Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Setup guide for Keeper's autofill feature, KeeperFill on Android phones and tablets.
You can download the Keeper App for Android from the Google Play Store or from the Keeper Download page. Use KeeperFill to quickly create and autofill passwords into web browsers such as Firefox, Edge, Brave, DuckDuckGo and all other native apps like banking and social media.
KeeperFill is currently supported for Android versions 9 (API Level 28) and newer. For the best Autofill framework capabilities and the highest levels of security, we recommend using the newest version of Android available for your device.
On newer Android phones, KeeperFill utilizes the Android Autofill service to automatically integrated with any website or application. Support for the Autofill framework varies based on the browser.
Other browsers with limited support
Chrome [Install]
The Google Chrome browser works with Autofill, but the results can be inconsistent. Sometimes, you have to close and re-open the Chrome browser. For the best user experience, we recommend using one of the mentioned mobile browsers listed above.
To enable KeeperFill, navigate to Keeper's Settings menu, then toggle "KeeperFill" on.
You will then prompted to enable various settings on your device including:
Selecting Keeper as the Autofill service
Enabling KeeperFill in the installed services
Enabling KeeperFill in the available virtual keyboard section
Enabling Keeper to display over other app
From the app or website login screen, tap Sign in to Keeper located above the keyboard and enter your Keeper master password.
If Keeper identifies a record match, your login will then be displayed. Simply tap on your login next to the Keeper icon to autofill your credentials and log in.
Some apps and sites have more than one login screen and may require you to tap your login on each screen.
If your device's keyboard does not support autofill, KeeperFill's appearance and location will vary like in the example below.
If you would like to search for a record in your vault or create a new record, tap Search/Add. Then select whether you would like to Search or Create New Record.
If searching, select the record in your records list and tap Fill to autofill the login in the app or site.
If creating a new record, enter the record details and tap Save and Fill to save the record to your vault and autofill the newly created login in the app or site.
The following Quick Start Guides will walk you through the setup steps and main features of Keeper for Web Vault & Desktop App, iOS, and Android.
How to use Keeper to manage TOTP codes for protecting your Office 365 accounts.
Keeper can protect Azure AD / Office 365 logins with our TOTP (time-based one-time password) feature. By default, Microsoft provides a different type of code which supports their push method. Below are the step by step instructions to setting up Office 365 TOTP code support properly.
(1) From your Microsoft Azure / Office 365 Profile Screen, visit your security settings screen. The Microsoft site seems to change often, so we won't add a hyperlink here. Click on "Add Method" to set up two factor authentication on your Microsoft account.
(2) Select "I want to use a different authenticator app" as your preferred option
The QR code will be generated and displayed:
(3) On Keeper from your record, click on "Add Two-Factor Code". Or if you're using the mobile app, you can tap on "Add Two-Factor Code" to scan it with the camera.
(4) Enter the verification code as displayed in your Keeper app
(5) Click Next and then Save the record in the Keeper vault.
Make sure to save the Keeper record before exiting the setup
(6) To ensure that Autofill works with all the various Microsoft sites you may be using, we recommend adding several custom fields to your Keeper record similar to the screen below.
When logging into Microsoft Online, use Keeper's right-click menu as a simple way to fill the TOTP code.
If a website form field does not display the Keeper lock icon, users can right-click on the field to produce a context menu with KeeperFill features. The context menu offers the ability to fill logins, payment cards, addresses and create new passwords.
The KeeperFill right-click context menu provides the following features:
Filling record login fields
Filling payment card fields
Filling billing and address fields
Filling TOTP Codes
Creating a new record
Opening the extension window
Launching the Web Vault
Logging out of your account
Guides for consumer and business end-users on desktop and mobile devices.
Keeper is a Zero-Knowledge platform. The data stored in a Keeper vault is encrypted and decrypted locally on the user’s device. Check out this blog article which reviews how Keeper protects your information:
For a more in-depth technical description of our encryption model documentation.
Keeper Security employees have no ability to decrypt customer data, because the encryption keys are managed by the customer. In addition to zero knowledge architecture, Keeper supports a number of two-factor authentication methods including FIDO2 WebAuthn devices, Google Authenticator, Microsoft Authenticator and SMS. Keeper Security is SOC2 Certified, ISO 27001, 27017 and 27018 certified, FedRAMP Authorized, StateRAMP authorized.
The system requirements for each Keeper platform are listed below.
Keeper works on every smartphone, tablet and computer. Keeper supports popular browsers including Chrome, Safari, Firefox, Edge, Opera, Brave and IE. Native app installation is available from the and every public-facing app store (iTunes, Google Play, Microsoft Store, etc).
The latest Keeper downloads can be found at
The Keeper Web Vault is a fully featured web-based application. To access the Keeper Web Vault login, visit:
Keeper Desktop is a cross-platform native desktop application for Windows, MacOS and Linux. Several installer files are provided at the links below.
Keeper for iOS can be installed directly from the App Store:
Keeper for Android can be installed from the Google Play application at the link below:
For Keeper Enterprise administrators, please see the link below for Enterprise deployment options:
US Data Center:
US Public Sector / GovCloud:
EU Data Center: AU Data Center:
CA Data Center:
JP Data Center:
Windows 10 AppInstaller (64 and 32-bit, supports Windows Hello): [] Command-line deployment:
Microsoft Store Version: []
Windows 10 MSIX Installer: [] (Note: MSIX does not auto-update)
Windows 10 MSI Installer: [] (Note: MSI does not auto-update, no support for Windows Hello)
Mac OS .dmg []
Mac App Store [] (Note: does not support iCloud Keychain import)
Linux Fedora, Red Hat, CentOS, Debian, Ubuntu and Linux Mint: (Please refer to the below Download Page for the latest links) []
Password Importer Standalone (Windows 10): []
Password Importer Standalone (Mac OS): [] Desktop App
For file verification, Keeper Desktop SHA1 hashes are computed based on the most recent version and can be retrieved at the below URL:
The latest Browser extensions can be installed by users at the links below: Chrome, Brave, Opera: Firefox:
Edge:
Safari:
Device | OS Version Supported |
Windows | 7 / 8 / 10+ |
Mac OS | Current Version - 2 |
Linux | Fedora, Red Hat, CentOS, Debian, Ubuntu, Mint |
iOS | 14+ |
Android | 9+ |
Chrome OS | Current Version - 2 |
Internet Explorer | 11 |
Edge | Current Version - 2 |
Safari | Current Version - 2 |
Firefox | Current Version - 2 |
Opera | Current Version - 2 |
Brave | Current Version - 2 |
This quick start guide will walk you through the setup steps and main features of Keeper for iOS, linking additional user guides throughout for a more detailed look.
Once you have signed up for Keeper there are a few initial set-up steps on both your iOS device and desktop computer we recommend that you complete to help get you up and running with Keeper in no time.
Signing up for Keeper's iOS mobile app is easy. Simply visit the App Store on your device and install Keeper Password Manager.
Once the download is complete, enter your email address. If you are not an existing user, you will be asked to create a Master Password which will be the only password you need to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!
After successfully downloading and logging into Keeper, it is highly recommended that you enable Two-Factor Authentication (2FA). Two-Factor Authentication provides an extra layer of protection against unauthorized access by requiring a second passcode verification at login. Using 2FA is advised to further increase the security and protection of the data stored in Keeper.
Tap Settings > Two Factor Authentication
then tap ">".
Select your Two-Factor notification method and follow the on-screen prompts to complete the setup (more on that here).
Whether you choose text message or an authenticator app as your 2FA method, Keeper offers the convenience of not having to enter the verification code every time you login. To enable this feature, select Save code on this device forever
during 2FA set-up and you will only have to enter the code once on each device you login into.
KeeperFill is fully integrated into the login experience of every website and app (iOS 12+), allowing you to enjoy its many benefits and conveniences seamlessly across your devices. Before you can utilize KeeperFill on your device, you must first enable it in your device settings.
On your device, tapSettings > Passwords > Password Options
then toggle "AutoFill Passwords" on and from the list, select Keeper.
To make the most out of the Keeper Mobile App and ensure that your device's built-in password saving feature doesn't interfere with KeeperFill's autofill capabilities, we recommend that you only allow filling from Keeper.
Notice a Passwords
button now appears above the keyboard when logging into an app or website.
When you first login to you vault, Keeper will give you the opportunity to import passwords from your computer and/or web browsers (If you're not near a desktop computer, you can perform the import at a later time).
After tapping I'm at my computer
Keeper will ask you to navigate to keepersecurity.com/setup to begin the process of importing your passwords.
You can either manually enter your existing logins and passwords into your vault or Keeper can import existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To get started click your Account Dropdown Menu, then click Settings > Import
For instructions on how to import from your web browser, click here.
For instructions on how to import from another password manager, click here.
For instructions on how to import from a text file, click here.
To learn more about manually entering your logins and passwords into your vault by creating new records, click here.
KeeperFill is a browser extension that autofills your logins and password into websites and apps. Click here to visit the Keeper website and download KeeperFill for your browser.
Browser-specific setup instructions and more information for KeeperFill:
To make the most of Keeper's Browser Extension, we recommend that you disable your browser's built-in password saving features. Keeper provides a much more secure and seamless solution to save and autofill your passwords across all browsers, devices and computers. For browser-specific instructions click here.
Quickly create new records and folders on your mobile device using the convenient Create Button.
Choose a Record Type from the dropdown menu ("Login" is the default type)
Name Your Record
Enter Your Email or Username
Enter Your Password or Tap the Dice to Generate One
Enter the Website Address
Enter Notes, add Files or Photos, Two-Factor Codes, and Custom Fields
Tap Save
to finish
You can also create a new record while logging into a site with KeeperFill, more on that here.
Enter the name of the folder and tap Save
.
Enter the name of the shared folder and tap Save
.
Learn more about record and folder sharing here.
Tap on the record you would like to move and drag-and-drop into a folder.
Select the record(s) you would like to add from the list, then tap Add
.
The Edit Tool allows you to manage the location of one or more records at once. With this tool, you have the ability to accomplish the following record actions: create a shortcut, move to a new folder, move to existing folder, and move to the trash.
Tap the pencil icon and select the folder(s) or record(s) then select the action you would like to perform by tapping on one of the listed icons and following the on-screen prompts.
Shortcuts = like alias files, can exist in two or more places and when edited, change together.
KeeperFill is fully integrated into the login experience of every website on app (iOS 12+), allowing you to enjoy its many benefits and conveniences seamlessly, across your devices.
For more information on KeeperFill for iOS 11 and older, click here.
Before you can utilize KeeperFill on your device, you must first enable it in your device's Settings app.
On your device, tapSettings > Passwords & Accounts > AutoFill Passwords
then toggle "AutoFill Passwords" on and from the list, select Keeper.
To make the most out of KeeperFill and ensure that your device's built-in password saving feature doesn't interfere, we recommend that you only allow filling from Keeper.
Notice a Passwords
button now appears above the keyboard when logging into an app or website.
From the app or website login screen tap Passwords
to open KeeperFill.
If there is a record match, tap Fill
.
Keeper will attempt to match records when possible, to search for a record enter your record search terms into the search bar to display relevant records.
Tap the copy button next to the Two-Factor Code.
Fill your login credentials, then when prompted, long-press on the Two-Factor field and Paste
the copied code.
If Keeper is unable to find a matching record when logging into an app or site, you will have the opportunity to create one by tapping Create New Record
.
Enter your login credentials and tap Fill & Save
to fill your login credentials and save them as a new record to your vault.
Securely create, share and manage records with family, friends and colleagues.
From your vault, tap on a record to view it in detail, then tap Share
.
Tap Share with User
and enter their email address and toggle on/off permission types, then tap Save
.
From your vault, tap on a record to view it in detail, then tap Share
.
Tap New Shared Folder
.
Enter the name of the shared folder and use the search field if you want to add additional records, then tap ">" and toggle on/off the permission types. Tap Back
when done.
To add users to the new shared folder, tap Users
.
Enter the email address of the user(s), tapping Done
on you keyboard between each to add them, then tap Save
to finish.
Many familiar Keeper features can be accessed in the record detail view such as, creating favorites and viewing record history. The following actions can also be accessed from the edit screen:
Add to Favorites
Create Duplicate
Delete
From your vault, tap on a record to view it in detail, then tap More
.
Tap on an action item from the generated menu and follow the on-screen steps.
Biometric login, especially when paired with Keeper is a time saving, convenience feature that allows you to login to Keeper with your fingerprint (Touch ID) or through face recognization (Face ID).
Tap Settings
and toggle Biometric Login on.
Watch the video below to learn more about biometric login support on iOS.
Keeper's Scan a Document feature uses optical recognition (OCR) to scan a picture, document, card or credentials written on paper and transcribes and securely stores them in plain text within you record's "Notes" section (available on iOS 13+).
While viewing a record, tap Edit > Scan a Document
.
Using your device's camera function, save your scan and you can either add it as an image to the record or save it as text only to your "Notes" field. Tap Save
to finish.
Before you save a scan, you will have the opportunity to review and modify the transcribed text if needed.
This Quick Start Guide will walk you through the setup steps and main features of Keeper for Web Vault & Desktop App, linking additional user guides throughout for a more detailed look.
This section will walk you through a few important setup steps that will help get you started and ensure you are up and running with Keeper in no time.
To create your Keeper account, first enter your email address then you will be asked to create and confirm a Master Password which will be the only password you have to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!
To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.
You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To get started, click on your account email in the upper right corner of your vault window, then click Settings > Import.
You can also skip the password import process and proceed to creating new password records from scratch (see the "Create a Record" section in this guide).
Browser-specific setup instructions and more information about KeeperFill can be found here:
Once downloaded, the KeeperFill Browser Extension will appear in the upper-right corner of your browser window (except for Safari).
In Safari, the KeeperFill Browser Extension will appear left of center in your browser window.
To make the most of Keeper's browser extension, we recommend that you disable your browser's built-in password saving features. Keeper provides a much more secure and seamless solution to save and autofill your passwords across all browsers, devices and computers.
Click your browser's menu icon, then click Settings > Autofill > Password Manager and ensure "Offer to save passwords" is toggled off.
Click your browser's menu icon, then Settings > Privacy & Security and ensure "Ask to save logins and passwords for websites" is unchecked.
Click Preferences... > Autofill then uncheck the boxes next to "Autofill web forms".
Click the browser's menu icon, then Settings > Passwords and ensure "Offer to save passwords" is toggled off.
Click the gear icon, then click Internet Options > Content and in the "AutoComplete" section, click Settings and turn off "Forms and Searches" and "User names and passwords on forms", click OK to finish.
Strengthen your account security and increase productivity by storing all of your passwords and private information as Records in your personal, encrypted Keeper Vault.
Click + Create New > Record.
Enter a name for the Record and click Next
Enter the Login (Username or Email)
Enter the Website Address
Click Save to finish
Click + Create New > Folder.
Enter the name of the folder and click Create.
Drag-and-drop the record(s) you would like to store in the folder and click Move or Create shortcut.
Record Shortcuts = like alias files, can exist in two or more places and when edited, change together.
Right-click on an existing folder and click New Folder.
Enter the name of the subfolder and click Create.
Drag-and-drop the record(s) you would like to store in the subfolder and click Move or Create shortcut.
Keeper generates and stores strong, random passwords for all of your sites and apps so you will never have to remember your passwords again.
While creating or editing a record, click the dice icon to generate a unique password. If needed adjust the character length and special character, and click Save to finish.
This will NOT automatically change the website's existing login password. You still must visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password.
Securely create, share and manage records with family, friends and colleagues.
While viewing a record click Share.
Enter the email(s) of the user(s) you would like to share the record with, then select their permission type from the dropdown menu (if they are not already a Keeper user, they will be invited to create an account via email).
Shared folders allow you to share multiple records at once and new records can be added to the folder as needed.
To create a Shared Folder, click Create New > Shared Folder.
Choose where you would like to nest the folder using the dropdown menu and enter a name for the folder. Set the User and Folder Permissions and click Create.
KeeperFill is our browser extension that autofills your logins and password into websites and apps.
Browser-specific setup instructions and more information for KeeperFill can be found here:
The KeeperFill Browser Extension allows you to autofill your passwords and save new login credentials you create to your vault.
If it's the first time you are logging into a site with KeeperFill, you will be asked if you would like Keeper to autofill your login.
With KeeperFill there are multiple paths to create a new record. From the KeeperFill toolbar, quickly create a new record with our prominent Add Record button. This “quick add” functionality will auto-generate a record “Title” and “URL” based on the website you are visiting. Alternatively, you can create a record from scratch by clicking the yellow plus icon.
KeeperFill makes it easy to change your passwords. When a user visits a site's "Change Password" page, you will receive a prompt from Keeper asking if you would like help changing your password. By clicking Yes, Keeper will run a wizard that walks you through a few quick steps to change your password and simultaneously update the record in your vault. These steps will include a series of prompts detailing the following actions:
Autofill your old/current password
Automatically generate and autofill a new secure password
Confirm the changes and save them to your vault
Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely, making checkout on websites and apps a breeze.
From Identity & Payments enter a username and click + Phone Number and + Address. Enter the corresponding personal information and click Save to finish.
To store a payment card, click the Payment Cards tab, enter the card information and click Save to finish.
You can also create a "Payment Card" Record by using the record type dropdown menu during record creation.
Alternatively, you can right-click in the payment field of a form to produce a context menu that allows you to access the KeeperFill features and autofill your payment cards.
Securely upload and store files such as passports, medical or credit cards, loan documents, photos and any other private file - making them easily accessible from your vault.
While creating or editing a record, click Files or Photos and select a file or photo from your computer to upload it.
Alternatively, you can drag-and-drop the file directly from your computer desktop into the record.
When the upload is complete, click Save. To view or download the file, click the download icon.
Custom fields allow you to store other important data, like the answer to a site's security question.
Available Custom Fields:
Text
URL (website address) used for Autofill
Security Question & Answer
Multi-line Text
Date
Name
Address (new or linked)
Pin Code (4-digit numeric)
Phone Number
Payment Card (new or linked)
Hidden Field
While creating or editing a record, cick Custom Field.
Select the custom field you would like to add to the record.
Enter the field values and click Save to finish.
Keeper autofills the custom fields of login forms as long as both the Website Address and Custom Field Name of the Keeper record match those of the login form.
Keeper integrates seamlessly with all Two-Factor Authentication (2FA) methods including TOTP, SMS, Touch/Face ID, and U2F security keys. Use Keeper to store your sites' Two-Factor Authentication codes and KeeperFill will autofill them at your next login where 2FA is required.
Navigate to the site's Two-Factor Authentication page (usually located in the security settings) and follow the prompts to set-up an authenticator.
Once it's provided, screen grab/snip and save the QR pattern to your computer.
In the corresponding Keeper record, click Add Two-Factor Code.
Click Upload and select the QR code from your computer, then click Add.
The Two-Factor Code will appear in the record and regenerate in real-time, click Save to finish.
Hover over the Two-Factor Code to reveal the copy icon and click on it once to copy the code.
At the website, finish setting-up the authenticator by pasting the copied code when prompted, Ctrl + v (Windows) or command + v (Mac).
Add an extra layer of security when logging into your Keeper Vault by setting up a Two-Factor Authentication (2FA) method.
Click your account email > Settings > Security and toggle Two-Factor Authentication on.
Whether you choose text message or an authenticator app as your 2FA method, Keeper offers the convenience of not having to enter the verification code every time you login. To enable this feature, select the "Don't ask again on this device" duration during setup and you will only have to enter the code once on each device you login into.
Records that have a stored two-factor code can be filled into login forms containing a time-based one-time password (TOTP) field. Simply click the fill icon in the KeeperFill window.
Tap then tap Create New Record
.
Tap then tap Create New Folder
.
Tap then tap More > Create Shared Folder
.
Alternatively, tap on the folder then tap and Add Existing Record
.
At the login screen, simply tap either theor in the Master Password field to login.
Upon logging in, you will be prompted to follow our Get Started wizard, which will guide you to , install the and set up .
For instructions on how to import from your web browser, click .
For instructions on how to import from another password manager, click .
For instructions on how to import from a text file (.csv), click .
KeeperFill is Keeper's browser extension that autofills your logins and password into websites and apps. Click to visit the Keeper website and download KeeperFill for your browser.
Choose a from the dropdown menu ("Login" is the default type)
Enter the Password or click the dice icon to generate one (more on that )
Enter Notes, add , a and
Permission Name | Permission Level |
---|
Learn more about Shared Folders .
Click to visit the Keeper website and download KeeperFill for your browser.
You can quickly access a "Payment Card" Record when you are at a payment screen by searching for it in the search bar. Simply click the Fill button to autofill the information into a payment field.
The video below demonstrates how to add a Two-Factor Code to a record using the Keeper Desktop App instead, which can be downloaded .
Select a Two-Factor Authentication method and click Next, then follow the on-screen prompts to complete the setup (more on that ).
