# Android Phone & Tablet ## Your Keeper Vault With Keeper, your passwords, logins and other personal information are saved in a private, digital vault. It is here where you can view and edit all of your website login credentials and details, as well as store important files and photos.

## Account Creation & Login Signing up for Keeper's Android mobile app is easy. Simply visit the [Google Play Store](https://play.google.com/store/apps/details?id=com.callpod.android_apps.keeper) on your device and install the **Keeper Password Manager.** Watch the video below to learn more about account creation and login. {% embed url="" %} Account Creation and Login {% endembed %} #### New Users To create your Keeper account, first enter your email address then you will be asked to create and confirm a **Master Password** which will be the only password you have to remember. We recommend that you choose a strong Master Password that is only used for Keeper — don't forget your Master Password! To finalize your account and proceed to your vault, you will be asked to enter the security **verification code** that was sent to your email. {% hint style="info" %} Enterprise users who log in with SSO do not require selection of a Master Password. {% endhint %}

#### Existing Users If you are an existing user, tap **Login** and enter your email address. If you are attempting to log in on an unrecognized device, a device approval must take place before you can proceed to your Keeper Vault. Users have three methods of approval to choose from: * Email Verification * Keeper Push * Two-Factor Method Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. If you select **Send Keeper Push**, a notification (push) will appear in your Keeper Vault in an alternate, approved device or browser. ![Send Keeper Push for Device Approval](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2FUf4jcoavhbesJpi91MTY%2FApprove%20Device.png?alt=media\&token=16e17d25-92ce-459c-aeb6-3472c32a3b3f) On the alternate device, log in to Keeper and tap **Yes** to approve the new device. You must be actively logged in on an approved device to receive the notification. ![Device Approval Request in Web Vault](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2FMMEkJE9hFuyyy0yodjO7%2FPush%20Notification.jpeg?alt=media\&token=b68c763d-4040-48e0-b5e7-e1688e383e26) Once your device has been approved, you will be prompted for 2FA (if enabled) and asked to enter your master password to proceed to your vault. ## Enterprise SSO Login If you are an Enterprise customer using SSO Login, you can enter your email address and tap **Next** to login through SSO. Alternatively, you can tap **Use Enterprise SSO Login** and enter the enterprise domain provided by your Keeper administrator and tap **Connect**.

Next, you will be directed to the Safari browser for web-based SSO Enterprise authentication. After you have successfully entered your SSO credentials and two-factor authentication code (if enabled), you will be returned to Keeper to complete the login. You may be required to approve your device using Keeper Push or administrator approval after the SSO login process has been completed. {% hint style="info" %} For more information about Enterprise SSO login, click [here](https://docs.keeper.io/en/user-guides/enterprise-end-user-setup-sso#create-your-keeper-account). {% endhint %} ## Importing Passwords When you first log in to your vault, Keeper will prompt you with two options: **Import Passwords** or **Later**. If you choose **Import Passwords**, you can import directly from Google via a CSV file upload. Importing from other password managers is still supported via the Keeper Web Vault. If you're not near a desktop computer, you can select **Later** to perform the import at a later time using the Keeper Web Vault. Password Import is always available from the left menu.

### Import from Google

1. **Open the Keeper App**: Launch the Keeper app on your Android device. 2. **Access the Menu**: Tap on the **Hamburger Menu** (three horizontal lines) in the top-left corner. 3. **Select Import Passwords**: From the menu, choose **Import Passwords**. 4. **Choose Import Source**: In the import options, select **Import from Google**. 5. **Export Passwords**: You will be redirected to **passwords.google.com/options**. Here, select **Export passwords**. -- *If you have multiple Google accounts, make sure to confirm you are logged into the proper account.* 6. **Confirm Export**: An **Export Passwords Dialog** will appear. Tap on **Export** to begin downloading your passwords CSV file. 7. **Download Confirmation**: Once the file is downloaded, you will see a confirmation message letting you know your file has been saved to your device. 8. **Select the Downloaded File**: * The download confirmation prompt has an "Open" option, clicking this will display the "Open With:" dialog at the bottom of your screen, select Keeper to continue importing from your CSV. * If using the back button: Choose **Upload a CSV** in the Keeper app to locate and select your downloaded file. * You can also navigate to the file manager: Locate the exported CSV file and select it to open with the Keeper app. This will take you directly to the **Selected File** screen. 9. **Import in Progress:** Keeper will display a screen showing the progress of the import and encryption of your passwords. 10. **Import Complete:** A notification in your Vault will be displayed letting you know how many passwords have been successfully imported.

