Security Keys

Additional information regarding FIDO2 Security Keys in Keeper

Starting with Vault Version 16.10.12 and Admin Console Version 16.16.0, Keeper Administrators can now enforce the use of FIDO2 security keys, and require that a security key can be used as the only 2FA method.

Administrators can also require the use of PIN associated with the hardware key.

Screenshot below:

Important Notes Regarding Security Key Enforcement

Enforcing the use of a FIDO2 hardware security key has several implications for users which admins need to be aware of. The below items are updated as of January 15, 2024.

  1. Support for enforcing a FIDO2 Security Key can vary based on the device operating system and device firmware capabilities.

  2. Keeper on iOS requires using NFC keys.

  3. The activation of security keys as the only factor requires the use of the Web Vault or Desktop App. Enrollment of security keys as the only factor on iOS/Android will be rolled out in a later release.

  4. Some components of the mobile application do not support NFC hardware keys natively, such as iOS app extensions (during Autofill functions). Keeper's iOS team has a workaround for this issue in development, and this update will be published at the end of January 2024 with Keeper iOS Version 16.10.10. The solution is to extend the login session between iOS main app and iOS autofill extension to reduce the need for re-authentication.

  5. The PIN requirement is supported based on the capabilities of the device. As of this writing, mobile OS support for PIN enforcements is limited. We do not recommend enforcing the PIN if users are accessing Keeper on their mobile device.

Last updated