Can Edit | User can edit this record |
Can Share | User can share this record |
Can Edit & Share | User can edit and share this record |
View Only | User can only view the record |
Transfer Ownership | User will obtain ownership of the record and control all user permissions |
This end-user guide was created for Enterprise customers who login to Keeper using a Master Password.
Keeper is simple to install, easy to use and you’ll be up and running in just minutes.
To create your Keeper account, click the Set Up Your Account Now button located in the email invitation sent by your Keeper Administrator.
Next, you will be asked to create a Master Password. It's important you choose a strong Master Password this only used for Keeper. This will be the only password you have to remember.
Two-Factor Authentication (2FA) adds an extra layer of security to your vault by requiring a second passcode upon logging in. Some 2FA methods like Duo or RSA, require admin configuration. Others, like the Google or Microsoft Authenticator Apps, can be set up by individual end-users.
Click the Account Dropdown Menu (your email address) then click Settings > Security to enable 2FA for your vault.
You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To begin the import process, click the Account Dropdown Menu (your email address), then click Settings > Import.
Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.
Visit: https://keepersecurity.com/download to download the Keeper App for all of your desktop and mobile devices.
Supported Platforms:
PC, Mac and Linux desktops
Chrome, Firefox, Safari, Edge and IE11 Web Browsers
iOS (iPhone & iPad)
Android (Phones & Tablets)
Your passwords, databases, SSH keys, bank accounts and other sensitive data are saved in your private digital Keeper Vault (as "Records") and are encrypted on your device using 256-bit AES.
To begin, click + Create New > Record.
Choose a Record Type from the dropdown menu ("Login" is the default type)
Enter a name for the Record and click Next
Enter the Login (Username or Email)
Enter the Password or click the dice icon to generate one (more on that here)
Enter the Website Address
Enter Notes, add Files & Photos, a Two-Factor Code and Custom Fields
Click Save to finish
For more information, please see our comprehensive Web Vault and Desktop App Guide.
Keeper's Browser Extension called KeeperFill, autofills your logins and passwords into websites and apps. To download KeeperFill for your browser, visit Keeper's Download page. KeeperFill is available for every web browser.
Records appear directly on the home screen as a list, with “Suggested Records” at the top to easily fill the credentials that match the website you're on. Select the record, then click Autofill to fill the credentials into the site's log in form.
When you log into your vault for a second time, you'll be prompted to set up a 24-word recovery phrase. If you forget your Master Password, this feature will help you quickly regain access.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.
If Account Recovery is not available, your Keeper Administrator may be able to transfer your vault to another Keeper account.
Keeper Business and Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices. Once the user sets up the Family Plan, each family member receives their own vault. They can also share passwords between family members using either Shared Folders or individual record sharing.
Log in to your Keeper Business or Enterprise Web or Desktop Vault.
Click on your email address in the upper-right corner.
Select Account from the dropdown menu.
Enter your personal email in the "Keeper Family License for Personal Use" section.
Click Send Email.
This will create a separate, non-enterprise managed vault which will be associated with your personal email address.
This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.
Keeper provides several methods of importing data into the vault. Each method is fully documented with screenshots and example data. (1) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Web Vault https://docs.keeper.io/user-guides/import-records-1/import-from-chrome-firefox-ie-edge-and-opera
(2) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Desktop App From the Desktop App, simply click on Settings > Import > click "Import" to begin the import process.
(3) Import from .CSV file https://docs.keeper.io/user-guides/import-records-1/import-a-.csv-file
(4) Import from a structured .JSON file https://docs.keeper.io/user-guides/import-records-1/import-json
(5) Import from LastPass (Fully Automated) https://docs.keeper.io/user-guides/import-records-1/import-from-lastpass
(6) Import from 1Password https://docs.keeper.io/user-guides/import-records-1/import-from-1password
(7) Import from Dashlane https://docs.keeper.io/user-guides/import-records-1/import-from-dashlane (8) Import from Encrypted KeePass (.kdbx) Files https://docs.keeper.io/user-guides/import-records-1/import-from-keepass-kdbx
(9) Import using the Commander CLI https://github.com/Keeper-Security/commander#importing-records-into-keeper
(10) Custom import coding using the Keeper Commander SDK https://github.com/Keeper-Security/commander
More videos are available at: https://keepersecurity.com/support.
For additional information, please see our comprehensive library of end-user guides in the left column of this page.
This end-user guide was created for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.
Keeper is simple to install, easy to use and you’ll be up and running in just minutes. You can create your Keeper account using either one of the methods below.
Option 1: Click the Set Up Your Account Now button located in the email invitation sent by your Keeper Administrator. Since your Keeper account is deployed through Single Sign-On (SSO) you will automatically be routed to authenticate with your SSO provider to launch your Keeper Vault.
Option 2: Log in to your existing SSO provider dashboard as you normally do and click the Keeper icon to launch your Keeper Vault.
Two-Factor Authentication (2FA) adds an extra layer of security to your vault by requiring a second passcode upon logging in. Some 2FA methods like Duo or RSA, require admin configuration. Others, like the Google or Microsoft Authenticator Apps, can be set up by individual end-users.
Click the Account Dropdown Menu (your email address) then click Settings > Security to enable 2FA for your vault.
You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To begin the import process, click the Account Dropdown Menu (your email address), then click Settings > Import.
The next time you log in to your Keeper Vault, you can either visit the Keeper Vault Login page or your SSO provider dashboard. Both options are described below. To access the Keeper Web Vault Login page, visit:
US Data Center: https://keepersecurity.com/vault
US Public Sector / GovCloud: https://govcloud.keepersecurity.us/vault
EU Data Center: https://keepersecurity.eu/vault AU Data Center: https://keepersecurity.com.au/vault CA Data Center: https://keepersecurity.ca/vault
JP Data Center: https://keepersecurity.jp/vault
Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.
Visit: https://keepersecurity.com/download to download the Keeper App for all of your desktop and mobile devices.
Supported Platforms:
PC, Mac and Linux desktops
Chrome, Firefox, Safari, Edge and IE11 Web Browsers
iOS (iPhone & iPad)
Android (Phones & Tablets)
Enter your email address at Keeper's Vault login page and click Next. You will then be routed to authenticate through your SSO Provider.
From Keeper's Vault Login page, click on the Enterprise SSO Login dropdown menu and select Enterprise Domain and enter your Enterprise Domain (provided by your Keeper Administrator). You will then be routed to authenticate through your SSO Provider.
Keeper provides two ways of authenticating into the Keeper Desktop application with SSO identity providers. By default, the Keeper Desktop app will open the identity provider login screen in a popup window as seen below.
This popup window is part of the Keeper Desktop application and will work for most scenarios. However, if your identity provider requires the use of a FIDO2 WebAuthn device or Passkey for authentication, using the desktop web browser method may be the best option.
To use the web browser on the device for SSO login with the Keeper Desktop app, open the Keeper menu and select "Use Default Browser for SSO".
When this option is selected, clicking "Next" will route you to the desktop web browser. After logging into your SSO provider (or if you already have an active SSO session), the web browser will redirect you back to Keeper Desktop and complete the login process.
Keeper supports IdP-initiated login from the SSO identity provider dashboard (if enabled by your Keeper administrator). Log in to your existing SSO as you normally do then from your SSO dashboard, click the Keeper icon to launch your Keeper Vault.
If you sign into Keeper on a new platform, you may encounter a "device approval" request (SSO Cloud Users Only). Please read the section below - "Device Approvals" for instructions on how to proceed.
If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper Vault. Users have two methods of approval to choose from, "Keeper Push" or "Admin Approval".
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. This is a self-service process that allows users to handle the device approval on their own.
If you select Keeper Push, a notification (push) will be appear in your vault at an approved device or browser. Select Yes to approve the new device. Once the device has been approved, you will be able to proceed to your Keeper Vault.
You must be actively logged into a different, recognized/approved device to receive the notification.
Admin Approval will send a notification to your Keeper Admin requesting device approval. If you do not have an existing, recognized device, this will be the only path gain access again.
if you select Admin Approval, your Keeper Admin will receive notification for approval. Once the device has been approved, you will be able to proceed to your Keeper Vault.
Keeper's platform supports automated device approvals through a product called the Keeper Automator service. If your Keeper Administrator has configured this service, device approvals will occur automatically upon successfully logging into your SSO identity provider.
Learn more about the Keeper Automator service.
Your passwords, databases, SSH keys, bank accounts and other sensitive data are saved in your private digital Keeper Vault (as "Records") and are encrypted on your device using 256-bit AES.
To begin, click + Create New > Record.
Choose a Record Type from the dropdown menu ("Login" is the default type)
Enter a name for the Record and click Next
Enter the Login (Username or Email)
Enter the Password or click the dice icon to generate one (more on that here)
Enter the Website Address
Enter Notes, add Files & Photos, a Two-Factor Code and Custom Fields
Click Save to finish
For more information, please see our comprehensive Web Vault and Desktop App Guide.
Keeper's Browser Extension called KeeperFill, autofills your logins and passwords into websites and apps. To download KeeperFill for your browser, visit Keeper's Download page. KeeperFill is available for every web browser.
Records appear directly on the home screen as a list, with “Suggested Records” at the top to easily fill the credentials that match the website you're on. Select the record, then click Autofill to fill the credentials into the site's log in form.
When you log into your vault for a second time, you'll be prompted to set up a 24-word recovery phrase. If you forget your Master Password, this feature will help you quickly regain access.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.
If Account Recovery is not available, your Keeper Administrator may be able to transfer your vault to another Keeper account.
Keeper Business and Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices. Once the user sets up the Family Plan, each family member receives their own vault. They can also share passwords between family members using either Shared Folders or individual record sharing.
Log in to your Keeper Business or Enterprise Web or Desktop Vault.
Click on your email address in the upper-right corner.
Select Account from the dropdown menu.
Enter your personal email in the "Keeper Family License for Personal Use" section.
Click Send Email.
This will create a separate, non-enterprise managed vault which will be associated with your personal email address.
This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.
Keeper provides several methods of importing data into the vault. Each method is fully documented with screenshots and example data. (1) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Web Vault https://docs.keeper.io/user-guides/import-records-1/import-from-chrome-firefox-ie-edge-and-opera
(2) Import from Chrome, Firefox, IE, Edge, Safari and Opera using the Desktop App From the Desktop App, simply click on Settings > Import > click "Import" to begin the import process.
(3) Import from .CSV file https://docs.keeper.io/user-guides/import-records-1/import-a-.csv-file
(4) Import from a structured .JSON file https://docs.keeper.io/user-guides/import-records-1/import-json
(5) Import from LastPass (Fully Automated) https://docs.keeper.io/user-guides/import-records-1/import-from-lastpass
(6) Import from 1Password https://docs.keeper.io/user-guides/import-records-1/import-from-1password
(7) Import from Dashlane https://docs.keeper.io/user-guides/import-records-1/import-from-dashlane (8) Import from Encrypted KeePass (.kdbx) Files https://docs.keeper.io/user-guides/import-records-1/import-from-keepass-kdbx
(9) Import using the Commander CLI https://github.com/Keeper-Security/commander#importing-records-into-keeper
(10) Custom import coding using the Keeper Commander SDK https://github.com/Keeper-Security/commander
More videos are available at: https://keepersecurity.com/support.
For additional information, please see our comprehensive library of end-user guides in the left column of this page.
This quick start guide will walk you through the setup steps and main features of Keeper for Android, linking additional user guides throughout for a more detailed look.
There are a few set-up steps on both your Android device and desktop computer we recommend that you complete first to help you get up and running with Keeper in no time.
Signing up for Keeper's Android mobile app is easy. Simply visit the Google Play store on your device and install Keeper Password Manager.
Once the download is complete, enter your email address. If you are not an existing user, you will be asked to create a Master Password which will be the only password you need to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!
After downloading the Keeper Mobile App, it is highly recommended that you enable Two-Factor Authentication (2FA). Two-Factor Authentication provides an extra layer of protection against unauthorized access to your vault by requiring a second passcode verification at login. Using 2FA is advised to further increase the security and protection of the data stored in Keeper.
Tap the menu icon then tap Settings
and toggle Two-Factor Authentication on.
Tap the dropdown button to select your Two-Factor notification method and follow the on-screen prompts to complete the setup (more on that here).
Whether you choose text message or an authenticator app as your 2FA method, Keeper offers the convenience of not having to enter the verification code every time you login. To enable this feature, select Save code on this device forever
during 2FA set-up and you will only have to enter the code once on each device you login into.
On Android Oreo (8.0) and newer, our KeeperFill feature seamlessly autofills your logins and passwords into apps and web browsers. Use KeeperFill to quickly create and autofill passwords into web browsers such as Chrome and Firefox as well as all other 3rd Party Applications.
Before you can use the KeeperFill feature on your device, you will need to perform a few quick setup steps.
In Keeper, tap the menu icon, then tap Settings
.
Toggle KeeperFill on.
You will then be prompted to enable various settings on your device, including:
Selecting Keeper in the Autofill service
Enabling KeeperFill in the Installed services
Enabling KeeperFill in the Available virtual keyboard section
Enabling Keeper to Display over other apps
To make the most out of the Keeper Mobile App and ensure that your device's built-in password saving feature doesn't interfere with KeeperFill's autofill capabilities, we recommend that you only allow filling from Keeper.
When you first login to you vault, Keeper will give you the opportunity to import passwords from your computer and/or web browsers (If you're not near a desktop computer, you can perform the import at a later time).
After tapping I'm at my computer
Keeper will ask you to navigate to keepersecurity.com/setup to begin the process of importing your passwords.
You can either manually enter your existing logins and passwords into your vault or Keeper can import existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To get started click your Account Dropdown Menu, then click Settings > Import
.
For instructions on how to import from your web browser, click here.
For instructions on how to import from another password manager, click here.
For instructions on how to import from a text file, click here.
To learn more about manually entering your logins and passwords into your vault by creating new records, click here.
KeeperFill is a browser extension that autofills your logins and password into websites and apps. Click here to visit the Keeper website and download KeeperFill for your browser.
Browser-specific setup instructions and more information for KeeperFill:
To make the most of Keeper's Browser Extension, we recommend that you disable your browser's built-in password saving features. Keeper provides a much more secure and seamless solution to save and autofill your passwords across all browsers, devices and computers. For browser-specific instructions click here.
Choose a Record Type from the dropdown menu ("Login" is the default type)
Name Your Record
Enter Your Email or Username
Enter Your Password or Tap the Dice to Generate One (more on that here)
Enter the Website Address
Enter Notes and Custom Fields
Tap the checkmark icon to Finish
You can also create a new record while logging into a site with KeeperFill, more on that here.
Enter the name of the folder and tap Save
.
Learn more about record and folder sharing here.
There are various ways users can easily manage the organization of individual or multiple records at once, create shortcuts and delete records.
Create a shortcut, move or delete individual records and folders by generating the record/folder menu.
Shortcuts = like alias files, can exist in two or more places and when edited, change together.
Tap the more button next to the record or folder and select the action you would like to perform from the menu. Follow the on-screen prompts to finish.
You can also accomplish these actions from the record/folder detail view.
Create a shortcut, move or delete multiple records and folders at once by long pressing on each record and/or folder. Select the action you would like to perform by tapping on one of the listed icons and follow the on-screen prompts to finish.
On Android Oreo (8.0) and newer, our KeeperFill feature seamlessly autofills your logins and passwords into apps and web browsers. Use KeeperFill to quickly create and autofill passwords into web browsers such as Chrome and Firefox as well as all other 3rd Party Applications.
Before you can use the KeeperFill feature on your device, you will need to perform a few quick setup steps.
In Keeper, tap the menu icon, then tap Settings
.
Toggle KeeperFill on.
You will then be prompted to enable various settings on your device, including:
Selecting Keeper in the Autofill service
Enabling KeeperFill in the Installed services
Enabling KeeperFill in the Available virtual keyboard section
Enabling Keeper to Display over other apps
To make the most out of the Keeper Mobile App and ensure that your device's built-in password saving feature doesn't interfere with KeeperFill's autofill capabilities, we recommend that you only allow filling from Keeper.
KeeperFill presents somewhat differently depending on what Android version your device is running. Reference the instructions below that are specific to the Android version you are currently using.
On Android Oreo (8.0) and newer, our KeeperFill feature seamlessly autofills your logins and passwords into apps and web browsers.
From the app or website login screen, tap Sign in to Keeper
and enter your Keeper Master Password.
If Keeper identifies a record match, the site's login credentials will appear in the KeeperFill dropdown. Fill them by tapping YES
to confirm the autofill action.
Once you've signed into your Keeper account, you will not be prompted to log in again to utilize KeeperFill until your session times out.
The legacy version of KeeperFill is available for Android Nougat (7.0) and below, as a custom, virtual keyboard.
Google Chrome Browser on Android 8.0 also utilizes the legacy version of KeeperFill.
Tap the login field of the app or site, then tap the Keeper icon that will appear on the right side of you screen to activate the KeeperFill keyboard.
Tap Login
to sign-in to Keeper using your Master Password then enable the KeeperFill keyboard (if prompted).
If Keeper identifies a record match, your login credentials will appear in the KeeperFill keyboard. Tap the fill button then tap Yes
to confirm the autofill action and fill your credentials.
To learn about launching websites using Keeper's In-App Browser, click here.
KeeperFill presents somewhat differently depending on what Android version your device is running. Reference the instructions below that are specific to the Android version you are currently using.
If Keeper is unable to find a matching record when logging into an app or site, you will have the opportunity to create one by tapping the "+" then Create New Record
.
If Keeper is unable to find a matching record when logging into an app or site, you will have the opportunity to create one by tapping Yes
when prompted.
KeeperFill must first be enabled on your device in order for Keeper to prompt for new record creation.
Keeper integrates seamlessly with all Two-Factor Authentication (2FA) methods including TOTP, SMS, Touch/Face ID, and U2F security keys. Use Keeper to store your sites' Two-Factor Authentication codes and KeeperFill will autofill them at your next login where 2FA is required (Android 8.0 and newer).
Many other familiar Keeper features can be accessed in the record detail view such as, creating favorites, viewing record history, and deleting records.
Select Two-Factor Code then tap Allow
when asked if Keeper can access your device's camera.
Using your device's camera function, hover over the site's QR code. The Two-Factor Code will automatically be generated in the record. Tap the checkmark icon to finish.
Tap the Two-Factor Code field to copy it to the clipboard and paste it into apps and sites as needed.
The following actions can be accessed by the record detail screen:
Add to Favorites (tap the star icon)
Add to Watch Favorites
Create Shortcut
Move To
Delete
Record History
From your vault, tap on a record to view it in detail then tap the more icon.
Tap on an action item from the generated menu and follow the on-screen prompts.
Securely create, share and manage records with family, friends and colleagues.
Tap Share with User
enter their email address and toggle on/off permission types, then tap the checkmark icon to finish.
TapAdd People
to pre-populate a list of your contacts (you must allow Keeper to access the contacts on your device).
From the record detail view, you can also add the record to a new or existing shared folder.
Enter the name of the the shared folder. Tap the Records
tab to add records and folders. Tap the Users
tab to search for or add users by their their email address. Tap the back button when finished.
Tap the "Can Manage Users" and "Can Manage Records" icons to set each user's permission types.
To set the default folder permission, tap the more button and Folder Settings
, then tap the checkmark icon to finish.
Default Folder Permission = permission that are applied to new users and records as they are added to the folder. Note: Any change in the default settings will not apply to previously added records.
Tap the menu button and Settings
then toggle Biometric Login on.
Watch the video below to learn more about biometric login support on Android.
Setup Guide for Keeper's Passkey feature on Android phones and tablets.
This is the Setup Guide for Keeper's Passkey feature on Android phones and tablets. You can download the Keeper App for Android from the Google Play Store or from the Keeper Download page. Use KeeperFill to quickly create and login with passkeys to websites and other native apps that support passkeys. To learn more about passkeys in Keeper, click here.
Passkeys are available on Android devices running Android 14+ and work on websites and applications that have been specifically built to support them. Keeper maintains a passkey directory, which can be found HERE.
Android devices do not have passkeys enabled by default. To enable passkeys on your device follow these steps:
Open Chrome or Chromium based browser on your Android device.
Enter chrome://flags into the address bar.
In the flags page that opens, tap the search box and search for "M124".
Under "Temporarily unexpire M124 flags" select Enabled from the dropdown menu, then click the Relaunch button that appears at the bottom of the browser.
Next, enter "Passkeys" in the search bar.
Under "Android Credential Management for passkeys" select Enabled for Google Password Manager and 3rd Party Passkeys from the dropdown menu, then click the Relaunch button that appears at the bottom of the browser.
Passkeys allow users to securely sign into websites or apps that have been built to support them. By leveraging KeeperFill, users can conveniently authenticate without passwords, enhancing security and usability. Requires Android 14+.
Passkeys work on websites and applications that have been specifically built to support them. Keeper maintains a passkey directory, which can be found HERE.
Upon tapping Create Passkey on a site or app, Keeper will intercept the request to create and save a passkey to your vault.