### Import from a CSV File If you already have your Google Password CSV file on your Android device: 1. **Open the Keeper App**: Launch the Keeper app on your device. 2. **Select Import Passwords**: Go to the **Hamburger Menu** and choose **Import Passwords**. 3. **Choose CSV Import**: When prompted, select the **Upload CSV File** option. This will open the Files app, filtering to show only CSV files. 4. **Select the CSV File**: Browse through your files and select the desired CSV file for import. 5. **Import in Progress:** Keeper will display a screen showing the progress of the import and encryption of your passwords. 6. **Import Complete:** A notification in your Vault will be displayed letting you know how many passwords have been successfully imported.

{% hint style="info" %} Keeper on Android directly supports importing from Google Password Manager via CSV file. While CSV files from other sources *may* work, their compatibility can vary based on formatting—only Google’s export is guaranteed to function seamlessly. {% endhint %} ### Import from Other Password Managers If you're importing from another password manager: * Keeper will ask you to navigate to [keepersecurity.com/setup](https://keepersecurity.com/setup) on your desktop computer to begin the process of importing your passwords. * For detailed instructions on importing passwords from web browsers and other password managers to your Keeper Web Vault, click [here](https://docs.keeper.io/en/user-guides/web-vault#importing-passwords). ## Creating New Records Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital vault (as "Records") and are encrypted on your device using 256-bit AES. Tap the **create icon (+)** select **Create New Record**.

* Enter a Title for the record * Choose a [Record Type](https://docs.keeper.io/enterprise-guide/record-types) from the dropdown menu ("Login" is the default type). Depending on the record type you select, the default record fields will vary. * Enter the Username * Enter the Password or tap the **dice icon** to generate one (more on that [here](https://docs.keeper.io/en/user-guides/web-vault#password-generator)) * Enter the Website Address (if one wasn't already entered for you) * Enter Notes, add [Files & Photos](https://docs.keeper.io/en/user-guides/web-vault#secure-file-storage), a [Two-Factor Code](https://docs.keeper.io/en/user-guides/web-vault#two-factor-codes-for-totp) and [Custom Fields](https://docs.keeper.io/en/user-guides/web-vault#custom-fields) * Tap **Save** to finish

{% embed url="" %} Records {% endembed %} ## Organization With Keeper you can organize your records into folders and subfolders. To create a folder, tap **the create icon (+)** and select **Create New Folder**, then enter a name for the folder. To add records to the folder, Tap **+** and **Add Existing Record** or you can tap **Create New Record** to add a new record to the folder. To create a subfolder within the folder, tap **+** and **Create New Folder**.

{% embed url="" %} Folders {% endembed %} {% hint style="info" %} Please note, once created, regular folders cannot be converted to a shared folder. To learn how to create a shared folder, click [here](#share-a-folder). {% endhint %} ### Moving & Shortcuts Keeper makes it easy to move records around within your vault. Individual or multiple records and folders can be moved and shortcuts can be created. Shortcuts, like alias files, can exist in two or more places and when edited, change together. To move or shortcut a folder, record or multiples thereof, long press on the record or folder and select any additional folder(s) or record(s) you would like to move or shortcut. Next, select the action you would like to perform by selecting an icon located in the upper right corner of your screen. The options include: * Create a Shortcut * Move to a New Folder * Move to an Existing Folder * Change the record(s) "Type" * Delete

You can select **Create Shortcut, Create Duplicate,** or **Move** a record from the **Options** menu within the record detail screen. ![Shortcut, Duplicate or Move a Record](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2Fzgpwu6IItGSHCwifIXGq%2FTap%20Create%20Duplicate.png?alt=media\&token=7aa55aa9-266a-4d4c-a4b1-e5438cf7ce84) ### Favorites Adding a record to your Favorites list is an easy way to locate your most frequently used records and websites. You can add a record to your vault Favorites or [Watch Favorites (for Wear OS)](#keeper-for-wear-os) from the **Options** menu within the record detail screen. ![Add to Favorites](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2FxzR47fK7iTaOWJHBpfSW%2FLogin%20\(4\).png?alt=media\&token=0644a8ec-c78c-49a9-adff-32b97dae6667) ## Sharing Securely create, share and manage records and folders with other Keeper users such as friends, family, friends and colleagues. {% embed url="" %} Sharing {% endembed %} ### Share a Record Open the record you would like to share and tap **Share > Share with User**. Enter the user's email address, then use the toggle switches to select permissions (Can Edit, Can Share, Make Owner) then tap the **checkmark** **icon** to save. If this is the first time you are sharing with this person, you will first need to establish a "sharing relationship". The user will receive an email prompting them to login to Keeper and either accept or deny the share request. Once you establish a sharing relationship, the user will appear in the email dropdown list.

