The proceeding pages in this section are dedicated to various troubleshooting guides. Have a suggestion? Email our team at feedback@keepersecurity.com.

This guide provides important compatibility information and troubleshooting tips for using hardware security keys with Keeper on iOS devices. If you're encountering issues with PINs, autofill, or NFC key support, this page will help you understand which iOS versions are compatible and how to resolve common problems.

Which hardware keys are supported with Keeper on iOS?

• Keeper works with any FIDO® Certified security keys. Ensure you have the latest version of Keeper installed for full compatibility with hardware keys.

  • For a complete list of certified keys from the FIDO Alliance, visit the FIDO® Certified Showcase.

• Unsupported Keys: Currently, software keys such as Passkeys or iCloud Keys are not supported for login or autofill with Keeper.

What are the iOS version requirements for hardware key compatibility?

To help you understand the compatibility of your iOS version with hardware keys and Keeper, refer to the table below:

Do I need a PIN for my hardware security key on iOS?

• Setting a PIN for your hardware security key is optional. You can choose whether or not to set up a PIN when configuring your key. The PIN setup process is done through the hardware key manufacturer’s software (e.g., Yubico Authenticator).

• Once a PIN is set for your security key, iOS will ask you to enter the PIN every time you use the key, whether for login or filling passwords.

• No PIN Bypass: Unlike the Keeper Web Vault, iOS does not support bypassing the PIN. You must enter the PIN each time the key is used.

What happens if I enter the wrong PIN for my hardware key too many times?

• If you enter the wrong PIN 6 times in a row, your hardware key will be locked. To unlock it, you will need to reset the key before you can use it again.

  • To reset your hardware security key please use the hardware key manufacturer’s software (e.g., Yubico Authenticator).

Can I use NFC hardware keys on iOS devices?

• Yes, NFC hardware keys are supported on most iOS devices.

• iPads do not support NFC hardware keys at all. This is a restriction at the OS level, and only physical hardware keys that plug into the device (via Lightning or USB-C) will work.

• NFC hardware keys are not supported in Keeper extensions (Autofill | KeeperFill) on iOS.

  • Recommendations to work around this limitation can be found HERE.

Can I use my hardware keys on my iPad?

• Yes, you can use hardware security keys with your iPad, but please note that only hardware keys that plug into the device (via Lightning or USB-C) are supported. NFC hardware keys are not compatible with iPads due to limitations at the OS level. This means that if you're using a hardware key with only NFC functionality, it will not work on iPad devices.

  • Combination hardware keys, that support both plug-in and NFC, will work via the plug-in method only.

  • USB-C keys require Keeper Version 16.12.0 or greater.

For iPad users, ensure your key is compatible with the appropriate connector (Lightning or USB-C) and that you have the latest version of Keeper installed to ensure full functionality.

Known Issues:

YubiKey FIDO PIN Loop

Issue Overview: Some users with FIDO CTAP 2.1 security keys (specifically YubiKeys with firmware 5.7) have reported being repeatedly prompted to enter their FIDO PIN in a loop, even after entering it correctly. This issue began after upgrading to Safari 18.1 or iOS/iPadOS 18.1. Users may experience difficulties authenticating with their security keys, as the prompt fails to complete the authentication process.

Affected Devices and Scenarios:

• iOS/iPadOS: On mobile devices, after upgrading to iOS/iPadOS 18.1, the following issues are observed:

  • Physical key plugged in: Users will see an error after entering the FIDO PIN.

  • NFC authentication: The system may not prompt users for authentication when attempting to authenticate via NFC.

• MacOS: This issue affects Safari 18.1 and certain 3rd-party browsers that rely on Safari’s WebKit engine. It can occur when a username allowlist and PIN verification are required during authentication.

Status: Yubico has acknowledged the issue and is working with Apple to resolve it. Apple has released a beta fix in macOS 15.2 Developer Beta 4 and iOS/iPadOS 18.2 Developer Beta 4. This update addresses the FIDO2 PIN prompt issue, but it is still in development, and users are advised to report any persistent issues to Apple.

Workaround Options: If you're experiencing this issue, consider the following options:

1. Upgrade to iOS/iPadOS 18.2 Public Beta: If you're not already on the public beta, upgrading to iOS/iPadOS 18.2 may resolve the issue, as it addresses the FIDO2 PIN loop problem. You can opt into the public beta via Apple's Beta Software Program.

2. Re-register Your Key: If you're already on iOS/iPadOS 18.2 public beta and still encountering the issue, try removing and re-registering your security key. This may help resolve any lingering issues.