Returning to sites or apps where you have a stored passkey you will either be prompted to sign in with passkey or will be able to select Sign in with Passkey. Keeper does the rest!
This guide provides an overview of the main features of KeeperFill for Apps, a convenient tool used to enhance your experience using the Keeper Desktop App on Mac and Windows OS.
KeeperFill for Apps is a useful tool built into the Keeper Desktop application for Mac and PC that lives in the system tray/menu bar of your computer and gives you quick and easy access to your vault using a simple hotkey.
Fast access to your vault
Hotkey filling into native applications and browsers
Custom keystroke filling with multiple steps, like a "macro"
Works with RDP sessions and other remote desktop products
Automatic record selection based on application title
Advanced record matching using OCR (optical character recognition)
Works with "green screen" terminal emulators such as the Rumba AS400 and others
You can search for records and access any information in your vault with a few clicks, using hotkeys to fill the login, password and other keystroke sequences into applications.
Upon downloading the latest version of Keeper Desktop App, you will have full use of KeeperFill for Apps, available on both MacOS and Windows devices. Logging into the Keeper Desktop App will simultaneously log you into KeeperFill for Apps (and vice versa). The Keeper Desktop App can be closed but will remain running and can be accessed through your computer's menu bar (MacOS) or system tray (Windows) via the familiar Keeper icon.
You can launch KeeperFill for Apps at any time by either clicking on the Keeper icon in your menu bar/system tray or by using the hotkey: Ctrl/Cmd + Shift + K.
While viewing a record in Keeper Desktop App, click the launch icon.
The Keeper Desktop App window will close, but remain running and the record will open in KeeperFill for Apps.
You can either log into your device's apps by launching the record in KeeperFill for Apps from the Keeper Desktop App (see previous section) or you can login directly from KeeperFill for Apps.
Click on the Keeper icon in your device's menu bar/system tray to open KeeperFill for Apps (login with your master password if prompted).
Either search for the record in the provided search bar or locate it in All Records or Favorites then click on the record to open it.
Open the application you would like to login to, clicking once in the username field. In KeeperFill for Apps, hover over the login and click Fill Value to fill your username into the application.
Fill Username Hotkey: Ctrl/Cmd + Shift + U
Next, click once in the password field of the open application. In KeeperFill for Apps, hover over the Password and click Fill Password.
Fill Password Hotkey: Ctrl/Cmd + Shift + P
If a record contains a two-factor code, you can use a hotkey to fill the value.
Fill Two-Factor Code Hotkey: Ctrl/Cmd + Shift + T
KeeperFill for Apps will fill the last focused area (e.g. login field, password field, etc.) so be sure to click on each individual field of the application as you fill your credentials.
Quickly launch a record's website in your device's default web browser by hovering over a record and clicking Launch.
You can also launch a record website while viewing it in detail view and clicking the launch icon.
Hotkeys are alternative keyboard shortcuts that further streamline your experience using Keeper, reducing the number of mouse clicks it takes to complete an action.
View and customize KeeperFill for Apps hotkey actions by clicking Settings > KeeperFill Hotkeys.
Click the pencil icon to customize the following actions:
Launch KeeperFill
Fill Username
Fill Password
Fill Two-Factor Code
Open Desktop App
Logout
To ensure that KeeperFill for Apps does not interfere with your device's existing hotkey actions (e.g. screenshot feature), restore KeeperFill for Apps to its default settings by clicking Settings > Restore Default Settings.
Quickly return to the Keeper Desktop App from the main menu by clicking Desktop App.
You can also return to the Desktop App while viewing a record by clicking the return icon.
Open Desktop App Hotkey: Ctrl/Cmd + Shift + D
In order for KeeperFill for Apps "fill" feature to function normally, Keeper Password Manager must be enabled in your computer's privacy settings.
From your computer's System Preferences, click Security & Privacy.
Click Accessibility > Privacy then check the box next to Keeper Password Manager.
Please note, the "Screen Recording" permission is also required for performing Native App Autofill keystroke filling with OCR (Optical character recognition) in version 16.4+ of Keeper Desktop.
KeeperFill for Apps is a great solution for filling passwords and other content over a remote session, such as when using Microsoft Remote Desktop. Below is an example of using KeeperFill for Apps over RDP with a remote website login on Amazon AWS.
KeeperFill for Apps is compatible with most remote session tools. You may need to adjust the keyboard mode to "Unicode" in order to ensure that the characters are relayed properly.
Keeper can automatically fill fields in any native application using a set of custom keystrokes.
With the release of Keeper's "Record Types" feature, a new field type is introduced which is called "Native App Filler".
The Native App Filler function includes a Title match and a Record match field.
The Title match looks at the application title or program name.
The Record match looks at the contents of the screen using OCR scanning and will select a matching record only when the Title matches. This is useful for legacy terminal connection tools such as TN3270 client emulators.
The "Auto-Type Keystrokes" field allows you to initiate a specific keystroke sequence utilizing portions of the record and any other keyboard actions.
In the simple example below, the "Zoom" app name is matched and the username + <Tab> + password is typed when the user hits the hotkey "ctrl+shift+M".
When you launch an application that matches the Application Title or Program Name field, the KeeperFill for Apps system tray icon will change from the Keeper logo to a lock icon. At that point, hitting the assigned hotkey will initiate the Auto-Type keystroke filling sequence.
By default, the Native App Filler hotkey is set to Ctrl/Cmd + Shift + M. To change the hotkey, simply to go Settings > KeeperFill Hotkeys.
The Auto-Type Keystrokes can contain many different keystroke elements. The supported keystrokes are as follows:
An additional feature of Native App Filler is the ability to use the same Keeper record to fill credentials for multiple applications. For example, for Microsoft Office, you likely have a set of Microsoft Credentials that you use to log in to multiple applications in the Office suite. Simply list your applications separated with commas in the Application Title or Program Name field of the Native App Filler section of the record.
In this example, we can automatically fill credentials for Teams and Excel by listing "Microsoft Teams,Excel" in the Application Title or Program Name field.
Helpful tips and tricks for troubleshooting KeeperFill for Apps issues.
If hotkey filling is not working, most likely you need to re-activate your Mac OS accessibility settings. Please follow the instructions below:
Open the Terminal app, found in Applications > Utilities.
Copy the following and press Return: sudo tccutil reset Accessibility
When prompted, enter your administrator password to approve the command.
Immediately restart your Mac from > Restart.
The next time you open Keeper and attempt to Autofill, you'll get prompted to allow Keeper to have the permissions.
Open the > System Preferences > Security & Privacy > Accessibility.
Ensure that Keeper is listed and selected on the Accessibility screen within the list of applications. If not, click the "+" button and add the Keeper application.
Now select the "Screen recording" section the left and ensure that Keeper is listed. If not, click the "+" button and add the Keeper application.
A comprehensive guide for Keeper for Apple iOS (iPhone, iPad) devices.
With Keeper, your passwords, logins and other personal information are saved in a private, digital vault. It is here where you can view and edit all of your website login credentials and details, as well as store important files and photos.
Signing up for Keeper's iOS mobile app is easy. Simply visit the App Store on your device and install Keeper Password Manager. Watch the video below to learn more about account creation and login.
To create your Keeper account, first enter your email address then you will be asked to create and confirm a Master Password which will be the only password you have to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!
To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.
Enterprise users who log in with SSO do not require selection of a Master Password.
If you are an existing user, tap Login and enter your email address. If you are attempting to log in on an unrecognized device, a device approval must take place before you can proceed to your Keeper Vault. Users have three methods of approval to choose from:
Email Verification
Keeper Push
Two-Factor Method
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device.
If you select Send Keeper Push, a notification (push) will appear in your Keeper vault at an approved device or browser.
On the device, login and tap Yes to approve the new device. You must be actively logged into a an approved device to receive the notification.
Once your device has been approved, you will be prompted for 2FA (if enabled), then enter your Master Password to proceed to your vault.
If you are an Enterprise customer using SSO Login, you can enter your email address and tap Next to login through SSO. Alternatively, you can tap Use Enterprise SSO Login and enter the enterprise domain provided by your Keeper administrator and tap Connect.
Next, you will be directed to the Safari browser for web-based SSO Enterprise authentication. After you have successfully entered your SSO credentials and two-factor authentication code (if enabled), you will be returned to Keeper to complete the login. You may be required to approve your device using Keeper Push or administrator approval after the SSO login process has been completed.
For more information about Enterprise SSO login, click here.
Importing passwords is not available on the iOS app. Please use the Keeper Web Vault on a desktop computer to import your passwords.
When you first log in to your vault, Keeper will prompt you to import passwords from your computer and/or web browsers. If you're not near a desktop computer, you can perform the import at a later time using the Keeper Web Vault.
Tap I'm at my computer.
Keeper will ask you to navigate to keepersecurity.com/setup on your desktop computer to begin the process of importing your passwords.
For detailed instructions on importing passwords from web browsers and other password managers to your Keeper Web Vault, click here.
Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital vault (as "Records") and are encrypted on your device using 256-bit AES.
Tap + and Create New Record.
Choose a Record Type from the dropdown menu ("Login" is the default type)
Enter a Title for the record
Enter the Email or Username
Enter the Password or tap the dice icon to generate one (more on that here)
Enter the Website Address (if one wasn't already entered for you)
Enter Notes, add Files & Photos, a Two-Factor Code and Custom Fields
Tap Save to finish
Depending on the Record Type you selected, the default record fields will vary.
With Keeper you can organize your records into folders and subfolders. To create a folder, tap + and Create New Folder, then enter a name for the folder. To add records to the folder, Tap + and Add Existing Record or you can tap Create New Record to add a new record to the folder.
To create subfolder, within the new folder, tap + and Create New Folder.
Once created, a regular folder cannot be converted to a shared folder. To learn how to create a shared folder, click here.
Keeper makes it easy to move records around within your vault. Individual or multiple records and folders can be moved and shortcuts can be created. Shortcuts, like alias files, can exist in two or more places and when edited, change together.
To begin, tap the pencil icon and select the folder(s) and/or record(s) and then select an option listed below.
Create a Shortcut
Move to a New Folder
Move to an Existing Folder
Change the record(s) "type"
Delete
Adding a record to your vault Favorites is an easy way to locate your most frequently visited sites. To add a record to your Favorites, tap More > Add to Favorites.
Securely create, share and manage records and folders with other Keeper users such as friends, family, friends and colleagues.
Open the record you would like to share and tap Share > Share with User. Enter the user's email address, then use the toggle switches to select permissions (Can Edit, Can Share, Make Owner) then tap Save.
If this is the first time you are sharing with this person, you will first need to establish a "sharing relationship". The user will receive an email prompting them to login to Keeper and either accept or deny the share request. Once you establish a sharing relationship, the user will appear in the email dropdown list.
Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone even if they don't have a Keeper account. To learn more about One-Time Share, click here.
Shared folders allow you to share multiple records at once and new records can be added to the folder as needed.
Tap + and Create Shared Folder.
Enter a name for the folder and tap Save.
The new folder will now appear in your records list. To share the folder with other users, select the folder, then tap the three dots to the right of the folder name to open a menu of options.
Select Manage Users & Records and enter the email addresses of the user(s) you would like to share the folder with.
You can assign permissions for each user by tapping on their email address under the "Users" tab.
To add records to the folder, switch to the "Records" tab.
Select the record(s) you would like to add to the shared folder. Once a record has been added, select it from the list to assign permissions (Can Edit, Can Share). Tap Save to finish.
Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely.
Payment cards can also be stored in your vault as records using the "Payment Card" record type which allows them to be shared with other users. See our Record Types Guide for more information.
Long, random passwords that are created for each login help protect your information and reduce your exposure to data breaches. Keeper generates and securely stores strong, random passwords for all of your sites and apps by tapping the dice icon.
This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password. Click here to learn how to easily change your password with KeeperFill.
To generate a enlarged view of a record's password, tap the eye icon then long press on your password. Any numbers and symbols can be easily identified by blue and red color-coding.
When you open a file from your email for example, you seamlessly launch into the Keeper App to create a new record or add the file to an existing record.
Upon opening the file, tap the share icon. From the share dialogue, select Keeper in the list of apps.
Once Keeper opens, select either Add to New Record or Add to Existing Record. If you are creating a new record, the record type will automatically default to a "File Attachment" (Tap the dropdown icon to change the record type). Enter the record details and tap Save.
Keeper's Scan a Document feature uses optical recognitiion (OCR) to scan a picture, document, card or credentials written on paper then transcribes them in plain text with your record's "Notes" field. This makes it easier to use the text, remember notes and save time.
While viewing a record in edit mode, tap Scan a Document to open the camera function of your device. Once the document has been scanned, tap Save. You will have the option to either add the scanned document to the record as a file attachment or save it in plain text to the "Notes" field.
Security Audit gives your passwords an overall security score and lets you clearly see what passwords are weak from a password strength visual indicator (red being the weakest, green being the strongest).
If a record is indicated as having a high risk password, Keeper recommends changing the password at the affected site immediately and updating the corresponding record in your Keeper Vault.
Users also have the ability to conveniently restore previous versions of a record. While viewing a record, tap More > Record History.
To restore a record back to a previous state, tap on the version you would like to restore. Review the record information by tapping the "Record Information" dropdown then tap Restore.
A few notes on Record History:
Restoring a record does not place it back into the original folder structure.
Record History is only available as part of the paid consumer and business plans.
Deleted records can be reviewed and restored by visiting "Deleted Items" in the left navigation menu.
Keeper is fully integrated into the login experience of every website and app. Once enabled through your device's Settings app, KeeperFill will help you sign into apps and website with just a few taps.
Before you can utilize KeeperFill's autofill features, you will first need to perform a few simple setup steps:
Open your device's Settings app.
Scroll down and select Passwords.
Tap Password Options and ensure "AutoFill Passwords" is toggled on.
Select Keeper below both "Allow filling from" and "Set up Verification Codes using"
Follow the prompt and uncheck all other password managers (including keychain).
To learn how to set up 2FA for websites and apps, click here.
Autofill & Two-Factor Codes
Once the above setup steps complete, you will see a Passwords button appear above the keyboard when logging into an app or website. By default, tapping Passwords, will prompt you to log in to Keeper and automatically launch KeeperFill. Please note, for security purposes, you must authenticate to Keeper each time you autofill a record on your mobile device.
If you subscribe to iCloud+, you may need to tap the key icon to the right of "Hide My Email" to open KeeperFill.
KeeperFill will present a matching record from your vault. Alternatively, you can search for a record or create a new record. If there is a record match, tap Fill to autofill your login credentials.
As of iOS version 16.2, Keeper is also able to store your two-factor authentication (2FA) codes automatically by serving as your time-based one-time password (TOTP) generator.
Two-factor codes will be automatically copied to your clipboard when possible. To copy it manually, tap the copy icon next to the code and when prompted paste the code into the field provided.
With the release of iOS 18, you can autofill your login credentials faster than ever! Simply long-tap on any field in an app or website and Keeper will seamlessly fill any record information, such as usernames, passwords and even TOTP codes.
To utilize these autofill enhancements, you must first update your device to iOS 18.
Once the above setup steps are complete, you can autofill your credentials at the login page in an app or site, long-tap on any field to generate a menu and select Autofill > Passwords and authenticate to Keeper.
Once Keeper opens, select a matching record or search for one in your vault. Next, tap on the field you'd like to autofill (e.g. username, password, two-factor code, payment card). Whatever information you select will also be conveniently copied to your device's clipboard.
After logging in with your username and/or password, if a two-factor code is required, Keeper will automatically fill the code within the same workflow, reducing friction during the login process.
Alternatively, when Keeper detects a TOTP field at a login page, select Keeper from the verification code menu that appears and authenticate to Keeper.
Next, select a code to fill from the list of matching records to autofill it.
Please note, this feature is dependent on the iOS autofill framework and structure of the target website or application.
Passkeys on iOS devices, a highly anticipated feature for enhanced security and convenience, is now available on Apple devices running iOS 17+. This update marks a significant enhancement in our mobile applications capabilities, offering users an even more secure and streamlined experience. To learn more about Passkeys with Keeper, click HERE.
Passkeys work on websites and applications that have been specifically built to support them. Keeper maintains a passkey directory, which can be found HERE.
Creating a passkey for a website or app is a simple process on your iOS device.
Tapping Create Passkey on a site or app will trigger Keeper to intercept the request. Keeper then prompts you to create a passkey for your associated login and saves it to your vault.
Returning to sites or apps where you have a stored passkey you will either be prompted to sign in with passkey or will be able to select Sign in with Passkey. Keeper does the rest!
Passkey functionality is not enabled by default on iOS devices. To enable Passkeys with Keeper follow the steps below.
Launch the Settings app on your iOS device and select Passwords.
Next, choose Password Options.
Toggle ON AutoFill Passwords and Passkeys.
Then tap Keeper so a blue tick appears. If you have used Autofill before, iCloud Passwords & Keychain may have a blue tick as well. For optimal accuracy when using Keeper for Passkeys, make sure to tap iCloud Passwords & Keychain to remove it as an option.
Keeper offers Secure File Storage to protect your confidential files, photos and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper Vault.
You can either add an attachment to any existing record or create a new record using the "File Attachment" record type. Tap Add Files or Photos to upload your file.
To learn more about Secure File Storage, click here.
BreachWatch is a powerful, secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.
To start your BreachWatch scan, tap BreachWatch in the lower menu of your screen tap then Let's Begin > Scan.
BreachWatch will then scan your records and report any risks associated with them. Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper vault with the same password.
If you tap Ignore, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.
To learn more about BreachWatch, click here.
The Settings screen allows you to customize the personalization and security features of the application.
Please note that some security settings may be enforced by your Keeper Administrator if you are part of a Keeper Business account.
Appearance (Theme)
Login Options (Two-Factor Authentication, Biometric Login)
Keyboard Widget
Clipboard Expiration
KeeperFill
Auto-Logout
Default Browser
Security (Enable Self-Destruct, Hide Passwords)
Sort Record Types (Edit Order,
Change Email
Account Recovery
Reset Master Password
Fast Login Mode
Image Quality
If you forget your Master Password, this feature will help you quickly regain access.
Set up Account Recovery:
Tap Account Recovery from the Settings menu.
Confirm your Master Password and tap Generate New Phrase.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.
Check the confirmation box to confirm that you've stored your Recovery Phrase.
Tap Set Recovery Phrase.
To change your Master Password:
Tap Reset Master Password.
Enter your current master password.
If you have Touch ID or Face ID enabled, you won't be required to enter your current master password.
Create and confirm a new master password.
If you are unable to login with your current master password, and you've set a recovery phrase, go to Forgotten Master Password & Account Recovery to recover your account.
Two-Factor authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in.
Enabling two-factor authentication is especially advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts).
Keeper offers two ways to take advantage of 2FA:
To log into your Keeper Vault.
To log into any site or application from your Keeper Vault by embedding a TOTP (time-based one-time password) into your records.
To enable 2FA for your Keeper Vault, tap Settings > Two-Factor Authentication then select your method from the list of options.
(1) Select a Region (US+1 by default), enter your 10 digit phone number including your area code and tap Save.
(2) Select how long you want the two-factor method to be valid for.
You will be prompted for 2FA every time you login to your vault unless you select an alternative duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(3) Enter the code that was sent to the phone number you provided. Codes will only last for a minute; if you need another code sent, tap Send a new code.
(4) Backup codes will be shown next. If you are unable to receive two-factor codes via the phone number you entered, you can enter one of the backup codes listed instead. Save these codes somewhere safe, and then tap OK to finish.
If you are not receiving SMS messages from Keeper, please use the TOTP method.
(1) Once you select "Authenticator App" tap Save.
(2) Select how long you want the code to be valid and tap Back.
You will be prompted for 2FA every time you login to your vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(3) You will be asked to scan the QR Code or enter your secret key in your authenticator or TOTP app. Copy the code displayed in Keeper. Open Google or Microsoft Authenticator (or whichever app you use for 2FA) and add a TOTP record, pasting in the copied Secret Key.
(4) Return to Keeper and copy or enter the TOTP code provided.
(5) Backup codes will be shown next. If you are ever unable to receive Two-Factor codes, you can enter one of the codes listed instead. Tap OK to finish.
In order for Azure MFA (using the Microsoft Authenticator app) to be utilized as a TOTP, the Azure Administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure.
Apple Watch devices can be used for Two-Factor Authentication. Make sure your device is paired with your phone and that the Apple Watch device has downloaded the corresponding KeeperDNA app.
In Keeper, navigate to Settings > Two-Factor Authentication > Smartwatch (KeeperDNA) then follow the prompts to verify your identity.
If you don't get a notification, you may not have notifications enabled for Keeper. To turn on notifications, on your phone navigate to Settings > Notifications > Keeper and toggle "Allow Notifications" on.
The Keeper DNA app on your Apple Watch can also generate Two-Factor Authentication codes that can be used for logging in.