### One-Time Share Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone without requiring them to create a Keeper account. One-Time Share is the most secure way to send confidential information to a friend, family member or co-worker without exposing information over email, text message or messaging. To Create a One-Time Share: 1. Open the record you would like to share then tap **Share > One-Time Share**.

2. Tap the **share icon** in the lower right corner of your screen. 3. Select a record access expiration from the provided options or select a custom date and time. 4. Once the share link has been created, tap **Share**, **Copy Link** (to paste into a message) or the recipient can scan the provided QR code to view the record. When the recipient of the share link opens the record, it will open in their web browser and will be bound to their device. The record access will automatically expire after the set amount of time. {% hint style="info" %} Click [here](https://docs.keeper.io/en/user-guides/one-time-share) for more information on Keeper's One-Time Share feature. {% endhint %} ### Share a Folder Shared folders allow you to share multiple records at once with others and new records can be added to the folder as needed. #### Create a Shared Folder & Share with Others 1. Tap the **create icon (+)** and select **Create Shared Folder**.

2. Enter a name for the folder and tap **Save**. 3. Tap the **options icon** in the upper right corner of your screen and select **Manage Users & Records**.

4. Tap **Add Users** and enter the **email addresses of the user(s)** (or Team name for Enterprise users) you would like to share the folder with and tap the **checkmark** to save. 5. You can assign permissions for each user by tapping on their email address under the "Users" tab (Can Manage Users, Can Manage Records).

#### Add Records 1. To add records to the folder, switch to the "Records" tab and tap **Add Records**.

2. Select the record(s) you would like to add to the shared folder and tap the **checkmark icon** to save.

3. Once a record has been added, select it from the list to assign permissions (Can Edit, Can Share).

## Identity & Payments Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely. Payment cards can also be stored in your vault as records using the "Payment Card" record type which allows them to be shared with other users. See our [Record Types](https://docs.keeper.io/enterprise-guide/record-types) Guide for more information.

## Key Features ### Password & Passphrase Generators Long, random passwords that are created for each account help protect your information and reduce your exposure to data breaches. Alternatively, by combining multiple words, *passphrases* are an even more secure alternative to traditional passwords. Keeper's password generator can create and securely store strong, random passwords or passphrases for all of your sites and apps. **Generate a Password** To begin, tap the **dice icon** within a new or existing record. You can customize your password by character length (8-99 characters) and choose to include lowercase and uppercase letters, numbers and symbols. Check the box at the bottom of your screen if you'd like to make your selections the default setting for all passwords moving forward. Tap **Use Password** to update the record or **Copy Password** to copy it to your device's clipboard.

#### Generate a Passphrase Tap the **dice** **icon** and from the dropdown menu next to "Type" and select **Passphrase**. You can customize your passphrase by setting the length, including capital letters and numbers in the passphrase and choosing from various symbols to separate the words. Passphrases can be up to 20 words long, with a minimum length of 5 words and each word including at least 3 characters. Check the box at the bottom of your screen if you'd like to make your selections the default setting for all passphrases moving forward. Tap **Use Passphrase** to update the record or **Copy Passphrase** to copy it to your device's clipboard.

{% hint style="warning" %} This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password. Click [here ](https://docs.keeper.io/en/user-guides/tips-and-tricks/password-changing-with-keeperfill)to learn how to easily change your password with KeeperFill. {% endhint %} To generate a password or passphrase from your vault home screen, tap the yellow **create icon (+)**and select **Generate Password**. Select either password or passphrase next to "Type". You can either use the password/passphrase to create a new record or copy it to your device’s clipboard to use elsewhere.

#### Generator History To view your password/passphrase history, tap **Generate Password** from either your vault home screen or create one within a record and tap the **clock icon**. You can delete your generator history at any time by tapping on the **trash icon**.