3. As a temporary workaround, you can log into your Keeper account on another device or browser and remove the hardware key from your authentication settings. This will allow you to continue using other methods of authentication while awaiting a full fix from Apple.

For more details and updates, please refer to the Yubico support article.

Long-Tap Autofill and Hardware Security Keys

With the addition of iOS 18, Apple introduced a new long-tap autofill feature that allows users to quickly fill in login credentials from their password manager directly into apps or websites. However, when using a hardware security key for authentication, long-tap autofill will not work as expected. This limitation occurs because the system requires interaction with the hardware key to complete authentication, which isn’t compatible with the autofill feature’s workflow.

Affected Devices and Scenarios:

• iOS/iPadOS 18+ Devices: The long-tap autofill feature does not work with accounts secured by hardware security keys.

Recommendation: To work around this limitation, we recommend using the following steps:

1. Enable "Stay Logged In" from the Desktop App:

   1. Open the Keeper web/desktop app (this option is not available in the mobile app for now) and enable the "Stay Logged In" option. This will ensure you remain authenticated for a longer period, allowing long-tap autofill to function without needing to re-authenticate with your hardware key.

2. Log into the Keeper Main app on your iOS device and then you can proceed to use the long-tap autofill feature as intended.

Overview

Keeper is a zero-knowledge platform. Please note that if you forget your master password and lose your recovery phrase, you will not be able to login to your vault and Keeper Support will be unable to help you regain access.

Consumer and Family Plan customers: If you have forgotten your master password and have lost your recovery phrase, please create a new account. To create a new account with the same email address, please reach out to deleteme@keepersecurity.com for assistance. If you still need assistance, open a support ticket with our consumer support team.

Enterprise and MSP end-users: Business accounts may login to Keeper using a Single Sign-On product, and there is no master password involved. If you are an end-user in a business account, please contact your Keeper administrator for assistance. If you still need help, open a ticket.

Enterprise Admins: Please open a ticket with Keeper support.

What to do if you forget your Master Password

• From the Web Vault or Desktop App, click on Need Help > Forgot Master Password to begin the account recovery process. If you forgot your master password and you lost your recovery phrase, Keeper support cannot help you.

• If you are able to login with biometrics (Face ID, Touch ID) on a mobile or desktop device, simply login and then visit the Settings > Reset Master Password screen.

• If you exceeded the number of failed attempts, please contact support and we'll reset the throttling system for you to try again.

• Once you recover your account, make sure to back up your Master Password and Recovery Phrase somewhere safe, so this doesn't happen again.

Account Recovery

Keeper provides account recovery using a randomly generated 24-word recovery phrase. The recovery phrase can be used to regain access to your Keeper Vault in case you forget your Master Password.

Keeper implements recovery phrases using the industry-standard BIP39 word list, which is a set of 2,048 words used to generate an encryption key with 256 bits of entropy. Each word in the BIP39 list is carefully chosen to improve legibility and make the recovery process less error-prone.

The recovery phrase is generated locally on the user's device using the BIP39 word list. Keeper's backend systems do not have access to this recovery phrase, nor do any employees of Keeper. Keeper is a zero-knowledge platform and we cannot assist in the recovery process.

Resetting Your Master Password

Web Vault & Desktop App

If you would like to change your master password from the Web Vault & Desktop App, click the account dropdown menu (your email), select Settings and next to "Master Password" click Reset Now. You will then be prompted to enter your current master password and create and confirm a new master password.

If you are able to log into Keeper's mobile app using Biometrics, you can reset your master password without having to enter your current master password. Navigate to Settings > Reset Master Password and authenticate with Biometrics.

iOS and Android Mobile App

To change your master password on iOS and Android devices, from Settings, scroll down and tap Reset Master Password. You will then be prompted to enter your current master password (unless Biometrics is enabled and you are authenticated), then create and confirm a new master password.

Account Recovery Setup

Upon initial vault login, new users will be prompted to set up Account Recovery. Click Generate Recovery Phrase to begin.

Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it. Check the box to acknowledge you have stored it in a safe place and click Set Recovery Phrase to complete the setup.

Reset Recovery Phrase

If you know your master password and would simply like to setup Account Recovery, from the account dropdown menu (your email) select Settings > Recovery Phrase.