Keeper can fill 2FA codes on any website or application that supports TOTP. Some apps will allow an automatic import of the setup code into Keeper or you can simply copy and paste a secret key to generate the code, while some will provide a QR code to scan (requires a second device). Continue reading to review these three setup methods in more detail.
Automatically Import a Setup Code
For apps that allow an automatic import of the setup code into Keeper, follow the app or website setup steps prompting you to link a compatible authentication app to the account.
Be sure to first set Keeper as your default password manager in your device's Settings. Learn how here.
(1) Keeper will automatically open and you can login as normal.
(2) Select whether to add the two-factor code to a new or existing record (if you choose existing record, select if from your records list or locate it using the search bar).
(3) You will see the code has been added to the record. Tap Save and return to the record to copy the code to your clipboard.
(4) Return to the app or site to paste the code to complete the setup.
(1) For apps that provide a setup key to paste into Keeper, begin by copying the key to your device’s clipboard.
(2) Switch to the Keeper app and login as normal. Open the corresponding record and tap Edit > Add Two-Factor Code.
(3) Select Enter Setup Key and paste the key into the field provided and tap OK.
(4) You will see the code has been added to the record. Tap Save and then tap the code to copy it to your clipboard.
(5) Return to the app or site to paste the code to complete the setup.
Watch the video below to learn more about two-factor authentication setup using automatic import of a code or a secret key.
(1) Open the Keeper record on your mobile device and tap Edit > Add Two-Factor Code > Scan QR Code (this will open your device's camera).
(2) On a secondary device (e.g. tablet, computer), navigate to the corresponding record's 2FA set up screen to retrieve the site's QR code.
(3) Scan the QR code with your mobile device. You will see the code has been added to the record.
(4) Tap Save and then tap the code to copy it to your clipboard.
(5) Return to the site to paste the code to complete the setup.
For more information about Keeper's two-factor code feature, click here.
Keeper is integrated with Siri Shortcuts and supports the following voice command variations:
Begin each phrase with "Hey Siri..."
Make a Keeper Record
Make a Keeper record
Make a Keeper password
Keeper record
New Keeper record
Make a record in Keeper
Create a Keeper record
Create a Keeper password
Create a record in Keeper
Add Keeper record
Add a Keeper password
Add a record in Keeper
Display Keeper Verification Codes
Display Keeper verification codes
Show me Keeper verification codes
Show me my Keeper verification codes
Display Keeper authentication codes
Launch Keeper verification codes
Launch Keeper authentication codes
Open Keeper verification codes
Open Keeper TOTP codes
Open Keeper TOTP
Launch Keeper TOTP codes
Launch Keeper TOTP
Display Keeper TOTP codes
Display Keeper TOTP
Show me my Keeper TOTP codes
Show me my Keeper TOTP
Display Keeper Shared Records
Display Keeper shared records
Display my Keeper shared records
Launch Keeper shared records
Launch my Keeper shared records
Show me my Keeper shared records
Open Keeper shared records
Open my Keeper shared records
You must be logged into Keeper to use the shortcuts (otherwise Siri will prompt you to login). Currently, Siri Shortcuts are only available in English.
To view the shortcuts currently available for Keeper, from the Account screen tap shortcuts.
Both Touch and Face ID must be set up in your device's settings before they can be used to login into Keeper. Once that is complete, from Keeper's Settings screen, toggle "Biometric Login" on.
You can now log into Keeper with your fingerprint using Touch ID or with face recognition using Face ID. Tap on the Touch ID or Face ID symbol to initiate biometric login.
Biometric login such as Touch and Face ID on iOS are a time saving & convenience feature and are not a replacement for two-factor authentication.
Upon your first login, Keeper will ask you if you want to use Face ID to login. If you decline this feature, you can re-enable it under your device's Settings > Keeper and toggle Face ID on.
The Keeper widget provides an account security overview that is displayed on your device's home screen. To add Keeper's iOS widget to your home screen, follow the steps below:
(1) In Keeper, tap Settings then toggle "Enable Keeper Widget" on.
(2) From your device's home screen, press and hold on any empty area until the apps icons move.
(3) Tap the "+" add icon from the upper left corner of your screen.
(4) Select or search for the Keeper widget.
(5) Choose a size by swiping through the three options and tap Add Widget.
(6) Tap Done.
Keeper provides two-factor authentication (2FA) on iOS with compatible hardware keys such as the YubiKey 5 NFC, YubiKey 5C NFC and YubiKey 5Ci.
Support for NFC devices is available with Keeper iOS version 16.4.0 and newer.
Keeper is committed to enhancing the security and flexibility of your experience. Support for more plug-in style physical keys will come with a future release.
(1) Before you add a security key, a two-factor authentication method must be in place as a backup.
(2) Navigate to Settings > Two-Factor Authentication, tap the field under "Security Keys".
(3) Tap Add New and enter a name for the key.
(4) Select a duration and tap Register.
(5) Choose your security key activation method: NFC or Insert and Touch, depending on the type of key.
(5) Tap the key on the back of your device or touch the sensor on your YubiKey.
(6) Your security key has been registered, tap OK to finish.
A user can register up to 5 security keys. Any one of those keys will unlock the account. To delete a security key, swipe left on the registered key in the "Security Key" page and tap Delete.
The FIDO2 WebAuthn device will be required for login based on the configuration of the first 2FA method. For example:
If the first 2FA method is set to "Prompt Every Login", then the Yubikey will be required on every login, and offline login will be disabled.
If the first 2FA method is set to "Every 30 days", then the Yubikey will be required every 30 days, and offline login will be disabled.
If the first 2FA method is set to "Remember Forever", then the Yubikey will only be required one time on each new device. Offline vault login will be enabled.
Keeper supports the use of multiple vaults on the same device allowing you to switch between a personal account and business account, for example.
Users can switch between accounts or add an account from the login screen. While logged out, tap the email field then select an account email address or tap Add Account to register a new account. Any accounts added will be stored in the drop down menu at the Vault Login screen for future use.
The multi-account switching feature is only available as part of the paid Personal and Business Plans.
When 2FA is activated on an account, it protects the user on all devices and all platforms because 2FA is protecting access to the backend cloud system.
By definition, two-factor authentication protects access to the cloud and access to online accounts. Therefore, it requires an online connection to be prompted for 2FA. 2FA is triggered when a request is made from the client device to the server. Logging into a new device, syncing new information on an existing device or performing any other cloud-based features.
By default, the native Keeper app for iOS, Android, Mac and Windows allow users to login quickly with their master password (offline mode) to access their vault. After entering their master password or using Biometric Login, the user decrypts the data locally, then the app sends a sync request to the server at which time the user may be prompted for their 2FA code. Depending on the speed of the Internet connection, the 2FA prompt may be received a couple seconds after logging into the native application because the local decryption of data occurs much faster.
Offline authentication and vault access is permitted by all consumer customers. Enterprise customers may restrict the use of offline access for their employees.
When activating 2FA on your iOS device for the first time, the user selects how often they want to be prompted. Users can be prompted for 2FA every login, once every 30 days or only one time per device. It's important to understand that 2FA is always enabled on the Keeper servers. After a successful login on a device, a "token" is generated from the 2FA code and stored locally on the device as long as it's deemed valid by the server. This is why you are still able to login to the same device over and over without being re-prompted. By default, consumer customers will be prompted only one time per device. Enterprise customers may enforce users to be prompted every time for a new code.
Currently, the 2FA token retention timing on iOS will default to "only one time" on a device if the 2FA was initially set up on the Web Vault or Desktop App. To change this behavior, turn 2FA off and then re-activate 2FA on the iOS device.
To import and export data from your Keeper Vault, visit the Keeper Web Vault or download Keeper Desktop for your computer.
Keeper Web Vault: https://keepersecurity.com/vault
Keeper's Downloads Page: https://keepersecurity.com/download
Uninstalling Keeper will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
On your device, long press on the Keeper App icon.
Tap Remove App > Delete App > Delete. (For older iOS systems, long press on the Keeper App icon until all the apps start to shake. Tap the "X" that appears in the upper left corner of the Keeper App icon. To confirm, tap Delete).
Resetting Keeper will erase all records from all Keeper accounts stored locally on your device. Data stored on Keeper's Cloud Security Vault is NOT erased.
Open your device's Settings app and select Keeper.
Toggle "Reset Keeper" on.
Customer Support Form: https://keepersecurity.com/support.html
Business Customers: business.support@keepersecurity.com
System Status: https://statuspage.keeper.io
Setup guide for Keeper's autofill & passkey features, KeeperFill for Apple iOS (iPhone, iPad) devices.
Keeper is fully integrated into the login experience of every website and app using the Passwords button that appears above your device's keyboard.
Autofill supports the following features:
Passwords
Two-Factor (TOTP) codes
Passkeys
Before you can utilize these autofill features, you will first need to perform a few simple setup steps:
Open your device's Settings app.
Scroll down and select Passwords.
Tap Password Options and ensure "AutoFill Passwords" is toggled on.
Select Keeper below both "Allow filling from" and "Set up Verification Codes using"
Follow the prompt and uncheck all other password managers (including keychain).
Once the setup steps are complete, you will see a Passwords button appear above the keyboard when logging into an app or website. Tapping Passwords will launch KeeperFill.
If you subscribe to iCloud+, you may need to tap the key icon to the right of "Hide My Email" to open KeeperFill.
KeeperFill will present a matching record from your vault. Alternatively, you can search for a record or create a new record. If there is a record match, tap Fill to autofill your login credentials.
Two-factor codes will be automatically copied to your clipboard when possible. To copy a code manually, tap the copy icon next to the code and when prompted paste the code into the field provided.
Passkey Setup follows the same steps as turning on autofill however, the settings page on your device running iOS17+ will have updated verbiage to reflect the latest options.
Launch the Settings app on your iOS device and select Passwords.
Next, choose Password Options.
Toggle ON AutoFill Passwords and Passkeys.
Then tap Keeper so a blue tick appears. If you have used Autofill before, iCloud Passwords & Keychain may have a blue tick as well. For optimal accuracy when using Keeper for Passkeys, make sure to tap iCloud Passwords & Keychain to remove it as an option.
Once the setup steps are complete, websites or applications that support passkeys will either prompt you to create a passkey or will provide a setting in your account section to setup a passkey login.
Creating a passkey for a website or app is a simple process on your iOS device.
Tapping Create Passkey on a site or app will trigger Keeper to intercept the request. Keeper then prompts you to create a passkey for your associated login and saves it to your vault.
Returning to sites or apps where you have a stored passkey you will either be prompted to sign in with passkey or will be able to select Sign in with Passkey. Keeper does the rest!
A comprehensive guide for the Keeper Web Vault and cross-platform, Keeper Desktop Application.
Keeper is simple to install, easy to use and you’ll be up and running in just minutes.
With Keeper, your passwords, logins and other personal information are saved in a private, digital vault. It is here where you can view and edit all of your website login credentials and details, as well as store important files and photos.
Watch the video below for an overview of the vault with master password login.
If you've already signed up for Keeper on your mobile devices, you can simply login to the Web Vault or Desktop App (links below) with your email address, Master Password and Two-Factor Authentication (if enabled on your account).
Login to the Keeper Web Vault:
Download the Keeper Desktop App:
Upon logging in, you may encounter a "Device Approval" request. If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper Vault. Users have three methods of approval to choose from: Email, Keeper Push or Two-Factor Method.
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device.
If you select Keeper Push, a notification (push) will be appear in your Keeper Vault on an approved device or browser.
Select Yes to approve the new device.
You must be actively logged into a different, recognized/approved device to receive the notification.
Once your device has been approved, you will be prompted for 2FA (if enabled), then you can enter your Master Password to proceed to your vault.
To create your Keeper account, first enter your email address then you will be asked to create and confirm a Master Password which will be the only password you have to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!
To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.
Enterprise users who login with SSO do not require the selection of a Master Password.
Watch the video below to learn how to create your account.
Users who login with an existing identity provider have various login choices. Users can either enter their email address at the login screen or click Enterprise SSO Login and select their login method from the dropdown menu as determined by their Keeper administrator (Enterprise Domain Login or Master Password Login).
Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital Vault (as "Records") and are encrypted on your device using 256-bit AES.
Click + Create New > Record.
Enter a name for the Record and click Next
Enter the Login (Username or Email)
Enter the Website Address
Click Save to finish
You can either manually enter your existing logins and passwords into your vault or Keeper can import your existing passwords directly from your web browser (e.g. Safari, Chrome, Firefox), another password manager, or from a text file (.csv).
To import passwords from your web browser, you must first install the Keeper Import Tool. To begin the installation, from the Account Dropdown Menu, click Settings > Import > Import. If you came fresh into the Web Vault, you can download the import tool by clicking Install.
If you have started the import process from a mobile app and came to the Web Vault, you will be prompted to import your existing passwords, click Next > Install.
Keeper will then walk you through a few steps to download the Keeper Import Tool:
Copy the code Keeper provides (you will need this when prompted in the Keeper Importer).
If you are using a PC - click Run when prompted.
If you using a Mac - double click the "KeeperImport.zip" file located in your downloads and double click on the "Keeper Import App" to start the import process. You will encounter a few Keychain permission windows that will require you to enter your computer password to allow Keeper to access your web browsers.
Keeper will then ask for the code you received from step one; paste the code and click Import.
Once the installation is complete, Keeper will report websites and their associated logins and passwords directly from your web browser. You can then scroll though the report and uncheck those you do not wish to import. Once you have finished reviewing the report, click Add to Keeper to import the selected password.
Keeper can import logins and passwords from other password managers. From the Account Dropdown Menu, click Settings > Import.
Click on the password manager you want to import from, then click View Import Instructions. Once you have created the export file per the instructions, drag and drop the file into Keeper's "Drop a File Here" window.
Confirm the export file has the correct extension at the end of the file name (e.g. export.csv).
A display window will appear allowing you customize how you want the import information organized. There are six general fields across the top of the scrollable window. Clicking on the titles of each one allows you to change the organization of that column via a dropdown menu.
The content of each column and change the title of each column to accurately represent that information (e.g. If you see a column of URLs and the column title says "Notes", change that column title to "URL").
Keeper can import passwords from the following password managers:
Import instructions can also be found in the "Import Records" section of our user guides.
Keeper can also import logins and passwords from a text file (.csv). To begin, from the Account Dropdown Menu, click Settings > Import. After selecting Text File (.csv) click View Import Instructions and follow the instructions provided. Once you have created the export file per the instructions, drag and drop it into Keeper's "Drop a File Here" window.
File Format
• To specify subfolders, use backslash "\" between folder names
• To make a Shared Folder specify the name or path to it in the 7th field
Example 1: Create a regular folder at the root level with 2 custom fields
Example 2: Create a shared subfolder inside another folder with edit and re-share permission
Download the Keeper Desktop and Mobile Apps to access your Keeper Vault from any platform and use it for native applications across all of your devices.
With Keeper you can organize your records into folders and subfolders. To create a folder, click on + Create New > Folder. Enter the name of the folder and click Create.
To create a subfolder, right-click on an existing/parent folder and select New Folder.
Drag and drop the record(s) you would like to store in a folder or subfolder and click Move or Create shortcut. To move multiple records, hold "shift" and click the items to drag-and-drop.
Record shortcuts = like alias files, can exist in two or more places and when edited, change together.
You can perform a number of actions by right-clicking on a record or folder to generate a contextual options menu.
Right-click on a record or folder and select Delete. Click OK to confirm.
If you are deleting a folder, all records in the folder will also be deleted.
Ctrl/Cmd-click multiple records or folders to select for deletion. Right-click on the selection and select Delete. Click OK to confirm. Shift-click for selecting a list of items is also supported.
If a folder is included in your selection, all records in the selected folder will be deleted.
Record Favorites are used to easily identify your most frequently used records. Right-click on a record and select Add to Favorites.
Securely share records and folders with other Keeper users such as family, friends and colleagues.
If you attempt to share a record or folder with someone who is not an existing Keeper user, they first receive an email inviting them to sign-up for Keeper.
While viewing a record, click Share.
Enter the email(s) of the user(s) you would like to share with, then choose their permission type from the dropdown menu.
Shared folders allow you to share multiple records at once and new records can be added to the folder as needed.
To create a Shared Folder, click Create New > Shared Folder.
Choose where you would like to nest the folder using the dropdown menu and enter a name for the folder. Set the User and Record Permissions and click Create.
Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely.
From Identity & Payments enter a username and click + Phone Number and + Address.
Enter the corresponding personal information and click Save to finish.
To store a payment card, click the Payment Cards tab, enter the card information and click Save to finish.
You can also create a "Payment Card" Record by using the record type dropdown menu during record creation.
Click Create New > Record and select "Payment Card" from the dropdown menu, enter a title and click Next. Enter your payment card info and click Save.
Long, random passwords that are created for each login help protect your information and reduce your exposure to data breaches. Keeper generates and securely stores strong, random passwords for all of your sites and apps by clicking on the dice icon. The default password length for generated passwords is 20 characters. The length slider can be used to generate longer or shorter passwords for specific sites.
Similar to Keeper's password generator, a click of the dice will generate a highly secure, random, yet easy-to-remember passphrase for any of your accounts stored in Keeper. By combining multiple words, passphrases are a more secure alternative to passwords.
Click on the dropdown and select Passphrase.
A strong passphrase includes a mix of uppercase and lowercase letters, numbers and symbols. You can use numbers, symbols or spaces to separate each word of the passphrase.
This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger passphrase.
Custom field labels can be edited and if you are creating multiple custom fields, you can drag and drop them in your preferred order.
While creating or editing a record, click Custom Field.
Select the custom field you would like to add to the record.
Available Custom Fields:
Text
URL (website address) used for Autofill
Security Question & Answer
Multi-line Text
Date
Name
Address (new or linked)
Pin Code (4-digit numeric)
Phone Number
Payment Card (new or linked)
Hidden Field
Enter the field values and click Save to finish.
Keeper autofills the custom fields of login forms as long as both the Website Address and Custom Field Name of the Keeper record match those of the login form.
Within a "general" record type, custom fields can be created in pairs: a "Custom Field Name" and a "Custom Field Value".
Use advanced search filters to quickly narrow down your results and find exactly what you need.
Quick search shows recently viewed items and improves sort results. Click within the "Search" field to narrow down your results based on search terms or to reveal recently viewed items.
Launch allows you to quickly navigate to your favorite websites. Simply click a record's Website Address, Launch button, or launch icon to launch the target site and login with Keeper in a new window.
The Security Audit screen gives the passwords stored in your vault an overall security score based on password strength. You can clearly view information about each record's password strength and reuse from this screen.
You can easily view a record that contains a high-risk password by clicking on it from the provided list. To resolve the risk, you will be directed to change the password at the record's website and then update the corresponding record in your vault.
Keeper provides you with the ability to view and restore previous versions of a record by clicking on the record's information icon and View Record History.
Select the version of the record you want to review/and or restore based on the last modified date and time. Click Restore to revert the record back to the selected version.
Deleted records can be reviewed and restored by visiting the Deleted Items section of your vault (this is available as a paid feature).
Give trusted family and friends access to your Keeper Vault in the event of an emergency or loss of life. You can designate up to five emergency contacts and decide how much time should pass before their access is granted.
Please note, the Emergency Access feature is only available for consumer accounts.
From the Account Dropdown Menu, click Account > Emergency Access
Click Trusted Users and enter the email addresses of up to five contacts (Keeper users). Optionally, select a "Delay Access" duration from the dropdown menu for each user, then click Send.
The amount of time between your request to provide emergency access and access granted can be set up to three months per contact. If a delay is configured, the countdown begins the moment the trusted user attempts to login to your vault.
In order for the recipient to accept the request, you must first establish a "sharing" relationship if one hasn't already been established through Keeper's record/folder sharing features.
If prompted, click Send Invite.
If the recipient is not an existing Keeper user, they will receive an email inviting them to sign up for a Keeper account. Once they sign up and login to their account, they can accept the sharing relationship request.
Once the recipient accepts your sharing request, you will need to invite them to be your emergency contact once more from the “Emergency Access” section of your vault. This step is not necessary if a sharing relationship has previously been established.
You can view and restore previously deleted records from the "Deleted Items" section of your vault by clicking Restore.
Please note, Deleted Items is available as a paid feature.
The “Lost Access” tab contains records that you own, but are no longer accessible (e.g. You delete a record that you own that has also been shared with another user). This feature allows users to individually add these records back to their vault.
Click Add to My Vault to add a record back to your vault.
Recently deleted shared records from within shared folders can be recovered from the tab called "Shared Folder Contents". This tab contains records that were deleted by a user of the shared folder with "Can manage records" permission. Records which appear in this tab are able to be restored from any user who currently has access to the shared folder. This feature was created to make the restore process accessible from any shared folder participant when a record has been removed by any team member.
For security reasons, if a change was made to the record after it was removed from the shared folder, it cannot be restored and the original owner must re-share it.
For extra security on supported sites and apps, click Add Two-Factor Code to store Two-Factor Authentication (2FA) codes for standard TOTP (Time-Based One Time Passwords) in your Keeper records.