#### Password Zoom To produce a zoomed-in view of a record's password or passphrase, tap the **eye icon** then long press on the **password field**. An enlarged view of your password/passphrase will appear at the bottom of the screen. Any numbers and symbols can be easily identified by blue and red color-coding.

#### Password Enforcement Policies (Business/Enterprise Users) The password generator on end-user vaults will adhere to the minimum character length, minimum number of lowercase/uppercase/numbers/symbols and allowed list of symbols as defined by your Keeper Administrator. The passphrase generator on end-user vaults is enabled by default, but can be disabled by your admin. Passphrases will adhere to the minimum number of words and can be configured to include capital letters and numbers. The separators between words will be selected from the list of allowed symbols. For more information on record password enforcement policies, please see our [Enterprise Guide](https://docs.keeper.io/enterprise-guide/roles/enforcement-policies#password-generator). ### **Wi-Fi Record Type with QR Code** Keeper's "WiFi Login" record type simplifies creating and sharing Wi-Fi passwords. This record type includes the ability to generate a shareable QR code that can be scanned by others to automatically join the Wi-Fi network. To create a Wi-Fi login record, select **WiFi Login** from the "Record Type" dropdown and enter the record details. To generate a Wi-Fi network QR code, ensure the "Network Name (SSID)" and "Password" fields are entered.

### **Security Audit** Security Audit gives your passwords an overall security score and lets you clearly see what passwords are weak from a password strength visual indicator (red being the weakest, green being the strongest). If a record is indicated as having a high risk password, Keeper recommends changing the password at the affected site immediately and updating the corresponding record in your Keeper Vault.

### Record History Users also have the ability to conveniently restore previous versions of a record. While viewing a record, tap the **menu icon** in the upper right corner of your screen and select **Record History**. To restore a record back to a previous state, tap on the version you would like to restore. Review the record information by tapping the **info icon** then tap **Restore**.

A few notes on Record History: * Restoring a record does not place it back into the original folder structure. * Record History is only available as part of the paid consumer and business plans. * Deleted records can be reviewed and restored by visiting "Deleted Items" in the left navigation menu. ## KeeperFill Use KeeperFill to quickly autofill passwords into web browsers such as Chrome, Firefox, Edge, Brave, DuckDuckGo and all other native apps like banking and social media. Once enabled, KeeperFill login prompts and fill results are seamlessly integrated into your device's keyboard. {% hint style="info" %} KeeperFill is currently supported for Android versions 9 and above. {% endhint %} ### Setup To enable KeeperFill, navigate to Keeper's **Settings** menu, then toggle "KeeperFill" **on**.

You will then prompted to enable various settings on your device including: * Selecting Keeper as the Autofill service * Enabling KeeperFill in Chrome by selecting "**Autofill using another service"** (if Chrome is set as the default browser on your device)

### Autofill for Apps & Web Browsers From the app or website login screen, tap **Sign in to Keeper** located above the keyboard and enter your Keeper master password. ![Sign in to Keeper](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2FuyTn8bYAnC9ut62rMBHt%2FAutofill%20-%20Logged%20Out.png?alt=media\&token=e7445632-f28c-443b-ae64-fcec5711b711) If Keeper identifies a record match, your login will then be displayed. Simply tap on your **login** next to the Keeper icon to autofill your credentials and log in. {% hint style="info" %} Some apps and sites have more than one login screen and may require you to tap your login on each screen. {% endhint %}

{% hint style="info" %} If your device's keyboard does not support autofill, KeeperFill's appearance and location will vary like in the example below. {% endhint %}

## Passkeys on Android Passkeys on Android devices, a highly anticipated feature for enhanced security and convenience, is now available on Android devices running **Android 14+**. This update marks a significant enhancement in our mobile applications capabilities, offering users an even more secure and streamlined experience. To learn more about Passkeys with Keeper, click [HERE](https://docs.keeper.io/en/user-guides/passkeys). {% hint style="info" %} Passkeys work on websites and applications that have been specifically built to support them. Keeper maintains a passkey directory, which can be found [HERE](https://www.keepersecurity.com/passkeys-directory/). {% endhint %}