Check for Extension Updates (Chrome)

To experience the latest KeeperFill updates and features, you want to make sure you running the latest version of the Keeper Browser Extension. To update KeeperFill, follow the steps below:

1. In your browser's search bar, navigate to chrome://extensions.

2. In the upper right corner, toggle "Developer mode" on.

3. In the list of your current browser extensions, locate the "Keeper Password Manager & Digital Vault" extension and click Details.

4. In the upper left corner, click Update.

Check for Extension Updates (Firefox)

To update KeeperFill in Firefox, follow the steps below:

1. In your browser's search bar, navigate to about:addons.

2. In the upper right corner, click the gear icon and select "Check for Updates"

3. Ensure that Keeper is updated to the latest version.

Capturing Error Messages (Chrome)

If you are experiencing an error, it is helpful to provide Keeper support with any console errors that might be occurring. To capture the errors, follow the steps below.

• In your browser's search bar, navigate to chrome://extensions.

• In the upper right corner, toggle "Developer mode" on.

• In the list of your current browser extensions, locate the "Keeper Password Manager & Digital Vault" extension and click on "background.html"

• Click on the "Console" tab. Check for any errors in red. Take a screenshot of any error messages and send them to support.

Site Not Working with Browser Extension

If you encounter a website that does not appear to be working with the Keeper Browser Extension, our Support Team is here to help. We kindly ask that you provide adequate information to allow us to reproduce and resolve the issue.

Please contact the Browser Extension team at feedback@keepersecurity.com and provide the following information:

1. Browser version

2. Operating system type and version

3. Website information

4. Additional debugging data (*)

(*) To capture the debugging data follow the steps below:

Capture Autofill Errors for Chrome, Firefox, Edge

1. Right click on the login or password field you are attempting to autofill.

2. Right-click and select "Inspect"

3. A secondary window will appear within the right side of your screen and the applicable elements will be highlighted.

4. Use the snipping tool or screen capture tool/shortcut on your computer to capture the following images (combined or single screenshots):

   • The login page of the website.

   • The inspection window (being sure to include the portion of the inspection window that contains the highlighted elements).

   • The full website URL (found in the search bar at the top of your browser).

5. Along with your account type (e.g. enterprise, business, personal, etc.), email screenshot(s) to: feedback@keepersecurity.com and someone from our Support Team will be in touch with you.

Conflicting Extensions

Sometimes, other browser extensions or software installed on the computer can conflict with Keeper. Common examples are products which filter web content, block popups or perform any sort of website traffic manipulation.

If you are experiencing a strange issue with your KeeperFill browser extension, we recommend turning off all of your other 3rd party extensions to determine if there is a conflict. If you find a conflict, please provide this information to Keeper support.

Troubleshooting Video

This video explains how to capture errors from the KeeperFill extension when working with the support team.

Resetting the Chrome Extension

If you are unable to login to the KeeperFill Chrome extension, a reset of the extension may be required. To reset your KeeperFill Chrome extension, follow the below steps:

• Open Chrome and select Chrome > Settings > Extensions

• From the Keeper extension, select Details > Extension Options

• Click on "Clear All Storage"

• Restart Chrome

Resetting the Safari Extension

If you are unable to login to the KeeperFill Safari extension, a reset of the extension may be required. To reset your KeeperFill Safari extension, follow the below steps:

• Open Safari and select Safari > Settings

• From the Keeper extension, select Settings

• Click on "Clear All Storage"

• Restart Safari

If you're experiencing an autofill issue on a particular site, this page describes how to provide the support team with information to help resolve the problem. This information allows the support team to assist with solving autofill issues on websites which may not be easily reproducible by Keeper staff.

Add a Custom Text Field with a Label

From time to time, a username or password field may not properly autofill on a site. This can occur when a field name is not standard and Keeper does not recognize the field as an autofill field. In most cases, a username field is named "username" or something similar and a password field is named "password" or something similar. When field names are non-standard, you can adjust a record's custom fields to allow the field to autofill correctly on a particular site.

The following example will cover a scenario where a password field did not properly autofill.

(1) Right click on the field that is not properly autofilling with Keeperfill and choose Inspect.

(2) A window will appear showing HTML code with the password field element highlighted. Locate the name attribute, double click the value to highlight, and copy the value. In the below example, the value we want to highlight and copy is "FakePWField123".

(3) In the Keeper record for the site, add a custom text field and edit the label. The label name in our example should be "FakePWField123". Enter the label and click Save.

(4) Copy or enter your password into the new custom field and save the record. The resulting record should look like this:

(5) Return to the site and refresh the page. In most cases, the problematic field should now autofill. If it does not autofill after completing these steps, please proceed to the next section to report your autofill issue.