Storing two-factor codes in your vault has several advantages:
Keeper two-factor codes are more secure than using SMS text messages.
Two-factor codes stored in Keeper are protected with strong Zero-Knowledge encryption.
Codes can be auto-filled quickly while logging in to a site, saving time and reducing friction.
Keeper records are securely backed up so if you lose a device you don’t have to reset all the codes.
Since Keeper records are shareable, two-factor codes are always available to everyone who has access to the record.
The KeeperFill Browser Extension allows you to autofill your passwords and save new login credentials to your vault. KeeperFill is available for every web browser.
KeeperFill makes it easy to change your passwords. When visiting a site's "Change Password" form, you will receive a prompt from Keeper asking if you would like help changing your password. By clicking Yes, Keeper will walk you through a few quick steps to change your password and simultaneously update the record in your vault. These steps will include a series of prompts detailing the following actions:
Autofill your old/current password
Automatically generate and autofill a new secure password
Confirm the changes and save them to your vault
Keeper offers Secure File Storage to protect your confidential files, photos and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper vault.
Files can either be added to an existing record or you can create a new record to store the file independently of other login information.
Click Files or Photos to upload a file, or simply drag-and-drop the file directly into your Vault.
BreachWatch is a powerful secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.
To start your BreachWatch scan, from the left navigation menu, click BreachWatch > Let's Begin.
BreachWatch will then scan your records and report any risks associated with them. Clicking each record listed will allow you view the steps needed to resolve each risk.
Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper Vault with the same password.
If you click Ignore, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.
Users can configure specific features like language, theme and two-factor authentication from the Settings Menu. You can access the Settings Menu by clicking on the Account Dropdown Menu (your email) in the upper-right corner of your screen.
Choose a Theme: Select from a number of available themes. The theme will affect coloring of buttons, backgrounds, icons and other components.
Clipboard Expiration (Desktop App Only): This will clear any data copied to the clipboard via a copy button after a period of time. Note: If your operating system maintains a clipboard history, this information may still be available after it has been cleared.
Choose another language: English US & UK, Spanish, Japanese, Romanian, Chinese Simplified & Traditional, French, Korean, Russian, Arabic, Greek, Dutch, Slovak, Brazilian Portuguese, Hebrew, Polish, German, Italian, and Portuguese
Record Type Sorting: Adjust the order that record types show in the "Create new" dropdown.
Master Password: Allows you to reset your master password. You must re-enter your current master password in order to change it.
Account Recovery: Allows you to set your recovery phrase which can be used to access your vault in the event you forget your master password.
Email Address: Allows you to change the email address associated with your account. You must re-enter your current master password in order to change it.
Delete All Unshared Owned Records: This will delete all records from your vault that you own. Records that have been shared, will still be shared. Deleted records will be moved to the trash can. To permanently delete them, you must also empty your trash.
Auto-Logout: Logout of Keeper after a number of minutes of inactivity. On the web vault, this is controlled in the browser extension settings. On desktop you have the ability to also wipe application memory and restart the desktop app on logout.
Stay Logged In: If Auto-Logout is enabled, this setting will maintain the inactivity timer and preserve your login if the system is rebooted or your browser is restarted. If "Stay Logged In" is disabled, you will be logged out if the application closes.
Auto-Approve Devices from Recognized IP Address(es): Device approval is needed for any client to login for the first time. The device token is saved per device. If you would like to automatically skip device approval when you are on an IP that matches another already approved device, this will skip the check.
Touch ID (MacOS only): Login to the keeper vault using biometrics. This replaces the first factor (your master password), and second factors will still be required.
Optionally extend display of temporary confirmation messages.
Zoom keyboard shortcut: Cmd +/-
In order to properly utilize the vault's +Create New button and various dropdown menus, users must first disable the JAWS "Virtual Cursor" setting if applicable (or ALT + arrow up/down for NVDA).
In JAWS navigate to Utilities > Settings Center and search for "use virtual PC cursor", then uncheck "Use Virtual PC Cursor".
Search Settings: Control the visibility of Keeper’s search results dropdown overlay and advanced search filters.
Automatic Syncing Delay (Business Customers Only): Set your vault sync delay frequency to improve syncing performance across large user groups.
Show Numbering In Record List View: Choose whether you want records in "list view" to be numbered.
Import: Import passwords from browsers or other password managers. Web imports are typically file based. Keeper Desktop has more availability for automated imports from other solutions.
Export: Export your vault to CSV, JSON or PDF. This includes the ability to include records that have been shared with you that you are not the owner of.
Shared Records Report: Generate a report in CSV, JSON or PDF format. This provides a list of records that you own, and who those records are shared with.
Two-Factor Authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in.
Enabling Two-Factor Authentication is advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts).
Keeper provides two ways to take advantage of 2FA:
To log into your Keeper Vault.
To login into any site or application from your Keeper Vault by embedding a Two-Factor code into your records.
To enable 2FA for your Keeper vault, from the Account Dropdown Menu, click Settings > Security, toggle "Two-Factor Authentication" on and select your 2FA method.
Keeper support several methods of Two-Factor Authentication:
Text Message (SMS)
Authenticator App (such as Google Authenticator, Microsoft Authenticator, etc)
RSA SecurID (for Enterprise customers)
Duo Security (for Enterprise customers)
Keeper DNA (using Apple Watch or Android Wear devices)
FIDO2 Security Keys (or device passkeys)
(1) The Text Message toggle is on by default. Select a Region from the dropdown (US+1 by default), enter your 10 digit phone number including your area code and click Next.
(2) To verify that you trust this number and device, enter the Keeper web code that was sent to the phone number you provided. Select your 2FA code duration from the dropdown menu and click Next. Codes will only last for a minute; if you need another code sent, click Send a new code.
You will be prompted for 2FA every time you login to your Vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(3) Backup codes will be shown next. If you are unable to receive Two-Factor codes via the phone number you entered, you can enter one of the codes listed instead. Click I have written these codes down to finish.
If you are NOT receiving SMS messages from Keeper, please use the TOTP method.
(1) Toggle "Authenticator App" on and click Next.
(2) Using the device that runs the the TOTP application, scan the QR code provided or manually enter the secret key. The app will then acknowledge the QR code and produce a verification code.
(3) Enter that verification code and click Next.
You will be prompted for 2FA every time you login to your Vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(4) Backup codes will be shown next. If you are ever unable to receive Two-Factor codes, you can enter one of the codes listed instead. Click I have written these codes down to finish.
In order for Azure MFA (using the Microsoft Authenticator app.) to be utilized as a TOTP, the Azure administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure.
Keeper DNA is a Two-Factor Authentication method that uses your smart watch as your second factor.
To use this feature, toggle the switch next to Keeper DNA, then follow these links to set up KeeperDNA on your preferred platform:
Keeper supports any FIDO2-compatible WebAuthn security key, including hardware-based security key devices such as YubiKey and device passkeys on your web browser or operating system. A user can register up to five security keys. Any one of those keys will unlock the account.
Go to Settings > Security and enable Two-Factor Authentication then select "Set Up"
Make sure the security key is NOT already inserted into your USB port and click Next.
Insert the security key into the USB port, name the key and click Register.
If you have a PIN associated with your security key, you will be required to enter the PIN when registering your key. If you would like to remove the requirement for PIN entry, this can be done after registration.
If you don't always have your security key on hand, or if you are using mobile devices which don't support hardware security keys, you may add additional methods of 2FA such as a TOTP code. When logging into a device, you will then have the option of using either method.
For the highest level of protection, you can elect to use Security Keys as the only 2FA method. There are some important things to know about this configuration:
Support for enforcing a FIDO2 Security Key can vary based on the device operating system and device firmware capabilities.
Keeper on iOS currently requires using NFC-enabled keys.
The PIN requirement is supported based on the capabilities of the device. As of this writing, mobile OS support for PIN enforcements is limited. We do not recommend enforcing the PIN if users are accessing Keeper on their mobile device.
To manage the entry of PIN every login with a security key, go to Settings > Security > Security Keys > Edit > Edit > and see the "Require PIN if set on security key" setting.
Keeper can protect, manage and store TOTP codes for authenticating into any 3rd party website.
(1) At the target website, visit the two-factor authentication screen which is usually located within security settings. It is sometimes referred to as "login verification" or "two-step verification". Screengrab the QR pattern or copy the secret code to your clipboard.
(2) Within a record, click Add Two-Factor Code.
(3) Upload the screengrab of the two-factor QR pattern (with security key) associated with the site or application. If there isn't a QR pattern, use the manual entry method. Enter the code given under “Secret Key”, often a 32-digit code and fill out the rest of the fields.
If you're using Keeper Desktop, you can also use the handy "Scan" feature to automatically capture the code.
(4) After adding the security key to the record, a two-factor code will be generated inside the Keeper record.
(5) The two-factor code will be regenerated frequently and can then be copied and filled into the site or app when prompted after logging in with a username and password.
KeeperFill for Apps is a convenient tool used to further enhance your experience with the fully-featured Keeper Desktop App. Used in conjunction with your desktop applications, KeeperFill for Apps provides a simple login solution and quick access to your vault records.
Using a hotkey, KeeperFill for Apps also provides autofill features for native desktop applications. Please note, this feature is only available when using the Keeper Desktop application.
To configure your Touch ID Magic keyboard fingerprint login capabilities, you must first be running the latest version of macOS (Big Sur 11.5.2 or newer). Once updated, navigate to your computer's System Preferences > Touch ID > Add Fingerprint. Follow the prompts to register your fingerprint to the device.
Enable Touch ID in Your Keeper Vault
Once you have registered your fingerprint, log in to the Keeper Desktop App and click on the account dropdown menu in the upper-right corner of your screen, then click Settings > Security and toggle "Touch ID" on.
The next time you login to the Keeper Desktop App, the "Touch ID" button will appear at the login screen. Click Touch ID and when prompted, apply your registered fingerprint to the Touch ID sensor on your keyboard to log in.
Keeper is compatible with Windows Hello, a biometrics-based technology that allows users to authenticate and log into their Windows device using biometric facial recognition, fingerprint reader, or pin (available on Windows 10).
To enable Windows Hello Login for Keeper, from the Account Dropdown Menu, click Settings > Security and toggle "Windows Hello Login" on.
Next time you log in to Keeper, click the Windows Hello login button.
Windows Hello will then attempt to authenticate your identity. Once authenticated, you will be automatically logged into Keeper.
When accessing your Keychain, a popup will be triggered asking you to enter your Mac password. This is because Keeper Desktop App saves local storage protected by a key saved in Keychain Access which is used to encrypt local app data. Enter your Mac password and click Always Allow.
To backup your records or generate a Shared Records Report, from the Account Dropdown Menu click Settings > Export. There are three formats for export: CSV, JSON and PDF file. To begin backup, select your preferred file format and click Export.
The instructions below are for uninstalling Keeper Desktop App (Keeper Password Manager) for Mac and Windows OS.
Uninstalling the Keeper Password Manager will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
Drag the Keeper Password Manager app to the Trash.
Empty the Trash.
Uninstalling Keeper Password Manager will also remove KeeperFill Browser Extension from Safari. Data stored in Keeper's Cloud Security Vault will NOT be erased.
Navigate to the Windows Start Menu > Settings > Apps & Features.
Within Apps & features, click the Keeper Password Manager application.
Click Uninstall.
You will be warned that the app and its related info will be uninstalled, click Uninstall to confirm.
User Account Control will ask you to confirm making changes to your device, confirm the changes by clicking Yes.
Time-Limited Access allows you to securely share records and folders with other Keeper users on a temporary basis.
Time-Limited Access allows you to securely share credentials or secrets with other Keeper users on a temporary basis, automatically revoking access at a specified time. Time-Limited Access prevents long standing privileges and ensures that information is removed from the recipient’s vault, greatly reducing the risk of unauthorized access.
Select the record from your vault and click Share, entering their email address or selecting it from your contacts list. Set their permission level and click Add.
Select the “Permissions” dropdown and click Set Expiration. Here you can select one of the default expirations or click custom date and time to set your own. Next, check the box if you would like the record owner, such as yourself, or users with edit access to be notified via email when the recipient's record access expires. Click Done to save.
The recipient of a shared record with time-limited access may have "view" and "edit" permissions but will not be able to share the record. If "share" permissions are applied, the expiration will be removed.
Open the shared folder from your vault and click the edit icon and from the “Users” tab, add the user or team you would like to share the folder with.
Set their permissions and from the dropdown menu click Set Expiration, following the same steps you would for a single record share (described above).
Next, check the box if you would like users with "can manage records" permissions over the folder to be notified via email when the recipient's record access expires. Click Done to save.
The recipient of a shared folder with time-limited access may have "can manage records" permissions, but the ability to "manage users" is restricted. If these permissions are applied, the expiration will be removed.
Self-Destructing Records allow you to share records with user's outside of Keeper, while automatically deleting the record from your vault and disabling the share link at specified time.
Self-Destructing Record’s utilize Keeper’s existing One-Time Share technology which allows time-limited, secure sharing of a record to anyone, even if they don’t have a Keeper account.
Self-Destructing Records take our One-Time Share feature even further by automatically deleting the record from your vault once the share link is disabled and the recipient’s access is revoked. This reduces your workload to revoke record access and removing it from your vault at a later time.
To create a Self-Destructing Record, create a new record as you normally would. Enter the record details and click Add Self-Destruct.
From the menu that is now presented, select when you want the share link to expire.
Once you've made your selection, click Save & Share to generate a One-Time Share link.
You have the option to copy the link directly, or send it in an invite or QR code format.
The recipient of a Self-Destructing Record simply clicks on the provided link and is instantly presented with the shared record in their web browser. One-Time Share links are bound to a single device, further strengthening security and preventing unauthorized distribution or viewing on multiple devices. The link will expire at the specified time or once the recipient has viewed the record for five minutes, whichever comes first.
Keeper's Self-Destructing Records allow you to securely share records with file attachments that self-destruct at a specified time.
Create a record as you normally would and click Add Attachments to upload your file, or simply drag and drop the file directly into your vault.
Click Add Self-Destruct, select when you want the share link to expire, then click Save & Share to generate a One-Time Share link.
The recipient of a Self-Destructing Record simply clicks on the provided link and is instantly presented with the shared record in their web browser. They can then click on the file to download it to their local device.
You can delete a Self-Destructing Record at any time, thus disabling the share link by clicking Delete Now. Deleted Self-Destructing Records will appear in your vault's “Deleted Items” with the option to "Restore".
Offline access is a common use case for users who require vault access in poor network conditions.
Offline Mode allows users access to their vaults from any device when they are not able to connect online to Keeper. Offline access is available with all Keeper plans (except Keeper Free) on Keeper Web Vault, Windows Desktop App, Mac Desktop App, Linux Desktop App and conditional offline access on mobile platforms.
This capability works by making a copy of your encrypted vault to your local device. The vault data is stored in an encrypted format which is only accessible if the user provides their master password or biometric authentication.
Multiple users can share a single device (e.g. a laptop PC) and all will have their vault stored safely on that PC when offline.
Mobile - Conditional Offline Access:
If your organization's SSO is not available (e.g. is offline), click Work Offline in the lower right corner of your screen then click Enterprise SSO Login > SSO User with a Master Password to gain access to your vault offline.
From the login screen, enter your Master Password as usual to login offline.
For users who normally login with SSO and do not have a master password setup, you must first configure one in order to login to Keeper when offline by visiting your vault Settings Menu.
If this option is unavailable to you, please request this feature from your Keeper Administrator who can activate the capability from the Keeper Admin Console.
To access Offline Mode, your device will need to be “primed” with a local copy of your vault by logging in with an online connection at least once. Moving forward, you will have access to all of the records in your vault and you can create new records and edit existing records, all without requiring a network connection.
Users can confirm their Keeper Vault is available offline via a lightning bolt icon and "Available Offline" text which indicates your vault data has been loaded onto that device (the same will apply for Keeper on iOS and Android devices). If the availability indicator is not present, you will first need to login to your vault at least once while online.
To activate Offline Mode from the vault login screen or from within your vault on Keeper Web or Desktop, click Work Offline in the lower right corner of your screen. On iOS and Android devices, Offline Mode will automatically be initiated when logging in if you aren't connected to the internet.
The "Offline Mode" indicator will appear at that top of your vault window.
You can resume a session online at anytime (provided you have a stable network connection) by clicking Go Online in the upper right corner of your vault window.
Keeper's offline capabilities are central to a user's ability to retrieve important data even in the poorest of network conditions. Key vault features that are available offline include:
Creating new records
Editing records
Viewing your Security Audit score
Viewing Deleted Items (Web and Desktop)
A notice will appear if you attempt to perform an action that is not available while offline.
If a device is being used temporarily (e.g. a borrowed PC), then the stored offline vault can be deleted from that device.
From the Keeper login screen, click the dropdown icon in the email address field, then click the "X" to the right of your email address to delete all offline data associated with that vault from the device. This action can be similarly performed on all Keeper platforms.
There are scenarios where Offline Mode might not function for you, based on configuration.
If you have 2FA enabled on the account and you're set for "Prompt Every Login", Keeper will not allow offline access. To change this setting, reset your two-factor authentication method and when prompted for 2FA, select "prompt every 30 days" or "don't ask again on this device".
Offline access on Android platforms will work as long as you have not chosen to prompt 2FA on every login.
Offline access on iOS platforms will ONLY work if you select "Don't ask again on this device."
If you are receiving error messages regarding the network connection, switch your device wi-fi or network connection completely off, and try to login again.
If you are using the Keeper Web Vault, ensure that you are loading the vault from one of the URLs listed below. Offline Mode on the Web Vault requires that you load the vault login page directly (instead of navigating to the Keeper website first).
If you are using Keeper through your employer, the offline mode may be disabled based on your administrator’s security settings.
How to create and manage new types of records in your vault
A Keeper Record Type is a structured template that can contain any type of information such as logins, payment cards, bank accounts, and many more. There are several out-of-the-box record types available for users.
Below are the list of available record types for all consumer and business customers. Business customers should note that your Keeper Administrator may restrict the use of some record types.
There are a variety of Custom Fields available that can be added to any record.
Available Custom Fields
Text
URL (website address) used for Autofill
Security Question & Answer
Multi-line Text
Date
Name
Address (new or linked)
Pin Code (4-digit numeric)
Phone Number
Payment Card (new or linked)
Hidden Field
Keeper Admins can create custom types that fit the needs of your organization. Custom types can be created for all users, or users within specific roles. If you are not seeing a particular record type, or if you would like to have a new type of record, please ask your Keeper Administrator.
Record Types can be shared to other users, either direct sharing or within a Shared Folder, just like any other record. This now includes Payment Cards and Contact record types.
The Payment Cards stored in the "Identity & Payments" section of the vault is separate, and cannot be shared to other users. To make a Payment Card available for sharing, please create the record within the Vault section. Migration from data stored in Identity & Payments is planned for a future release.
To create Payment Cards that can be shared to other users, click on Create New > Record, then select the Payment Card type.
The "General" record type is Keeper's legacy record version.
Both newly created records and "General" record versions can be converted between types.
The new Custom Field types can only be added to new Record Type records.
Comprehensive guide for Keeper on Android phones and tablets.
With Keeper, your passwords, logins and other personal information are saved in a private, digital vault. It is here where you can view and edit all of your website login credentials and details, as well as store important files and photos.
To create your Keeper account, first enter your email address then you will be asked to create and confirm a Master Password which will be the only password you have to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!
To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.
Enterprise users who log in with SSO do not require selection of a Master Password.
IIf you are an existing user, tap Login and enter your email address. If you are attempting to log in on an unrecognized device, a device approval must take place before you can proceed to your Keeper Vault. Users have three methods of approval to choose from:
Email Verification
Keeper Push
Two-Factor Method
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device.
If you select Send Keeper Push, a notification (push) will appear in your Keeper vault at an approved device or browser.
On the device, login and tap Yes to approve the new device. You must be actively logged into a an approved device to receive the notification.
Once your device has been approved, you will be prompted for 2FA (if enabled), then enter your master password to proceed to your vault.
If you are an Enterprise customer using SSO Login, you can enter your email address and tap Next to login through SSO. Alternatively, you can tap Use Enterprise SSO Login and enter the enterprise domain provided by your Keeper administrator and tap Connect.
Next, you will be directed to the Safari browser for web-based SSO Enterprise authentication. After you have successfully entered your SSO credentials and two-factor authentication code (if enabled), you will be returned to Keeper to complete the login. You may be required to approve your device using Keeper Push or administrator approval after the SSO login process has been completed.
When you first log in to your vault, Keeper will prompt you with two options: Import Passwords or Later. If you choose Import Passwords, you can import directly from Google via a CSV file upload.
Importing from other password managers is still supported via the Keeper Web Vault. If you're not near a desktop computer, you can select Later to perform the import at a later time using the Keeper Web Vault.
Open the Keeper App: Launch the Keeper app on your Android device.
Access the Menu: Tap on the Hamburger Menu (three horizontal lines) in the top-left corner.