* Creating a passkey for a website or app is a simple process on your Android device. * Tapping **Create Passkey** on a site or app will triggerKeeper to intercept the request. Keeper then prompts you to create a passkey for your associated login and saves it to your vault. * Returning to sites or apps where you have a stored passkey you will either be prompted to sign in with passkey or will be able to select **Sign in with Passkey**. Keeper does the rest! {% hint style="warning" %} Passkey functionality is not enabled by default on Android devices. To enable passkeys with Keeper follow the steps below. {% endhint %} ## Passkey Setup Some Android devices do not have passkeys enabled by default. To enable passkeys on your device follow these steps: 1. Open Chrome or Chromium based browser on your Android device. 2. Enter **chrome://flags** into the address bar. 3. Next, enter **"Passkeys"** in the search bar. 4. Under "Android Credential Management for passkeys" select **Enabled for Google Password Manager and 3rd Party Passkeys** from the dropdown menu, then click the **Relaunch** button that appears at the bottom of the browser.

### Record Search & Creation If you would like to search for a record in your vault or create a new record, tap the **Search/Add** button above your keyboard. You can then tap **Create New Record**, enter the record details, then **Fill & Save** to save the record to your vault and autofill the newly created login into the app or site.

Or if you'd like to search for an existing record, select the record from your records list and tap **Fill** to autofill the login into the app or site.

## Keeper for Wear OS Available for download in the [Google Play Store](https://play.google.com/store/games), Keeper's smartwatch app for Wear OS provides users with quick access to their favorite records as well as a convenient two-factor method for logging in to your Keeper Vault. {% hint style="info" %} For the best experience, the Keeper Wear OS app requires a phone running Android 9.0 (API level 28) or newer and a watch running Wear OS 5.0 or greater. {% endhint %}

#### Two-Factor Authentication To setup two-factor authentication for you Keeper Vault using Keeper for Wear OS as your second factor, first ensure your smartwatch is paired with your mobile phone. On your phone, navigate to Keeper's **Settings** menu and tap **Two-Factor Authentication**. **F**rom the "Authentication Method" dropdown menu, select **Smartwatch** then follow the prompts to verify your identity.

{% hint style="info" %} If you don't receive notifications, they may not be enabled for Keeper. To turn on notifications, from your phone, navigate to **Settings** > **Notifications** > **Keeper** and toggle "Allow Notifications" on. {% endhint %} Next time you login to Keeper, you will receive a push verification request on your smartwatch to approve or deny the login attempt.

Alternatively, you can enter the time-based verification code from the Keeper app home screen. This is especially useful in cases where the Keeper Push notification times out.

## Secure Add-Ons ### Secure File Storage Keeper offers Secure File Storage to protect your confidential files, photos and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper Vault. You can either add an attachment to any existing record or create a new record (optionally using the "File Attachment" record type). Tap **Attach Files, Photos & Videos** to upload your file.

Attach Files, Photos & Videos to a Record

{% hint style="info" %} To learn more about Secure File Storage, click [here](https://docs.keeper.io/en/user-guides/secure-file-storage). {% endhint %} ### BreachWatch BreachWatch is a powerful, secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk. To start your BreachWatch scan, tap **BreachWatch** in the lower menu of your screen tap then **Let's Begin > Scan**. BreachWatch will then scan your records and report any risks associated with them. Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper vault with the same password. If you tap **Ignore**, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk. ![BreachWatch Scan Results](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2FeIrTdWsowRoKxy2bS81m%2FBreachWatch.png?alt=media\&token=8d8d85b0-3116-4507-9daf-ad20d9216fe7) {% hint style="info" %} To learn more about BreachWatch, click [here](https://docs.keeper.io/en/user-guides/breachwatch). {% endhint %} ## Settings The Settings menu allows you to customize the display, personalization and security features of the application, including: * Dark Mode * Theme * Login Options (Two-Factor Authentication, Biometric Login, Allow Offline Access, Stay Logged In, Auto-Logout) * Security (Enable Self-Destruct) * Fast Login Mode * KeeperFill * Auto-Approve Devices from Recognized IP Address(es) * Prevent Screenshots * Clipboard Expiration * Hide Passwords * Show Numbers in List View * Sort Record Types * Change Email Address * Account Recovery * Reset Master Password {% hint style="info" %} Please note that some security settings may be enforced by your Keeper Administrator if you are part of a Keeper Business account. {% endhint %}

### Dark Mode You can enable Dark Mode from the Settings menu. Tap the **Match System** dropdown menu to turn Dark Mode for Keeper on or off. By default, the app will match your device's system display settings.

