Team is here to help. We kindly ask that you provide adequate information to allow us to reproduce and resolve the issue.

Please contact the Browser Extension team at feedback@keepersecurity.com and provide the following information:

1. Browser version

2. Operating system type and version

3. Website information

4. Additional debugging data (*)

(*) To capture the debugging data follow the steps below:

Capture Autofill Errors for Chrome, Firefox, Edge

1. Right click on the login or password field you are attempting to autofill.

2. Right-click and select "Inspect"

3. A secondary window will appear within the right side of your screen and the applicable elements will be highlighted.

4. Use the snipping tool or screen capture tool/shortcut on your computer to capture the following images (combined or single screenshots):

   • The login page of the website.

   • The inspection window (being sure to include the portion of the inspection window that contains the highlighted elements).

   • The full website URL (found in the search bar at the top of your browser).

5. Along with your account type (e.g. enterprise, business, personal, etc.), email screenshot(s) to: feedback@keepersecurity.com and someone from our Support Team will be in touch with you.

Conflicting Extensions

Sometimes, other browser extensions or software installed on the computer can conflict with Keeper. Common examples are products which filter web content, block popups or perform any sort of website traffic manipulation.

If you are experiencing a strange issue with your KeeperFill browser extension, we recommend turning off all of your other 3rd party extensions to determine if there is a conflict. If you find a conflict, please provide this information to Keeper support.

Troubleshooting Video

This video explains how to capture errors from the KeeperFill extension when working with the support team.

Resetting the Chrome Extension

If you are unable to login to the KeeperFill Chrome extension, a reset of the extension may be required. To reset your KeeperFill Chrome extension, follow the below steps:

• Open Chrome and select Chrome > Settings > Extensions

• From the Keeper extension, select Details > Extension Options

• Click on "Clear All Storage"

• Restart Chrome

Resetting the Safari Extension

If you are unable to login to the KeeperFill Safari extension, a reset of the extension may be required. To reset your KeeperFill Safari extension, follow the below steps:

• Open Safari and select Safari > Settings

• From the Keeper extension, select Settings

• Click on "Clear All Storage"

• Restart Safari

Overview

Starting with version 17.1 of the Keeper Browser Extension, we have drastically increased the speed at which we can resolve these issues while also training Keeper's Machine Learning models to safeguard autofill accuracy across the web.

We've introduced a new "Snapshot Tool" in the Keeper Browser Extension that greatly simplifies the process of fixing autofill issues on customer-owned websites or internal tools that were previously difficult for our engineers to access. By submitting a snapshot to our team, we can turn around site-specific autofill improvements in a matter of minutes.

Activating the Snapshot Tool

To access the Snapshot Tool, you must first enable it in the KeeperFill Extension settings located in your browser's Extensions Menu. From Chrome, open Windows > Extensions then click on "Extension Options".

Submitting Snapshots

Once enabled, the Snapshot Tool will appear in the browser extension in the main menu.

When you are having trouble with a website login page, click on "Take Snapshot" and follow the instructions provided.

This works on:

• Login pages (Username, Password)

• TOTP code pages

• Payment and identity pages

The "Page Info" and "JSON Code Snippet" in the preview window describes exactly what information will be sent to Keeper's engineering team. Make sure that there is no confidential information provided, then click on "Share Snapshot".

Snapshot Fixes

The Keeper team will promptly receive the necessary information to diagnose and resolve the filling issue. Once a solution is implemented, an update will be released to all customers. You will receive an email notification confirming the update. In many cases, site-specific fixes can be turned around on the same day.

Please follow the steps below to provide Keeper Support with information to assist vault related errors.

(1) Using Chrome browser, open the Web Vault at: https://keepersecurity.com/vault

(2) Click on View > Developer > Developer Tools.

(3) Login to your Keeper Vault.

(4) On the Developer Tools window, click on the "Console" tab and check for any errors in red.

(5) If there are errors, take a screenshot and/or copy-paste the information for the Keeper Team.

If you would like to reset Keeper on your web browser follow the steps below:

1. Navigate to the "Extensions" page in your preferred browser and select "Keeper Password Manager & Digital Vault".

2. Click "Extension options".

1. You will then have the option to clear local storage, IndexedDB storage or, all storage.

If you are a website developer and your users are experiencing a compatibility issue with Keeper's browser extension, please follow the steps below.

Keeper Icon Appearing in Wrong Field

Keeper uses pattern matching to determine if a field should display a lock icon. If a lock icon is showing on a form field in error, you can supply a CSS class of keeper-ignore to your form element. For example:

<input id="user_field" type="text" class="keeper-ignore my_class"/>

Internet Explorer

Consider Switching to Edge With IE Mode

From the Microsoft website: "Since 1/12/16, Microsoft no longer provides security updates or technical support for old versions of Internet Explorer."

Although Keeper maintains the Internet Explorer 11 extension, we recommend that customers stop using IE or consider the latest Microsoft Edge with "IE Mode" as documented here: https://docs.microsoft.com/en-us/deployedge/edge-ie-mode. If you still require the use of IE for legacy applications, please see the instructions below.

KeeperFill for IE installer is only available on request. After installing Keeper for Internet Explorer, you may need to perform the following actions:

Disable user names and passwords on forms:

1. Exit and restart the browser to activate Keeper.

2. Right-click along the top bar and ensure Command bar is selected for display.

3. Open Internet Explorer, click on the Tools icon, then Internet Options.

4. Click the Content tab.

5. Under "AutoComplete", click on Settings.

6. Disable 'User names and passwords on forms".

Disable enhanced protected mode & enable third-party browser extension:

1. Open Internet Explorer, click on the tools icon, then Internet Options.

2. Click on the Advanced tab.

3. Under the "Security" section, ensure that enhanced protected mode is disabled.

4. Under the "Browsing" section, Enable third-party browsing extensions.

IE11 - Trusted Sites Policy

Customers who login to Keeper with SSO, or customers who are on corporate networks that deploy group policies for Internet Explorer, ensure that the following entries exist in your Trusted Sites settings under Tools > Internet Options > Security.

US / Global Customers:

keepersecurity.com

*.keepersecurity.com

US Public Sector / GovCloud:

govcloud.keepersecurity.us

*.govcloud.keepersecurity.us

EU Data Center Customers (Dublin, Ireland):

keepersecurity.eu

*.keepersecurity.eu

AU Data Center:

keepersecurity.com.au

*.keepersecurity.com.au

CA Data Center:

keepersecurity.ca

*.keepersecurity.ca

JP Data Center:

keepersecurity.jp

*.keepersecurity.jp

Enterprise customers must push group policies to end-users with these Trusted Sites in order to fully function with SSO and other critical features.