Select Import Passwords: From the menu, choose Import Passwords.
Choose Import Source: In the import options, select Import from Google.
Export Passwords: You will be redirected to passwords.google.com/options. Here, select Export passwords. -- If you have multiple Google accounts, make sure to confirm you are logged into the proper account.
Confirm Export: An Export Passwords Dialog will appear. Tap on Export to begin downloading your passwords CSV file.
Download Confirmation: Once the file is downloaded, you will see a confirmation message letting you know your file has been saved to your device.
Select the Downloaded File:
The download confirmation prompt has an "Open" option, clicking this will display the "Open With:" dialog at the bottom of your screen, select Keeper to continue importing from your CSV.
If using the back button: Choose Upload a CSV in the Keeper app to locate and select your downloaded file.
You can also navigate to the file manager: Locate the exported CSV file and select it to open with the Keeper app. This will take you directly to the Selected File screen.
Import in Progress: Keeper will display a screen showing the progress of the import and encryption of your passwords.
Import Complete: A notification in your Vault will be displayed letting you know how many passwords have been successfully imported.
If you already have your Google Password CSV file on your Android device:
Open the Keeper App: Launch the Keeper app on your device.
Select Import Passwords: Go to the Hamburger Menu and choose Import Passwords.
Choose CSV Import: When prompted, select the Upload CSV File option. This will open the Files app, filtering to show only CSV files.
Select the CSV File: Browse through your files and select the desired CSV file for import.
Import in Progress: Keeper will display a screen showing the progress of the import and encryption of your passwords.
Import Complete: A notification in your Vault will be displayed letting you know how many passwords have been successfully imported.
Keeper on Android directly supports importing from Google Password Manager via CSV file. While CSV files from other sources may work, their compatibility can vary based on formatting—only Google’s export is guaranteed to function seamlessly.
If you're importing from another password manager:
Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital vault (as "Records") and are encrypted on your device using 256-bit AES.
Tap + and Create New Record.
Enter a Title for the record
Enter the Email or Username
Enter the Website Address (if one wasn't already entered for you)
Tap Save to finish
Depending on the Record Type you selected, the default record fields will vary.
With Keeper you can organize your records into folders and subfolders. To create a folder, tap + and Create New Folder, then enter a name for the folder. To add records to the folder, Tap + and Add Existing Record or you can tap Create New Record to add a new record to the folder.
To create a subfolder, within the folder, tap + and Create New Folder.
Keeper makes it easy to move records around within your vault. Individual or multiple records and folders can be moved and shortcuts can be created. Shortcuts, like alias files, can exist in two or more places and when edited, change together.
To move or shortcut a folder, record or multiples thereof, long press on the record or folder and select any additional folder(s) or record(s) you would like to move or shortcut. Next, select the action you would like to perform by tapping an icon located in the upper right corner of your screen. The options include:
Create a Shortcut
Move to a New Folder
Move to an Existing Folder
Change the record(s) "Type"
Delete
You can move or shortcut a single record by selecting the option listed within the record detail screen.
Adding a record to your vault Favorites is an easy way to locate your most frequently visited sites. To add a record to your Favorites, tap the menu icon (three vertical dotes) and select Add to Favorites.
Securely create, share and manage records and folders with other Keeper users such as friends, family, friends and colleagues.
Open the record you would like to share and tap Share > Share with User. Enter the user's email address, then use the toggle switches to select permissions (Can Edit, Can Share, Make Owner) then tap the checkmark icon to save.
If this is the first time you are sharing with this person, you will first need to establish a "sharing relationship". The user will receive an email prompting them to login to Keeper and either accept or deny the share request. Once you establish a sharing relationship, the user will appear in the email dropdown list.
Shared folders allow you to share multiple records at once and new records can be added to the folder as needed.
Tap + > More > Create Shared Folder.
Enter a name for the folder and tap Save.
Tap the menu icon in the upper right corner of your screen and select Manage Users & Records.
Tap Add Users and enter the email addresses of the user(s) you would like to share the folder with and tap the checkmark to save.
You can assign permissions for each user by tapping on their email address under the "Users" tab (Can Manage Users, Can Manage Records).
To add records to the folder, switch to the "Records" tab and tap Add Records.
Select the record(s) you would like to add to the shared folder and tap the checkmark icon to save.
Once a record has been added, select it from the list to assign permissions (Can Edit, Can Share).
Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely.
Long, random passwords that are created for each account help protect your information and reduce your exposure to data breaches. Alternatively, by combining multiple words, passphrases are an even more secure alternative to traditional passwords.
Keeper's password generator can create and securely store strong, random passwords or passphrases for all of your sites and apps.
Generate a Password
To begin, tap the dice icon within a new or existing record. You can customize your password by character length (8-99 characters) and choose to include lowercase and uppercase letters, numbers and symbols.
Check the box at the bottom of your screen if you'd like to make your selections the default setting for all passwords moving forward. Tap Use Password to update the record or Copy Password to copy it to your device's clipboard.
Tap the dice icon within a new or existing record and from the dropdown menu next to "Type", select Passphrase.
You can customize your passphrase by setting the length, including capitals and numbers in the passphrase and choosing from various symbols to separate the words.
Passphrases can be up to 20 words long, with a minimum length of 5 words and each word including at least 3 characters.
Check the box at the bottom of your screen if you'd like to make your selections the default setting for all passphrases moving forward. Tap Use Passphrase to update the record or Copy Passphrase to copy it to your device's clipboard.
To generate a password or passphrase from your vault home screen, tap the yellow create button and select Generate Password. Select either password or passphrase next to "Type". You can either use the password/passphrase to create a new record or copy it to your device’s clipboard to use elsewhere.
To view your password/passphrase history, tap Generate Password from either your vault home screen or create one within a record and tap the clock icon. You can delete your generator history at any time by tapping on the trash icon.
To produce a zoomed-in view of a record's password or passphrase, tap the eye icon then long press on the password field. An enlarged view of your password/passphrase will appear at the bottom of the screen. Any numbers and symbols can be easily identified by blue and red color-coding.
The password generator on end-user vaults will adhere to the minimum character length, minimum number of lowercase/uppercase/numbers/symbols and allowed list of symbols as defined by your Keeper Administrator.
The passphrase generator on end-user vaults is enabled by default, but can be disabled by your admin. Passphrases will adhere to the minimum number of words and can be configured to include capital letters and numbers. The separators between words will be selected from the list of allowed symbols.
Security Audit gives your passwords an overall security score and lets you clearly see what passwords are weak from a password strength visual indicator (red being the weakest, green being the strongest).
If a record is indicated as having a high risk password, Keeper recommends changing the password at the affected site immediately and updating the corresponding record in your Keeper Vault.
Users also have the ability to conveniently restore previous versions of a record. While viewing a record, tap the menu icon in the upper right corner of your screen and select Record History.
To restore a record back to a previous state, tap on the version you would like to restore. Review the record information by tapping the info icon then tap Restore.
A few notes on Record History:
Restoring a record does not place it back into the original folder structure.
Record History is only available as part of the paid consumer and business plans.
Deleted records can be reviewed and restored by visiting "Deleted Items" in the left navigation menu.
Use KeeperFill to quickly autofill passwords into web browsers such as Chrome, Firefox, Edge, Brave, DuckDuckGo and all other native apps like banking and social media. Once enabled, KeeperFill login prompts and fill results are seamlessly integrated into your device's keyboard.
KeeperFill is currently supported for Android versions 9 and above.
To enable KeeperFill, navigate to Keeper's Settings menu, then toggle "KeeperFill" on.
You will then prompted to enable various settings on your device including:
Selecting Keeper as the Autofill service
Enabling KeeperFill in the installed services
Enabling KeeperFill in the available virtual keyboard section
Enabling Keeper to display over other app
From the app or website login screen, tap Sign in to Keeper located above the keyboard and enter your Keeper master password.
If Keeper identifies a record match, your login will then be displayed. Simply tap on your login next to the Keeper icon to autofill your credentials and log in.
Some apps and sites have more than one login screen and may require you to tap your login on each screen.
If your device's keyboard does not support autofill, KeeperFill's appearance and location will vary like in the example below.
Creating a passkey for a website or app is a simple process on your Android device.
Tapping Create Passkey on a site or app will triggerKeeper to intercept the request. Keeper then prompts you to create a passkey for your associated login and saves it to your vault.
Returning to sites or apps where you have a stored passkey you will either be prompted to sign in with passkey or will be able to select Sign in with Passkey. Keeper does the rest!
Passkey functionality is not enabled by default on Android devices. To enable passkeys with Keeper follow the steps below.
Android devices do not have passkeys enabled by default. To enable passkeys on your device follow these steps:
Open Chrome or Chromium based browser on your Android device.
Enter chrome://flags into the address bar.
In the flags page that opens, tap the search box and search for "M124".
Under "Temporarily unexpire M124 flags" select Enabled from the dropdown menu, then click the Relaunch button that appears at the bottom of the browser.
Next, enter "Passkeys" in the search bar.
Under "Android Credential Management for passkeys" select Enabled for Google Password Manager and 3rd Party Passkeys from the dropdown menu, then click the Relaunch button that appears at the bottom of the browser.
If you would like to search for a record in your vault or create a new record, tap Search/Add. Then select whether you would like to Search or Create New Record.
If searching, select the record in your records list and tap Fill to autofill the login in the app or site.
If creating a new record, enter the record details and tap Save and Fill to save the record to your vault and autofill the newly created login in the app or site.
Keeper offers Secure File Storage to protect your confidential files, photos and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper Vault.
You can either add an attachment to any existing record or create a new record using the "File Attachment" record type. Tap Add Files or Photos to upload your file.
BreachWatch is a powerful, secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.
To start your BreachWatch scan, tap BreachWatch in the lower menu of your screen tap then Let's Begin > Scan.
BreachWatch will then scan your records and report any risks associated with them. Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper vault with the same password.
If you tap Ignore, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.
The Settings menu allows you to customize the display, personalization and security features of the application, including:
Theme
Login Options (Two-Factor Authentication, Biometric Login, Auto-Logout)
Security (Self-Destruct, Fast Login Mode)
KeeperFill
Prevent Screenshots
Clipboard Expiration
Hide Passwords
Sort Record Types
Change Email Address
Account Recovery
Reset Master Password
Please note that some security settings may be enforced by your Keeper Administrator if you are part of a Keeper Business account.
You can enable Dark Mode at the top of Keeper's Settings menu. By default, the app will match your device's system display settings. Alternatively, tap the dropdown to turn Dark Mode for Keeper on or off.
If you forget your Master Password, this feature will help you quickly regain access.
Set up Account Recovery:
Tap Account Recovery from the Settings menu.
Confirm your Master Password and tap Generate New Phrase.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it.
Check the confirmation box to confirm that you've stored your Recovery Phrase.
Tap Set Recovery Phrase.
To change your Master Password:
Tap Reset Master Password.
Enter your current master password.
If you have Biometric Login enabled, you won't be required to enter your current master password.
Create and confirm a new master password.
Two-Factor authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in.
Enabling two-factor authentication is especially advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts).
Keeper offers two ways to take advantage of 2FA:
To log into your Keeper Vault.
To log into any site or application from your Keeper Vault by embedding a TOTP (time-based one-time password) into your records.
To enable 2FA for your Keeper Vault, tap Settings > Two-Factor Authentication, tap the dropdown menu under "Primary Method" and select a method from the list of options.
(1) Select a Region (US+1 by default), enter your 10 digit phone number including your area code and tap the checkmark icon to save.
(2) Select how long you want the two-factor method to be valid for (not again for the device, every 30 days, 24 hours, 12 hours or at every login).
Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(3) Enter the code that was sent to the phone number you provided then tap the checkmark icon to save. Codes will only last for a minute; if you need another code sent, tap Send a new code.
(4) Backup codes will be shown next. If you are unable to receive two-factor codes via the phone number you entered, you can enter one of the backup codes listed instead. Tap one of the listed options to confirm you saved the codes somewhere safe.
(1) Once you select "Authenticator App" tap the checkmark icon to save.
(2) Select how long you want the two-factor method to be valid for (not again for the device, every 30 days, 24 hours, 12 hours or at every login).
Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(3) You will be asked to scan the QR Code or enter your secret key in your authenticator or TOTP app. Copy the code displayed in Keeper. Open Google or Microsoft Authenticator (or whichever app you use for 2FA) and add a TOTP record, pasting in the copied Secret Key.
(4) Return to Keeper and copy or enter the TOTP code provided.
(5) Backup codes will be shown next. If you are unable to receive two-factor codes via the phone number you entered, you can enter one of the backup codes listed instead. Tap one of the listed options to confirm you saved the codes somewhere safe.
In order for Azure MFA (using the Microsoft Authenticator app) to be utilized as a TOTP, the Azure Administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure.
You can manage how often you are prompted to sign in on your device with your selected two-factor method at any time. Once you have set up two-factor authentication for your vault (following the steps above), the 2FA Frequency setting will be available within the "Settings" menu. Tap 2FA Frequency and select from: every login, every 12 hours, every 24 hours, every 30 days, or don't ask again on this device.
Keeper can fill 2FA codes on any website or application that supports TOTP by scanning a QR code to generate a code (requires a second device).
(1) Open the Keeper record on your mobile device and tap the pencil icon (to edit) > Add Two-Factor Code (this will open your device's camera).
In order to open your device's camera you must first "allow" Keeper permission when prompted.
(2) On a secondary device (e.g. tablet, computer), navigate to the corresponding record's 2FA set up screen to retrieve the site's QR code.
(3) Scan the QR code with your mobile device. You will see the code has been added to the record.
(4) Tap the checkmark icon to save, then tap the code to copy it to your device's clipboard.
(5) Return to the site to paste the code to complete the setup.
From the left navigation menu, select Settings then toggle "Biometric Login" on.
At the Keeper login screen, tap Biometric Login and touch the fingerprint sensor when prompted (or use Face/Iris Authentication where available).
Keeper is committed to enhancing the security and flexibility of your experience. Support for more plug-in style physical keys will come with a future release.
(1) Before you add a security key, a two-factor authentication method must be in place as a backup.
(2) Navigate to Settings > Two-Factor Authentication and tap Add next to "Security Keys".
(3) Tap + Add Key and enter a name for the security key, then tap REGISTER.
(4) Select NFC Security key from the list of devices.
(5) Hold your key flat against the back of your device until it stops vibrating.
Your security key has been registered. You can register up to 5 security keys. Any one of those keys will unlock the account.
The FIDO2 WebAuthn device will be required for login based on the configuration of the first 2FA method. For example:
If the first 2FA method is set to "Prompt Every Login", then the Yubikey will be required on every login, and offline login will be disabled.
If the first 2FA method is set to "Every 30 days", then the Yubikey will be required every 30 days, and offline login will be disabled.
If the first 2FA method is set to "Remember Forever", then the Yubikey will only be required one time on each new device. Offline vault login will be enabled.
Keeper supports the use of multiple vaults on the same device allowing you to switch between a personal account and business account, for example.
To switch to another account on your device, tap Account then tap the dropdown menu icon to the right of your email address. Select the account you would like to switch to or tap Add Account to register another account on that device.
You can also switch and add accounts from the Keeper login screen.
When 2FA is activated on an account, it protects the user on all devices and all platforms because 2FA is protecting access to the backend cloud system.
By definition, two-factor authentication protects access to the cloud and it protects access to online accounts. It therefore requires an online connection to be prompted for 2FA. 2FA is triggered when a request is made from the client device to the server. For example when logging into a new device, syncing new information on an existing device or performing any other cloud-based features.
By default, the native Keeper app for iOS, Android, Mac and Windows allow users to login quickly with their master password (offline mode) to access their vault. After typing in the master password or using biometric login, the user decrypts the data locally, then the app sends a sync request to the server at which time the user may be prompted for their 2FA code. Depending on the speed of the Internet connection, the 2FA prompt may be received a couple seconds after logging into the native application because the local decryption of data occurs much faster.
Offline authentication and vault access is permitted by all consumer customers. Enterprise customers may restrict the use of offline access for their employees.
When activating 2FA on your Android device for the first time, the user selects how often they want to be prompted. Users can be prompted for 2FA at every login, once every 12 hours, every 24 hours, every 30 days, or only one time per device. It's important to understand that 2FA is always enabled on the Keeper servers. After a successful login on a device, a "token" is generated from the 2FA code and stored locally on the device as long as it's deemed valid by the server. This is why you are still able to login to the same device over and over without being re-prompted. By default, consumer customers will be prompted only one time per device. Enterprise customers may enforce users to be prompted every time for a new code.
Currently, the 2FA token retention timing on Android will default to "only one time" on a device if the 2FA was initially set up on the Web Vault or Desktop App. To change this behavior, please turn 2FA off and then re-activate 2FA on the iOS device.
To import and export data from your Keeper vault, visit the Keeper Web Vault or download Keeper Desktop for your computer.
The instructions below apply to the latest OS. Third party operating system instructions may differ.
Uninstalling Keeper will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
Open your device's Settings menu.
Tap Apps or Application Manager (depending on device).
Navigate to the Keeper App.
Tap Uninstall.
Confirm by tapping OK when prompted.
Resetting Keeper will erase all records from all Keeper accounts stored locally on your device. Data stored on Keeper's Cloud Security Vault is NOT erased.
Open your device's Settings menu.
Tap Apps or Application Manager (depending on device).
Navigate to the Keeper App > Storage.
Tap Clear data and Clear cache.
Confirm by tapping OK when prompted.
Keeper's mobile apps do not contain any trackers. All mobile apps go through vulnerability testing with Keeper's 3rd party testers and the Bugcrowd Bug Bounty Program.
Exodus Privacy is an organization that monitors the applications that perform user tracking. Keeper's Android application showing zero trackers is listed below:
Time-limited secure sharing of a record with anyone even if they don't have a Keeper account.
One-Time Share is now live on Web Vault, Desktop App version 16.6+, iOS and Android.
Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone without requiring them to create a Keeper account. One-Time Share is the most secure way to send confidential information to a friend, family member or co-worker without exposing information over email, text message or messaging.
One-Time Shares are secure by design, utilizing Keeper's Zero-Knowledge encryption. The record data is decrypted locally on the recipient's device using 256-bit AES and all requests to the server are signed with elliptic-curve cryptography (ECDSA).
Share links automatically expire at a time of your choosing, and they can only be used on one device. Even if you forget to un-share the record, it will expire and access will be revoked. As an additional layer of security, One-Time Shares are device-locked which means that only the original recipient is able to access the data. If the link is later opened up by a third party, or your email account is compromised, the link cannot be accessed, except on the original device.
Share your wi-fi password to a guest
Share an encrypted file with a family member
Provide time-limited access to payment cards
Share access credentials with a contractor
Share an encrypted file with a co-worker
Provide secure documentation or instructions
QR Code
Airdrop
SMS
Other out-of-band channels
The applications and uses for this are virtually endless. Any time you have a need to securely deliver data to a non-Keeper user, One-Time Shares are the perfect choice.
To create a One-Time Share, click the menu icon within the record that you own or have the permission to re-share. Then select "Create a One-Time Share" to generate a link.
One-Time Share is only available on records created after April 26, 2021 when we published Record Types. If you're not seeing the One-Time Share feature, try creating a new record.
If you are an Enterprise user, the use of One-Time Share may be restricted by your Keeper Administrator.
Next, select the record access expiration from the dropdown menu and click Generate.
You can copy the URL of the link, or copy the entire invitation body (for sending additional contextual information to the recipient). If you scroll down the dialog, you will also see a QR code that can be sent to the recipient.
When the recipient of the share link opens the record, it will open in their web browser and it will be bound to their device. The record access will automatically expire after the set amount of time.
After the record has expired, the link will no longer be valid, and existing devices will no longer load the information.
To delete a One-Time Share, click the trash icon next to the share. This will immediately disable the share link. Expired shares will appear under the "Expired" tab.
Keeper One-Time Share is also available for iOS.
(1) Open the record you would like to share then tap Share > One-Time Share.
(2) Tap the Create a Share Link.
(3) Select a record access expiration from the provided options or select a custom date and time and tap Create.
(4) Once the share link has been created, select the method of delivery (QR Code, Airdrop, Email, SMS, etc.). When the recipient of the share link opens the record, it will open in their web browser and will be bound to their device. The record access will automatically expire after the set amount of time.
Keeper One-Time Share is also available for Android.
(1) Open the record you would like to share then tap Share > One-Time Share.
(2) Tap the add share icon in the lower right corner of your screen.
(3) Select a record access expiration from the provided options or select a custom date and time.
(4) Once the share link has been created, tap Share, Copy Link (to paste into a message) or the recipient can scan the provided QR code to view the record. When the recipient of the share link opens the record, it will open in their web browser and will be bound to their device. The record access will automatically expire after the set amount of time.
With Keeper's powerful record sharing capabilities, users can securely share their records and folders with family, friends, co-workers and others across all devices, with ease.