Reporting Autofill Issues

To solve a website autofill issue that cannot be corrected with the custom field method, we need the following information:

• Website Address (e.g. amazon.com)

• Description of the problem

• Screenshot or video

• DOM inspection screenshot of ALL form field elements which do not work

Providing the DOM inspection of field elements can be accomplished using the steps below (using Chrome):

(1) Right-click on each field on the page and select Inspect

Right-clicking the form field element and clicking "Inspect" will open the web browser HTML inspector view.

(2) Screenshot the HTML content for the field

When the Inspection window opens, it will highlight the field HTML content in blue, as seen in the screenshot below. For each form field that is not recognized, capture the screenshot of the HTML in the inspection window.

(3) Send this information to Keeper Support

Please provide this information in your support ticket or email feedback@keepersecurity.com to report the issue. Please ensure that the screenshots do not contain any private or confidential information.

Please follow the steps below to provide Keeper Support with information to assist vault related errors.

(1) Using Chrome browser, open the Web Vault at: https://keepersecurity.com/vault

(2) Click on View > Developer > Developer Tools.

(3) Login to your Keeper Vault.

(4) On the Developer Tools window, click on the "Console" tab and check for any errors in red.

(5) If there are errors, take a screenshot and/or copy-paste the information for the Keeper Team.

If you would like to reset Keeper on your web browser, please follow these steps.

Chrome - Clear Browser Storage

1. Open the Vault at https://keepersecurity.com/vault.

2. Press F12 key or click on View > Developer > Developer Tools.

3. Select “Application” in the console's top menu.

4. On the left side, Right click your site(s) and click clear to delete the local storage.

5. On the left side clear out the Local Storage, Session Storage, IndexedDB and Cookies.

Chrome - Clear Extension Storage

(1) Go to the URL: chrome://extensions.

(2) Click on background.html.

(3) Turn on "Developer Mode", then click on 'background.html' inside the extension box.

(4) From the Developer Tools, repeat the same process as above and clear all the local storage.

If you are a website developer and your users are experiencing a compatibility issue with Keeper's browser extension, please follow the steps below.

Keeper Icon Appearing in Wrong Field

Keeper uses pattern matching to determine if a field should display a lock icon. If a lock icon is showing on a form field in error, you can supply a CSS class of keeper-ignore to your form element. For example:

<input id="user_field" type="text" class="keeper-ignore my_class"/>

Internet Explorer

Consider Switching to Edge With IE Mode

From the Microsoft website: "Since 1/12/16, Microsoft no longer provides security updates or technical support for old versions of Internet Explorer."

Although Keeper maintains the Internet Explorer 11 extension, we recommend that customers stop using IE or consider the latest Microsoft Edge with "IE Mode" as documented here: https://docs.microsoft.com/en-us/deployedge/edge-ie-mode. If you still require the use of IE for legacy applications, please see the instructions below.

KeeperFill for IE installer is only available on request. After installing Keeper for Internet Explorer, you may need to perform the following actions:

Disable user names and passwords on forms:

1. Exit and restart the browser to activate Keeper.

2. Right-click along the top bar and ensure Command bar is selected for display.

3. Open Internet Explorer, click on the Tools icon, then Internet Options.

4. Click the Content tab.

5. Under "AutoComplete", click on Settings.

6. Disable 'User names and passwords on forms".

Disable enhanced protected mode & enable third-party browser extension:

1. Open Internet Explorer, click on the tools icon, then Internet Options.

2. Click on the Advanced tab.

3. Under the "Security" section, ensure that enhanced protected mode is disabled.

4. Under the "Browsing" section, Enable third-party browsing extensions.

IE11 - Trusted Sites Policy

Customers who login to Keeper with SSO, or customers who are on corporate networks that deploy group policies for Internet Explorer, ensure that the following entries exist in your Trusted Sites settings under Tools > Internet Options > Security.

US / Global Customers:

keepersecurity.com

*.keepersecurity.com

US Public Sector / GovCloud:

govcloud.keepersecurity.us

*.govcloud.keepersecurity.us

EU Data Center Customers (Dublin, Ireland):

keepersecurity.eu

*.keepersecurity.eu

AU Data Center:

keepersecurity.com.au

*.keepersecurity.com.au

CA Data Center:

keepersecurity.ca

*.keepersecurity.ca

JP Data Center:

keepersecurity.jp

*.keepersecurity.jp

Enterprise customers must push group policies to end-users with these Trusted Sites in order to fully function with SSO and other critical features.