### Account Recovery If you forget your master password, Account Recovery will help you quickly regain access. 1. **Settings > Account Recovery** 2. Confirm your Master Password and tap **Generate New Phrase**. 3. Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it. 4. Check the confirmation box to confirm that you've stored your Recovery Phrase. 5. Tap **Set Recovery Phrase**. ### Reset Master Password 1. **Settings > Reset Master Password**. 2. Enter your current master password. 3. Create and confirm a new master password. {% hint style="info" %} If you have Biometric Login enabled, you won't be required to enter your current master password. {% endhint %} {% hint style="danger" %} If you are unable to login with your current master password, and you've set a recovery phrase, go to [Forgotten Master Password & Account Recovery](https://docs.keeper.io/en/user-guides/troubleshooting/reset-your-master-password#forgotten-master-password-and-account-recovery) to recover your account. {% endhint %} ## Two-Factor Authentication Two-Factor authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in. {% hint style="success" %} Enabling two-factor authentication is especially advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts). {% endhint %} Keeper offers two ways to take advantage of 2FA: * To log into your Keeper Vault. * To log into any site or application from your Keeper Vault by embedding a TOTP (time-based one-time password) into your records. ### 2FA for Your Keeper Vault To enable 2FA for your Keeper Vault, tap **Settings > Two-Factor Authentication**, tap the dropdown menu under "Primary Method" and select a method from the list of options. ![Enable Two-Factor Authentication](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2FWVhQZDQCALJx6IDoUkLk%2FSettings%20\(2\).png?alt=media\&token=e4539d8d-257c-47be-93c4-2c0a99f39f2b) #### Text Message Setup: 1. Select a Region (US+1 by default), enter your 10 digit phone number including your area code and tap the **checkmark icon** to save. 2. Select how long you want the two-factor method to be valid for (not again for the device, every 30 days, 24 hours, 12 hours or at every login). {% hint style="info" %} Business customers may be required to enter the code every login as determined by their Keeper Administrator. {% endhint %} 3. Enter the **code** that was sent to the phone number you provided then tap the **checkmark icon** to save. Codes will only last for a minute; if you need another code sent, tap **Send a new code.**

4. Backup codes will be shown next. If you are unable to receive two-factor codes via the phone number you entered, you can enter one of the backup codes listed instead. Tap one of the listed options to confirm you saved the codes somewhere safe. {% hint style="warning" %} If you are not receiving SMS messages from Keeper, please use the TOTP method or submit a support ticket at . {% endhint %} #### Authenticator App (TOTP) Setup: 1. Once you select "Authenticator App" tap the **checkmark icon** to save. 2. Select how long you want the two-factor method to be valid for (not again for the device, every 30 days, 24 hours, 12 hours or at every login). {% hint style="info" %} Business customers may be required to enter the code every login as determined by their Keeper Administrator. {% endhint %} 3. You will be prompted to scan the QR code or enter your secret key into your authenticator or TOTP app. If you don’t have an authenticator app installed, the app will show the QR code for you to scan directly. If you already have one or more authenticator apps installed on your Android device, a menu will appear at the bottom of the screen, allowing you to select the app you wish to use. * **If you have multiple authenticator apps installed:**\ Choose the app you want to use. The selected app will open and ask you if you want to add the token. * **If you only have one authenticator app installed:**\ The installed app will automatically open, and you'll be asked if you want to add the token. * **Save the Token in Your Authenticator App** * **For a single app:** The authenticator app will automatically prompt you to add the token. Tap to confirm. * **For multiple apps:** After selecting your authenticator app, the app will prompt you to add the token. Tap to confirm. **Important:** After registering the token in your authenticator app, there is no obvious "Go back to Keeper" button. You will need to manually switch back to Keeper by either: * Using the "Recent Apps" button to switch back to Keeper, or * Using the swipe gesture (depending on your device settings) to return to Keeper. 4. Once the token is registered in your authenticator app, return to Keeper and enter the TOTP code provided by your app to complete the setup. ![Enter Code](https://914511346-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSGVtOTYUIkVBoYtFvK%2Fuploads%2FNnGFDu9BVlJ4KsL5yPZu%2FTOTP%20Set%20Up.png?alt=media\&token=d899e027-85e8-48ae-9417-397da2e97072) 5. Backup codes will be shown next. If you are unable to receive two-factor codes via the phone number you entered, you can enter one of the backup codes listed instead. Tap one of the listed options to confirm you saved the codes somewhere safe. {% hint style="info" %} In order for Azure MFA (using the Microsoft Authenticator app) to be utilized as a TOTP, the Azure Administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure. {% endhint %} #### Keeper for Wear OS Setup: To setup two-factor authentication for you Keeper Vault using Keeper for Wear OS as your second factor, first ensure your smartwatch is paired with your mobile phone. On your phone, navigate to Keeper's **Settings** menu and tap **Two-Factor Authentication**. **F**rom the "Authentication Method" dropdown menu, select **Smartwatch** then follow the prompts to verify your identity.