Do you need to share confidential documents with a family member? Or maybe you want to share your Wi-Fi password with a friend. Sharing is one the most common use cases of password managers. Keeper offers various easy-to-use sharing solutions with a range of accessibility permissions to fit all of your sharing needs.
Share a Record - easily share a single record with another Keeper user and choose from various permission types to control access (can edit, can share, can edit & share, view only and transfer ownership).
Share a Folder - share multiple records at once by sharing a folder with another Keeper user or users. Set permissions that govern the records and users within the folder.
Share a File - securely share files with other Keeper users via record or folder sharing.
One-Time Share - provides time-limited secure sharing of a record to anyone, even if they don't have a Keeper account.
Time-Limited Access - share records and folders with other Keeper users on a temporary basis. To learn more, click here.
Self Destructing Records - share records with user's outside of Keeper, while automatically deleting the record from your vault and disabling the share link at specified time. To learn more, click here.
Click the Share button.
From the "Add People" tab, click within the email address field and enter the email address of the Keeper user you would like to share the record with.
Click the dropdown arrow to set their permission level (can edit, share, edit & share, view only and transfer ownership) and click Add
.
Continue reading to learn more about "User Permissions".
If this is the first time you are sharing with this person, you will first need to establish a "sharing relationship". The user will receive an email prompting them to login to Keeper and either accept or deny the share request. Once you establish a sharing relationship, the user will appear in the email dropdown list.
Business and Enterprise users within the same tenant already have an established sharing relationship and don't require additional verification.
The list of users the record is shared with will now appear in the record's sharing screen. You can make changes to the User Permissions at any time by clicking on the dropdown arrow next to the user's email.
User Permissions are designed to control the permissions a user has over the record that is shared with them.
Shared folders allow you to share multiple records at once and new records can be added to the folder as needed.
To create a Shared Folder, click Create New > Shared Folder.
Choose where you would like to nest the folder using the dropdown menu and enter a name for the folder. Set the User and Folder Permissions and click Create.
"User and Record Permissions" will be covered in the subsequent sections of this guide.
You can add records to the folder by a simple drag-and-drop or you can click Edit and add the records using the record search bar.
Set the record(s) permissions by clicking on the dropdown arrow next to the record.
Record Permissions are used to govern folder members' (users) interactions with each individual record in the folder. You can access these permissions from the "Records" tab and click on the dropdown next to the record name.
From the "Users" tab, click within the email address field and enter the email address of the Keeper user you would like to share the folder with.
You may need to establish a "sharing relationship". The user will receive an email prompting them to login to Keeper and either accept or deny the share request. Once you establish a sharing relationship, you can share the record and the user's email will appear in the email dropdown list.
Business and Enterprise users within the same tenant do not need to approve a sharing relationship.
Set the User Permissions by clicking on the dropdown arrow next the user's email.
User Permissions are used to govern each individual user's ability to add or remove records and other users to the folder. You can access User Permissions from the "Users" tab and click the dropdown next to the user's email.
To create a Subfolder within a Shared Folder, right-click on a Shared Folder and select New Folder. Enter the name of the Subfolder and add records via drag-and-drop or using the record search bar.
While viewing the records within a Shared Folder, click Edit and check the box next to “Show subfolder records" located in the Records tab to include those records in view or leave it unchecked to collapse them from view.
Shared Folder Settings are configured in order to easily set folder permissions for all users within the folder. These are selected upon the initial creation of the Shared Folder but you can change them at any time by clicking Edit > Settings. Click the dropdown arrows to set your User and Record Permissions for the folder.
Please note, newly created records inherit these permissions when adding users or records to the shared folder.
In order for the "subfolders" checkbox to appear, you must first click the "Show subfolder records" checkbox located in the Records tab.
If the Default Folder Settings are not set properly, users who add records to the Shared Folder will find that the records are "View Only" by other members of the Shared Folder, even if those users have "Can Manage Records" permission. If you would like all folder members to have edit rights over all records that are added to the folder, set the Default Folder Settings to Can Edit Records.
The Can Manage Records setting only allows users the ability to add or remove records, it does NOT give them record permissions.
Once the default configuration is set, it will only affect users and records added after the change was made. To edit permissions for the users or records added prior to the default configuration, change them individually or through a bulk change.
A user with access to a Shared Folder has the option to remove themselves from the Shared Folder. If the user has been granted the Can Manage Users & Records permission, the user also has the ability to delete the Shared Folder.
When a Shared Folder is deleted, the records stored in the Shared Folder will be moved to the "Deleted Items" section of the vault, for the owner of each record.
Keeper offers Secure File Storage to protect your confidential files, photos, and videos. Securely upload and share files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private files.
To share a file you can either create a New Record or Shared Folder or add a file to an existing record or shared folder.
To upload a file to a new or existing record, click Files or Photos or simply drag-and-drop the file directly into the record.
If you are an Enterprise user, file sharing may be restricted by your Keeper Administrator.
Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone who doesn't have a Keeper account. One-Time Share is the most secure way to send confidential information without exposing information over email, text message or messaging.
Keeper is a zero-knowledge security provider. Zero-knowledge is a system architecture that guarantees the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device.
Just like our password encryption technology, Keeper protects your confidential files with 256-bit AES encryption using record-level keys.
Tapthen tap Record
.
Tap to Attach Files & Photos or Add a Two-Factor Code
Tap then tap Folder
.
To add new or existing records to the folder, tap .
Tap then tap More > Shared Folder
, enter the name of the shared folder and tap Save
.
While viewing a record, tap pencil icon then tap .
From your vault, tap on a record to view it in detail, then tap.
From your vault, tap on a record to view it in detail, then tap and New Shared Folder
.
At the Keeper login screen, you will be automatically prompted to sign in with your fingerprint or facial recognition, or tap to be prompted.
Keystroke | Description |
---|---|
Support Physical Keys | NFC Support | Plug-in Support |
---|---|---|
To learn how to set up 2FA for websites and apps, click .
(United States)
(Europe)
(Australia)
(Canada)
(Japan)
(US GovCloud)
Upon logging in, you will be prompted to follow our Get Started wizard, which will guide you to , install the and set up .
Enterprise (SSO) users, should refer to our "" Guide for more information regarding account creation, login flows, device approvals and much more.
Choose a from the dropdown menu ("Login" is the default type)
Enter the Password or click the dice icon to generate one (more on that )
Enter Notes, add , a and
- No longer available
Please see the full instructions and file format of our CSV import .
Keeper also supports advanced JSON structured file formats. We recommend using JSON files for import and export of structured data instead of CSV files. This is described in the
Visit: to download the Keeper App for all of your desktop and mobile devices.
Deleted records can be found in the "Deleted Items" section of your vault (for paid consumer accounts). More information on Deleted Items can be .
Permission Name | Permission Level |
---|
Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone without having to create a Keeper account. To learn more about One-Time Share, click .
Learn more about Keeper's sharing features .
This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password. Click to learn how to easily change your password with KeeperFill.
Lowercase Letters | Uppercase Letters | Digits | Symbols |
---|
Custom Fields allow you to store additional data within a record, such as the answer to a site's security question or a passport number. Any record created with one of Keeper's , can be further enhanced with various custom field options.
To learn more about Record Types, click .
Learn more about Security Audit .
To learn more about Emergency Access, click .
Download KeeperFill for your browser by visiting our .
To learn more about the KeeperFill Browser Extension, click .
To learn more about Secure File Storage, click .
To learn more about BreachWatch, click .
: Enable a second factor of authentication such as SMS, RSA token, DUO security token, Authenticator or KeeperDNA. This will be used in addition to device verification and a master password.
: Setup a security key such as a Yubikey as a second factor for authentication.
: Login to the keeper vault using biometrics. This replaces the first factor (your master password), and second factors will still be required.
: KFFA allows interaction with desktop and thick clients to input passwords and other fields into apps via shortcut keys. This requires the desktop app to be installed.
: The browser extension provides most keeper capabilities directly from the browser.
To learn more about KeeperFill for Apps, click .
On supported Mac devices equipped with the Apple M1 chip, users with can use their fingerprint to log in to the Keeper Desktop App.
To learn more about logging into Keeper with Windows Hello, click .
Exporting to a .csv file will not back up file attachments saved in records. For advanced backup capabilities see .
Additional user tutorial videos are available at:
Platform | Version |
---|
Offline mode is available as long as there are no enforcements or specific 2FA settings that directly prevent it. See for scenarios that affect offline access via your mobile device.
When logging in offline on a Web Browser (Chrome, Firefox, Safari, Edge), the user must navigate to this exact URL: US Data Center: EU Data Center:
AU Data Center: CA Data Center: JP Data Center: US Public Sector / GovCloud:
To learn more about the Keeper Business product, click here: To suggest new default templates for all consumers, please send an email to feedback@keepersecurity.com.
Signing up for Keeper's Android mobile app is easy. Simply visit the on your device and install the Keeper Password Manager. account or login to an existing account. Watch the video below to learn more about account creation and login.
For more information about Enterprise SSO login, click .
Keeper will ask you to navigate to on your desktop computer to begin the process of importing your passwords.
For detailed instructions on importing passwords from web browsers and other password managers to your Keeper Web Vault, click .
Choose a from the dropdown menu ("Login" is the default type)
Enter the Password or tap the dice icon to generate one (more on that )
Enter Notes, add , a and
Please note, once created, regular folders cannot be converted to a shared folder. To learn how to create a shared folder, click .
Keeper "One-Time Share" provides time-limited secure sharing of a record to anyone even if they don't have a Keeper account. To learn more about One-Time Share, click .
Payment cards can also be stored in your vault as records using the "Payment Card" record type which allows them to be shared with other users. See our Guide for more information.
This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password. Click to learn how to easily change your password with KeeperFill.
For more information on record password enforcement policies, please see our .
Passkeys on Android devices, a highly anticipated feature for enhanced security and convenience, is now available on Android devices running Android 14+. This update marks a significant enhancement in our mobile applications capabilities, offering users an even more secure and streamlined experience. To learn more about Passkeys with Keeper, click .
Passkeys work on websites and applications that have been specifically built to support them. Keeper maintains a passkey directory, which can be found .
To learn more about Secure File Storage, click .
To learn more about BreachWatch, click .
If you are unable to login with your current master password, and you've set a recovery phrase, go to to recover your account.
If you are not receiving SMS messages from Keeper, please use the TOTP method or submit a support ticket at .
For security reasons, Android has designated only certain biometric authentication methods as secure. Samsung face biometric is considered insecure by the Android operating system (because it can be ). Keeper Security does not permit insecure biometric access to the vault.
Keeper provides two-factor authentication (2FA) on Android with compatible hardware keys such as the , and . Listed below are supported physical keys on Android.
Supported Physical Keys | NFC Support | Plug-in Support |
---|
Keeper Web Vault:
All Downloads:
Customer Support Form:
Business Customers:
System Status:
To learn more about the security and encryption model powering One-Time Shares, .
Permission Name | Permission Level |
---|
Permission | Description |
---|
Permission | Description |
---|
Now you can share the record like you would any other record by clicking the Share button (more on that ).
To learn more about Keeper One-Time Share, click .
Record sharing utilizes Elliptic Curve (EC) encryption. To learn more about Keeper's sharing encryption model, click .
The encryption model implemented for one-time sharing uses the same technology as , a zero-knowledge and zero-trust platform for protecting cloud infrastructure.
{USERNAME}
Record username field
{PASSWORD}
Record password field
{TOTP}
Record Two-Factor Code field
{URL}
Record Website URL field
{FIELD:XXX}
XXX=Value for Custom Field Name
{ENTER}
Enter key
{TAB}
Tab key
{DELAY:X}
Delay by X number of seconds
{UP}
Up arrow key
{DOWN}
Down arrow key
{LEFT}
Left arrow key
{RIGHT}
Right arrow key
{TEXT:XXX}
XXX=Arbitrary text to fill
{SPACE}
Space character
YubiKey 5 NFC
✅
❌
YubiKey 5C NFC
✅
❌
YubiKey 5Ci
❌
✅ - Lightning ONLY
Device | OS Version Supported |
Windows | 7 / 8 / 10+ |
Mac OS | Current Version - 2 |
Linux | Fedora, Red Hat, CentOS, Debian, Ubuntu, Mint |
Can Edit | User can edit this record |
Can Share | User can share this record |
Can Edit & Share | User can edit and share this record |
View Only | User can only view the record |
Transfer Ownership | User will obtain ownership the record and control the sharing permissions |
abcdefghijklmnopqrstuvwxyz | ABCDEFGHIJKLMNOPQRSTUV | 0123456789 | !@#$%()+;<>=?[]{}^., |
Record Type | Description |
Login | The set of data needed to successfully login to a website. |
Payment Card | Credit card information, used in autofilling of forms. Payment cards can also be "linked" to other records, to reduce duplication of data. |
Contact | Identity information about a particular person. We recommend you create one with your information, used in autofilling of forms. |
Address | Address information used to identify a physical location. Address records can also be "linked" to other records, to reduce duplication of data. |
Bank Account | Banking information, such as account number and routing numbers. |
File Attachment | One or more files can exist in a file record. |
Photo | One or more photos can exist in a photo record. |
Driver's License | Drivers license information, such as name, number and expiration. We recommend you store pictures of both the front and back in this record type. |
Birth Certificate | Birth information such as date of birth and name. We recommend you store a high quality scan of your birth certificate in this record type. |
Database | Database information such as Type, hostname and port. Can be used to rotate database credentials in Commander. |
Server | Server information such as hostname and login info. Can be used to rotate or connect to servers in Commander. |
Health Insurance | Health insurance information such as account number and the insured's contact info. |
Membership | Membership information including account information and name. We recommend you store a scan of membership the barcodes in this record type. |
Secure Note | Secure information that is masked when the record is viewed. The record contents can be unmasked at will. |
Passport | Passport information such as number and expiration. We recommend you store a high quality scan of your main passport page in this record type. |
Identity Card | Identity information such as number and expiration. We recommend you store a high quality scan of your ID card in this record type. |
Software License | Software license information such as the license number and purchase date. |
SSH Key | SSH information, such as public and private key strings. We recommend you attach any relevant key files in this record type. |
Custom | Business customers can create custom types that will appears for users. |
General | Legacy format, used for records created before the launch of Record Types. |
Yubikey 5 NFC | ✅ | ❌ |
YubiKey 5C NFC | ✅ | ✅ |
YubiKey 5Ci | ❌ | ✅ |
Identiv uTrust NFC | ✅ | ❌ |
Feittian ePass K9 NFC | ✅ | ❌ |
GoTrust Idem NFC | ❌ | ✅ |
Thetis Pro NFC | ✅ | ✅ |
Can Edit | User can edit this record |
Can Share | User can share this record |
Can Edit & Share | User can edit and share this record |
View Only | User can only view the record |
Transfer Ownership | User will obtain ownership of the record and control the user permissions |
Can Edit | Users in the folder can edit this record |
Can Share | Users in the folder can share this record |
Can Edit & Share | Users in the folder can edit and share this record |
View Only | Users in the folder can only view this record |
Can Manage Users | The user can add or remove other users in the folder |
Can Manage Records | The user can add or remove records in the folder |
Can Manage Users & Records | The user can add or remove other users and records in the folder |
No User Permissions | The user will have no permissions over the other users or records in the folder |
Desktop | Keeper Desktop App (Mac, Windows, Linux) |
Web Browser |
Mobile (Conditional Access) | iOS | Android |
Steps to provide Keeper Support with Browser Extension debug information.
To experience the latest KeeperFill updates and features, you want to make sure you running the latest version of the Keeper Browser Extension. To update KeeperFill, follow the steps below:
In your browser's search bar, navigate to chrome://extensions.
In the upper right corner, toggle "Developer mode" on.
In the list of your current browser extensions, locate the "Keeper Password Manager & Digital Vault" extension and click Details.
In the upper left corner, click Update.
To update KeeperFill in Firefox, follow the steps below:
In your browser's search bar, navigate to about:addons.
In the upper right corner, click the gear icon and select "Check for Updates"
Ensure that Keeper is updated to the latest version.
If you are experiencing an error, it is helpful to provide Keeper support with any console errors that might be occurring. To capture the errors, follow the steps below.
In your browser's search bar, navigate to chrome://extensions.
In the upper right corner, toggle "Developer mode" on.
In the list of your current browser extensions, locate the "Keeper Password Manager & Digital Vault" extension and click on "background.html"
Click on the "Console" tab. Check for any errors in red. Take a screenshot of any error messages and send them to support.
If you encounter a website that does not appear to be working with the Keeper Browser Extension, our Support Team is here to help. We kindly ask that you provide adequate information to allow us to reproduce and resolve the issue.
Please contact the Browser Extension team at feedback@keepersecurity.com and provide the following information:
Browser version
Operating system type and version
Website information
Additional debugging data (*)
(*) To capture the debugging data follow the steps below:
Right click on the login or password field you are attempting to autofill.
Right-click and select "Inspect"
A secondary window will appear within the right side of your screen and the applicable elements will be highlighted.
Use the snipping tool or screen capture tool/shortcut on your computer to capture the following images (combined or single screenshots):
The login page of the website.
The inspection window (being sure to include the portion of the inspection window that contains the highlighted elements).
The full website URL (found in the search bar at the top of your browser).
Sometimes, other browser extensions or software installed on the computer can conflict with Keeper. Common examples are products which filter web content, block popups or perform any sort of website traffic manipulation.
If you are experiencing a strange issue with your KeeperFill browser extension, we recommend turning off all of your other 3rd party extensions to determine if there is a conflict. If you find a conflict, please provide this information to Keeper support.
This video explains how to capture errors from the KeeperFill extension when working with the support team.
If you are unable to login to the KeeperFill Chrome extension, a reset of the extension may be required. To reset your KeeperFill Chrome extension, follow the below steps:
Open Chrome and select Chrome > Settings > Extensions
From the Keeper extension, select Details > Extension Options
Click on "Clear All Storage"
Restart Chrome
If you are unable to login to the KeeperFill Safari extension, a reset of the extension may be required. To reset your KeeperFill Safari extension, follow the below steps:
Open Safari and select Safari > Settings
From the Keeper extension, select Settings
Click on "Clear All Storage"
Restart Safari
This guide provides a look at the benefits and features of KeeperChat, Keeper's secure messaging solution.
Keeper's secure messaging solution, KeeperChat, allows you to chat with friends, family member and colleagues with peace of mind knowing you are in control of the content you share and who you share it with. KeeperChat has best-in-class security with end-to-end encryption for messages at rest and in transit. KeeperChat runs on a variety of devices and platforms including Android, iOS, Windows, and Mac OS. Download KeeperChat from the Google Play or App Store.
Like your passwords, your private messages are stored in a secure, digital vault which can be accessed using the same credentials or biometric login method (Fingerprint or Face ID) you use to login to Keeper Password Manager.
For increased security, two-factor authentication is available, providing an extra layer of protection against unauthorized access.
Just like our password encryption technology, Keeper protects your messages with zero knowledge, 256-bit AES encryption security architecture.
Self-destruct timer and message retraction remove unwanted or sensitive messages and files without a trace.
Message history and chat threads automatically sync across all your devices.
Securely share sensitive photos and videos with complete privacy. Photos and videos are saved to your private gallery without leaving a trace on your camera roll.
KeeperChat is free to use with all features. To access additional storage, unlimited self-destructs, and unlimited message retraction, upgrade to KeeperChat Plus.
Access Two-Factor Authentication and Biometric Login Settings by navigating to KeeperDNA.
Before sending your message, tap the timer icon and use the slider to set the self-destruct timer.
To retract, edit or set the self-destruct timer for a message that has already been sent, long press (or click) on the message and make a selection from the generated menu.
Navigate to the Gallery to upload and securely share sensitive photos and videos.
Select the create chat icon and then select Start a Group Chat to add contacts.
Privately communicate and collaborate with groups of friends, family members and coworkers.
For Business & Enterprise customers, KeeperChat supports team messaging and is integrated into the team management from the Admin Console.
User guide for BreachWatch on Keeper's Web Vault & Desktop App.
BreachWatch is a powerful, secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper Vault. BreachWatch delivers the most in-depth monitoring available to the public with a database of over a billion records while upholding Keeper's state-of-the-art, zero-knowledge security architecture.
BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.
To sign up for BreachWatch from Keeper's Web Vault or mobile app, navigate to the BreachWatch screen and follow the on-screen prompts. You can also purchase BreachWatch directly from the Keeper Security website. After signup, BreachWatch performs a local scan of passwords that are currently stored in your Keeper vault.
Once activated, BreachWatch will prompt the user on their device to Resolve the high risk password by changing it at the affected site and updating the corresponding record in their Keeper vault. If you Ignore the notification, then that record will be skipped on future scans until the password is reset. The user may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.
BreachWatch performs unlimited security scans of your passwords on all devices.
Users are automatically alerted to take action if any of the passwords in their vault have been used in a publicly known breach that could leave them vulnerable to a credential stuffing attack, or an account takeover.