Next time you login to Keeper, you will receive a push verification request on your smartwatch to approve or deny the login attempt. Alternatively, you can enter the time-based verification code from the Keeper app home screen. This is especially useful in cases where the Keeper Push notification times out.

{% hint style="info" %} For more information about the Keeper WearOS app, click [here](#keeper-for-wear-os). {% endhint %} ### 2FA Frequency You can manage how often you are prompted to sign in on your device with your selected two-factor method at any time. Once you have set up two-factor authentication for your vault (following the steps above), the 2FA Frequency setting will be available within the "Settings" menu. Tap **2FA Frequency** and select from: every login, every 12 hours, every 24 hours, every 30 days, or don't ask again on this device.

### 2FA for Websites & Apps Keeper can fill 2FA codes on any website or application that supports TOTP by scanning a QR code to generate a code (requires a second device). 1. Open and edit the Keeper record on your mobile device and tap **Add Two-Factor Code** (this will open your device's camera). {% hint style="info" %} In order to open your device's camera you must first "allow" Keeper permission when prompted. {% endhint %}

2. On a secondary device (e.g. tablet, computer), navigate to the corresponding record's 2FA set up screen to retrieve the site's QR code. 3. Scan the QR code with your mobile device. You will see the code has been added to the record. 4. Tap the **checkmark icon** to save, then tap the code to copy it to your device's clipboard. 5. Return to the site to paste the code to complete the setup. ## Biometric Login From the Settings menu, toggle "Biometric Login" on. {% hint style="warning" %} For security reasons, Android has designated only certain biometric authentication methods as secure. Samsung face biometric is considered *insecure* by the Android operating system (because it can be [fooled by a photo](https://www.theregister.com/2023/05/19/2d_photograph_facial_recog/)). Keeper Security does not permit insecure biometric access to the vault. {% endhint %}

Once enabled, at the Keeper login screen, tap **Biometric Login** and touch the fingerprint sensor when prompted (or use Face/Iris Authentication where available).

{% embed url="" %} Biometric Login {% endembed %} ## FIDO2 WebAuthn Security Keys Keeper provides two-factor authentication (2FA) on Android with compatible hardware keys such as the [**YubiKey 5 NFC**](https://www.yubico.com/product/yubikey-5-nfc/), [**YubiKey 5C NFC**](https://www.yubico.com/product/yubikey-5c-nfc/) and [**YubiKey 5Ci**](https://www.yubico.com/product/yubikey-5ci). Listed below are supported physical keys on Android. | Supported Physical Keys | NFC Support | Plug-in Support | | ----------------------- | ----------- | --------------- | | Yubikey 5 NFC | ✅ | ❌ | | YubiKey 5C NFC | ✅ | ✅ | | YubiKey 5Ci | ❌ | ✅ | | Identiv uTrust NFC | ✅ | ❌ | | Feittian ePass K9 NFC | ✅ | ❌ | | GoTrust Idem NFC | ❌ | ✅ | | Thetis Pro NFC | ✅ | ✅ | {% hint style="info" %} Keeper is committed to enhancing the security and flexibility of your experience. Support for more plug-in style physical keys will come with a future release. {% endhint %} ### Setup & Registration 1. Before you add a security key, a two-factor authentication method must be in place as a backup. 2. Navigate to **Settings > Two-Factor Authentication** and tap **Add** next to "Security Keys". 3. Tap **+** **Add Key** and enter a name for the security key, then tap **REGISTER**. 4. Select **NFC Security key** from the list of devices. 5. Hold your key flat against the back of your device until it stops vibrating. Your security key has been registered. You can register up to 5 security keys. Any one of those keys will unlock the account.

### **Prompt Frequency & Offline Access** The FIDO2 WebAuthn device will be required for login based on the configuration of the first 2FA method. For example: * If the first 2FA method is set to "Prompt Every Login", then the Yubikey will be required on every login, and offline login will be *disabled.* * If the first 2FA method is set to "Every 30 days", then the Yubikey will be required every 30 days, and offline login will be *disabled.* * If the first 2FA method is set to "Remember Forever", then the Yubikey will only be required one time on each new device. Offline vault login will be *enabled.* ## Account Switching Have more than one Keeper account? Keeper supports the use of multiple vaults on the same device and makes it easy to seamlessly switch between your personal and business accounts without having to log out of your current session. To switch accounts, navigate to the "Account" menu by tapping on your **user icon** in the upper right corner of the screen and selecting **Account**. Next, tap the **dropdown menu icon** to the right of your email address. Select the account you would like to switch to or tap **Add Account** to login into and register another account on that device.

{% hint style="info" %} Quick account switching only works for active sessions where you've already logged in. {% endhint %} Easily remove unwanted accounts from the device by swiping left on an account email then tapping the **remove icon**.

{% hint style="success" %} You can also switch and add accounts from the Keeper login screen. {% endhint %} ## 2FA Prompting Behavior & Offline Access When 2FA is activated on an account, it protects the user on all devices and all platforms because 2FA is protecting access to the backend cloud system. By definition, two-factor authentication protects access to the cloud and it protects access to online accounts. It therefore requires an online connection to be prompted for 2FA. 2FA is triggered when a request is made from the client device to the server. For example when logging into a new device, syncing new information on an existing device or performing any other cloud-based features. By default, the native Keeper app for iOS, Android, Mac and Windows allow users to login quickly with their master password (offline mode) to access their vault. After typing in the master password or using biometric login, the user decrypts the data locally, then the app sends a sync request to the server at which time the user may be prompted for their 2FA code. Depending on the speed of the Internet connection, the 2FA prompt may be received a couple seconds after logging into the native application because the local decryption of data occurs much faster. Offline authentication and vault access is permitted by all consumer customers. Enterprise customers may restrict the use of offline access for their employees. ## 2FA Token Retention & Timing When activating 2FA on your Android device for the first time, the user selects how often they want to be prompted. Users can be prompted for 2FA at every login, once every 12 hours, every 24 hours, every 30 days, or only one time per device. It's important to understand that 2FA is always enabled on the Keeper servers. After a successful login on a device, a "token" is generated from the 2FA code and stored locally on the device as long as it's deemed valid by the server. This is why you are still able to login to the same device over and over without being re-prompted. By default, consumer customers will be prompted only one time per device. Enterprise customers may enforce users to be prompted every time for a new code. Currently, the 2FA token retention timing on Android will default to "only one time" on a device if the 2FA was initially set up on the Web Vault or Desktop App. To change this behavior, please turn 2FA off and then re-activate 2FA on the iOS device. ## Import & Export To import and export data from your Keeper vault, visit the Keeper Web Vault or download Keeper Desktop for your computer. Keeper Web Vault: All Downloads: ## Uninstall & Account Reset The instructions below apply to the latest OS. Third party operating system instructions may differ. #### Uninstall Keeper: {% hint style="danger" %} Uninstalling Keeper will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased. {% endhint %} 1. Open your device's **Settings menu**. 2. Tap **Apps** or **Application Manager** (depending on device). 3. Navigate to the **Keeper App**. 4. Tap **Uninstall**. 5. Confirm by tapping **OK** when prompted. #### Account Reset: {% hint style="danger" %} Resetting Keeper will erase all records from all Keeper accounts stored locally on your device. Data stored on Keeper's Cloud Security Vault is NOT erased. {% endhint %} 1. Open your device's **Settings menu**. 2. Tap **Apps** or **Application Manager** (depending on device). 3. Navigate to the **Keeper App > Storage**. 4. Tap **Clear data** and **Clear cache**. 5. Confirm by tapping **OK** when prompted. ## Privacy Keeper's mobile apps do not contain any trackers. All mobile apps go through vulnerability testing with Keeper's 3rd party testers and the Bugcrowd Bug Bounty Program. Exodus Privacy is an organization that monitors the applications that perform user tracking. Keeper's Android application showing zero trackers is listed below: ## Helpful Links Customer Support Form: Business Customers: System Status: [https://statuspage.keeper.io](https://statuspage.keeper.io/)