BreachWatch continuously monitors for compromised credentials. Tracking over a billion known passwords while continuously adding new information as breaches are discovered on the dark web.
Keeper reports the latest scan date and time as well as tracks the resolution history of every breached password for historical auditing.
To start your BreachWatch scan, click BreachWatch in the left navigation menu, then click Let's Begin > Scan.
BreachWatch will then scan your records and report any risks associated with them. Clicking each record listed will allow you to view the steps needed to Resolve each risk. Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper Vault with the same password.
Security Audit provides password security strength reporting in your vault.
The Security Audit screen gives the passwords stored in your vault an overall security score based on password strength. You can clearly view information about each record's password strength and reuse from this screen.
The calculation of password strength and reuse is performed continuously from your vault across all platforms including Keeper Desktop, Web Vault, iOS and Android devices.
Keeper's password "strength" is a calculated score based on the complexity of the password, with a score rating between 0 and 100 according to the metrics below:
Very Weak: < 20 Weak: 20-40 Good: 40-60 Strong: 60-80 Very Strong: 80+
For more information on how Security Scores are calculated, visit the following page:
You can easily view a record that contains a high-risk password by clicking on it from the provided list. To resolve the risk, you will be directed to change the password at the record's website and then update the corresponding record in your vault.
Click here to learn how to easily change your passwords using Keeper's browser extension, KeeperFill.
Give trusted family and friends access to your Keeper Vault.
Give trusted family and friends access to your Keeper Vault in the event of an emergency or loss of life. You can designate up to five emergency contacts and decide how much time should pass before their access is granted.
Please note, the Emergency Access feature is only available for consumer accounts.
From the Account Dropdown Menu (your email address), select Account > Emergency Access.
Click Trusted Users and enter the email addresses of up to five contacts (Keeper users). Optionally, select a "Delay Access" duration from the dropdown menu for each user, then click Send.
The amount of time between your request to provide emergency access and access granted can be set up to three months per contact. If a delay is configured, the countdown begins the moment the trusted user attempts to login to your vault.
In order for the recipient to accept the request, you must first establish a "sharing" relationship if one hasn't already been established through Keeper's record/folder sharing features.
If prompted, click Send Invite.
If the recipient is not an existing Keeper user, they will receive an email inviting them to sign up for a Keeper account. Once they sign up and login to their account, they can accept the sharing relationship request.
Once the recipient accepts your sharing request, you will need to invite them to be your emergency contact once more from the “Emergency Access” section of your vault. This step is not necessary if a sharing relationship has previously been established.
Once a sharing relationship has been established, the recipient will notice a red notification indicator has appeared in the "Emergency Access" section of their Account screen. By clicking My Access they can Accept or Decline emergency access to your account.
Once accepted, clicking Login will allow them to access the account they have been granted access to (once the access delay has passed, if enabled).
To view the status of your emergency access invites click Account > Emergency Access > Trusted Users. From here, you can also delete your emergency contacts at any time.
User guide for Keeper's Secure File Storage for Web Vault & Desktop App, iOS and Android.
Keeper offers Secure File Storage to protect your confidential files, photos, and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper vault.
Files are encrypted during the upload process and the user holds the encryption key for complete privacy and security. Users also have the ability to securely share files with other Keeper users via record sharing, making Secure File Storage the best way to save and transfer the most sensitive of information.
Just like our password encryption technology, Keeper protects your confidential files with 256-bit AES encryption using record-level keys.
Secure file storage is available across all of your devices as a Secure Add-on, including iOS, Android, Web Vault and Desktop App.
Files can be easily and securely shared with other Keeper users, from vault-to-vault.
Like your other Keeper records, you can set sharing permissions for records that contain your secure files (can edit, can share, can edit & share, and read only).
File sizes are supported up to 100MB for Web Vault, 5GB for Desktop App and Android and iOS is limited to overall storage available for the user account (with no limit for individual file upload).
From within the vault, users can either create a new record or add a file or photo to an existing record. While editing a record, click Files or Photos to upload your file, or simply drag and drop the file directly into your vault. Once the upload is complete, click Save.
By clicking the download icon next to the file or photo within a record, you can quickly View or Download it.
Users also have the ability to securely share files with other Keeper users via record sharing, making Secure File Storage the best way to save and transfer the most sensitive of information. Within the record, Share then enter the email address(es) of the other Keeper users you would like to share the record with.
To learn more about sharing, click here.
Secure File Storage is also available for iOS and Android. You can either add an attachment to any existing record or create a new record using the "File Attachment" record type. Within the record, tap Add Files or Photos to upload your file.
Users also have the ability to securely share files with other Keeper users via record sharing, making Secure File Storage the best way to save and transfer the most sensitive of information. While viewing the record, tap Share > Share with User and enter the email address(es) of the Keeper users you would like to share the record with.
This guide provides an overview of Keeper's Family Plan, including how to sign up, invite family members and accept account invitations.
Families share nearly everything – documents, photos, videos, website accounts, bank info, social media, security system codes and personal identification numbers. Keeper Family Plan allows you to securely store and share this information between family members with ease.
The major features and benefits that are included with the Keeper Family Plan:
Up to 5 Family Members with Private Vaults
Minimum 10GB Secure File Storage
Unlimited Password Storage
Unlimited Devices & Sync
Secure Record Sharing
Signing up for Keeper Family Plan is easy and can be done by visiting our Family Plan page, simply click "Buy Now" to get started. You will then be asked to enter your email address which will be used to create and login to your Keeper account.
At the checkout page, you can make the following customizations to your plan:
Subscription Term
Base Plan
Recommended Add-Ons: Secure File Storage (10GB, 50GB, 100GB), KeeperChat and BreachWatch
Upon submitting payment, check your inbox for an email from Keeper Security inviting you to create your Keeper account.
Once you have logged into your Keeper account, inviting family members to join is easy and can be done from a desktop (Web Vault, Desktop App) or mobile device (iOS, Android).
From your Account Dropdown click Account > Subscription > Manage.
Your available/remaining number of family invites will be listed on this screen.
Enter the email(s) of the family member(s) you would like to invite, then click Send. This will generate an email inviting the user to setup their private Keeper account.
Once sent, you can view the status of each invite and click the more options icon (three horizontal dots) to resend or delete the invite.
If someone in your family has invited you to join Keeper, will receive an email from Keeper Security, (Subject: Keeper Invitation) inviting you to set up your own, private account.
To set up your account, click Get Started.
You will then be directed to Keeper's "Create Your Keeper Account" page.
To create your Keeper account, first enter your email address then you will be asked to create and confirm a Master Password which will be the only password you have to remember. We recommend that you choose a strong Master Password that is only used for Keeper -- don't forget your Master Password!
To finalize your account and proceed to your vault, you will be asked to enter the security verification code that was sent to your email.
Once you have created your account, use our Quick Start Guides to help you set up your new Keeper account.
Once an invited family member has created a Keeper account, records can be shared with them.
To share a record, simply click Share.
Enter the email address(es) of the family member(s) you would like to share the record with or select their email(s) from the dropdown menu.
To learn more about Sharing, click here.
While Keeper Family Plan is perfect for families, Keeper Business Plan is best suited for your business organization. Keeper has purposefully created different plans to fit the unique needs of all types of users. That is why Keeper has a dedicated Business Plan, specializing in protecting companies of all sizes across every industry.
Only Keeper for Business/Enterprise offers the following world-class features, specifically designed for business environments:
Shared Team Folders
Enforcement Policies
Security Audit
Role-Based Access
Activity Reporting
Team Management
Unlimited Users (billed per user)
To learn more about Keeper for Business click here.
Installation instructions for KeeperFill for Chrome, Brave and other Chromium-based browsers.
Visit the link below to install Keeper Password Manager & Digital Vault from the Chrome Web Store.
In order for Keeper to be visible in your toolbar at all times, click on the puzzle icon and then the pin icon next to Keeper Password Manager.
Keeper needs to be enabled on all sites by default. To confirm, navigate to the extensions options screen. Site access should be enabled "On all sites".
Next, we recommend you disable Chrome's built-in password saving features. Navigate to: chrome://password-manager/settings and ensure all autofill features are disabled.
Installation instructions for KeeperFill for Firefox.
Visit the link below to download Keeper Password Manager & Digital Vault from Firefox Browser Add-ons.
Once installed, the Keeper icon will appear in the upper right corner of your web browser window.
Next we recommend you disable your browser's built-in password saving features:
In the upper right corner of your browser click on the Menu Icon (3 horizontal lines) and select Settings > Privacy & Security.
Under "Logins and Passwords", uncheck the box next to "Ask to save logins and passwords for websites".
To ensure you are using the latest version of KeeperFill and allow Keeper to run in private windows, enable both of these settings (pictured below) from the Keeper extension menu. Right-click on the Keeper extension icon in the upper-right corner of your browser window and select "Manager Extension".
Private mode on Firefox only currently works if you login from the Web Vault. Logging in directly from the browser extension will not login to Keeper.
Installation instructions for KeeperFill for Edge.
Visit the link below to download Keeper Password Manager & Digital Vault from Microsoft Edge Addons.
In order for Keeper to be visible in your toolbar at all times, click on the extensions puzzle icon then click on the eye icon next to Keeper Password Manager to "Show in Toolbar".
Next, we recommend that you disable Edge's built-in autofill features.
Click on the Edge menu icon and select Settings and under "Microsoft Wallet".
Click Passwords > Settings.
Disable "Offer to save passwords" and "Autofill passwords and passkeys".
Installation instructions for KeeperFill for Opera.
Installation and usage instructions for the KeeperFill extension on Safari.
(1) Visit the link below to download Keeper for Safari from the Mac App Store.
(2) Open your Safari browser and navigate to Safari > Preferences > Extensions.
(3) If you have an existing KeeperFill extension, uninstall it.
(4) Activate the newly downloaded Keeper Password Manager extension by clicking the checkbox.
(5) At some point you will be asked for permissions. Make sure to select "Always Allow on Every Website" so that Keeper can work across websites that you visit.
(6) Now the KeeperFill extension should be displayed in your browser toolbar. However, you may need to restart Safari in order for the Keeper icon to appear.
(7) We recommend that you disable Safari's built-in autofill features. Open Safari > Preferences > AutoFill and disable "user names and passwords".
It is important to allow Keeper to operate on all websites. This permission allows Keeper to autofill passwords and save passwords on the sites you login to. Keeper is a zero-knowledge product and does not monitor, store or track any site you visit, or your browsing history. See our Privacy Policy with any questions or concerns.
Crash after install: If a user installs Keeper for Safari on both M1 Mac and Intel Mac at the same time via the "Share Across Devices" feature of Safari, it may require taking the following action:
Open your Safari browser and go to Safari > Preferences > Extensions.
Disable and enable the Keeper for Safari extensions.
Try to launch Keeper again.
User guides for the KeeperFill Browser Extension for Chrome, Brave, Firefox, Safari, Microsoft Edge, Opera and other Chromium-based browsers.
KeeperFill is Keeper’s powerful, autofilling browser extension. Once you install the Keeper Browser Extension, you can conveniently autofill your logins, passwords, passkeys and save new records that you create to your Keeper Vault. The KeeperFill browser extension is available for every web browser including Chrome, Firefox, Safari, Edge, Opera and other Chromium-based browsers.
Below you will find browser-specific installation and setup instructions. Instructions will vary across different browsers and operating systems.
Other Chromium-based browsers such as Brave
Click here to skip the install section and jump to the main content.
How to provide information to Keeper support for fixing Autofill issues
If you're experiencing an autofill issue on a particular site, this page describes how to provide the support team with information to help resolve the problem. This information allows the support team to assist with solving autofill issues on websites which may not be easily reproducible by Keeper staff.
From time to time, a username or password field may not properly autofill on a site. This can occur when a field name is not standard and Keeper does not recognize the field as an autofill field. In most cases, a username field is named "username" or something similar and a password field is named "password" or something similar. When field names are non-standard, you can adjust a record's custom fields to allow the field to autofill correctly on a particular site.
The following example will cover a scenario where a password field did not properly autofill.
(1) Right click on the field that is not properly autofilling with Keeperfill and choose Inspect.
(2) A window will appear showing HTML code with the password field element highlighted. Locate the name attribute, double click the value to highlight, and copy the value. In the below example, the value we want to highlight and copy is "FakePWField123".
In this example, we are creating a custom field for a password, but you can create a custom text field for any type of field, including username. A very common use case will be to use this functionality for autofilling reward program numbers or other less commonly used fields.
(4) Copy or enter your password into the new custom field and save the record. The resulting record should look like this:
(5) Return to the site and refresh the page. In most cases, the problematic field should now autofill. If it does not autofill after completing these steps, please proceed to the next section to report your autofill issue.
To solve a website autofill issue that cannot be corrected with the custom field method, we need the following information:
Website Address (e.g. amazon.com)
Description of the problem
Screenshot or video
DOM inspection screenshot of ALL form field elements which do not work
Providing the DOM inspection of field elements can be accomplished using the steps below (using Chrome):
(1) Right-click on each field on the page and select Inspect
Right-clicking the form field element and clicking "Inspect" will open the web browser HTML inspector view.
(2) Screenshot the HTML content for the field
When the Inspection window opens, it will highlight the field HTML content in blue, as seen in the screenshot below. For each form field that is not recognized, capture the screenshot of the HTML in the inspection window.
(3) Send this information to Keeper Support
Please provide this information in your support ticket or email feedback@keepersecurity.com to report the issue. Please ensure that the screenshots do not contain any private or confidential information.
How to store and manage your passkeys with Keeper
A passkey is a cryptographic key that lets you log in to your accounts and apps without having to enter a password or a second factor. Passkeys are phishing-resistant.
Storing passkeys in your Keeper Vault allows them to be used across different browsers and operating systems. They can also be shared with other users like any other record in your vault.
To create and save a passkey for a site, typically you'll need to visit the "Security" or "Account Settings" screen of the website. In the below example, we'll be showing Best Buy.
When clicking the "Create a Passkey" button, Keeper will intercept the request and ask you to save the passkey to your vault.
The next time you visit a website that supports passkey login, locate the "Sign in with a Passkey" or similar action button on the site, then click Use Passkey in the KeeperFill window to login. Sometimes you'll first need to enter your email address and the site will prompt you for a passkey login selection.
In the case of Best Buy, clicking on "Sign in with a Passkey" initiates the passkey login process with Keeper. Click on "Use Passkey" and you'll be logged in.
That's it! Using a passkey with Keeper and supported websites is very straightforward for sites that support it.
In the Keeper Vault, you will see a Passkey field attached to the record. The Passkey field contains several pieces of information:
Date the passkey was created
Username
Relying party (website or app)
Passkey records can be managed in your vault, placed in folders or shared with other users.
Passkeys on mobile devices, a highly anticipated feature for enhanced security and convenience, is now available on Android devices running Android 14 and Apple devices running iOS 17. This update marks a significant enhancement in our mobile applications capabilities, offering users an even more secure and streamlined experience.
Passkeys are available on Android 14+ and iOS 17+
Open Chrome or Chromium based browser on your Android device.
Enter chrome://flags into the address bar.
In the flags page that opens, tap the search box and search for "M124".
Under "Temporarily unexpire M124 flags" select Enabled from the dropdown menu, then click the Relaunch button that appears at the bottom of the browser.
Next, enter "Passkeys" in the search bar.
Under "Android Credential Management for passkeys" select Enabled for Google Password Manager and 3rd Party Passkeys from the dropdown menu, then click the Relaunch button that appears at the bottom of the browser.
Launch the Settings app on your iOS device and select Passwords.
Next, choose Password Options.
Toggle ON AutoFill Passwords and Passkeys.
Then tap Keeper so a blue tick appears. If you have used Autofill before, iCloud Passwords & Keychain may have a blue tick as well. For optimal accuracy when using Keeper for Passkeys, make sure to tap iCloud Passwords & Keychain to remove it as an option.
We're excited about the future of passkeys. Here's our plan for passkeys this year:
Support on desktop web browsers is now live
Launch of Web Vault and Desktop App support for passkey management is now live
Launch of passkey autofill on Android 14 is now live
Launch of passkey autofill on iOS 17 is now live.
We would love to hear your feedback on passkeys. Please email our team at feedback@keepersecurity.com.
This guide provides basic troubleshooting solutions to some of the more common questions users may have.
The proceeding pages in this section are dedicated to various troubleshooting guides. Have a suggestion? Email our team at .
Please note that if you forget your master password and lose your recovery phrase, you will not be able to login to your vault and Keeper Support will be unable to help you regain access.
If you have forgotten your master password and have lost your recovery phrase, please create a new account. To create a new account with the same email address, please reach out to for assistance.
If you would like to change your master password from the Web Vault & Desktop App, click the account dropdown menu (your email), select Settings and next to "Master Password" click Reset Now. You will then be prompted to enter your current master password and create and confirm a new master password.
If you are able to log into Keeper's mobile app using Biometrics, you can reset your master password without having to enter your current master password. Navigate to Settings > Reset Master Password and authenticate with Biometrics.
To change your master password on iOS and Android devices, from Settings, scroll down and tap Reset Master Password. You will then be prompted to enter your current master password (unless Biometrics is enabled and you are authenticated), then create and confirm a new master password.
Upon initial vault login, new users will be prompted to set up Account Recovery. Click Generate Recovery Phrase to begin.
Once your recovery phrase has been generated, be sure to store it in a safe place. For added convenience, you will be given the option to copy or download it. Check the box to acknowledge you have stored it in a safe place and click Set Recovery Phrase to complete the setup.
Please note that if you forget your master password and lose your recovery phrase, you will not be able to login to your vault and Keeper Support will be unable to help you regain access.
After their initial login, users are asked if they would like to set up Account Recovery using an account recovery phrase. This is especially important if you forget your master password during the account recovery process which is based upon an account recovery phrase, backup verification code (sent via email) and two-factor Authentication code (if enabled).
In addition to enabling an account recovery phrase, we recommend turning on Keeper's two-factor authentication feature from your account's "Settings" menu.
Account Recovery will be automatically available to all users who have signed into Keeper after August 2015. To setup Account Recovery, simply open Keeper through the Web Vault, iOS, Android or Desktop app and from the login screen, select Forgot Password. Keeper will then walk you through a few steps to change your master password and recover your account. These steps will include a series of prompts requesting the following actions:
Enter your email address to initiate the account recovery process
Enter a backup verification code
Enter your account recovery phrase
Enter your two-factor verification code (if enabled)
Enter a new master password
If you know your master password and would simply like to setup Account Recovery, from the account dropdown menu (your email) select Settings > Recovery Phrase.
User guides for the KeeperFill Browser Extension for Chrome, Firefox, Safari, Microsoft Edge, Opera and other Chromium-based browsers.
Most users can log into the KeeperFill browser extension with their email address and master password. If you are part of an Enterprise rollout, you may be directed to log in with your Enterprise SSO login credentials.
When you log in or out of your Keeper Web Vault you will be simultaneously logged in or out of KeeperFill and vice-versa.
For customers who log in with SSO, typically entering the email address will route to the corresponding identity provider login screen. If your Keeper administrator requires a specific Enterprise Domain entry, click on Enterprise SSO Login.
If Keeper does not automatically route you to the proper data center location or identity provider, please contact your Keeper administrator.
For GovCloud customers, ensure that the "US (GOV)" region is selected.
By default, users are logged out of Keeper if their browser window closes, or if their computer restarts. Keeper's "Stay Logged In" feature allows you to remain logged into Keeper for a configurable duration.
To enable Stay Logged In, click the options icon > Settings > Security, then enable "Stay Logged In Between Session".
Keeper recommends that you also set the "Inactivity Logout Timer" which automatically logs you out of Keeper after a period of inactivity. You can set this timer to the duration you prefer (minutes, hours, or days) and the timer will resume even once you close your browser.
Records now conveniently appear directly on the home screen as a list, with “suggested records” at the top to easily fill the credentials that match the website you're on.
Select a record to view all its details and from the top of the record, you can conveniently take common actions like filling, launching, sharing, editing, or favoriting a record.
Vault records appear directly on the browser extension home screen, making it quick and easy to find exactly what you are looking for.
Easily fill credentials with suggested records that match the website you're on. Favorite records will appear on top when more than one suggested record is shown.
Sort records by most recently used, name, or date modified. Filter by favorites, record type, and more.
The KeeperFill Browser Extension allows you to autofill your passwords and save new login credentials you create to your vault.
If it's the first time you are logging into a site with KeeperFill, you will be asked if you would like Keeper to autofill your login.
Keep in mind, you must already have created a Keeper record for this site containing the website address for Keeper to recognize, match and fill your login. Upon clicking Yes, your credentials will be autofilled into the login form and you will be logged in.
Records appear directly on the home screen as a list, with “Suggested Records” at the top to easily fill the credentials that match the website you're on. Select the record, then click Autofill to fill the credentials into the site's log in form.
The KeeperFill toolbar provides easy access to all of your vault records You can quickly search for a website login or anything else stored in your vault. The search feature is case insensitive and will match any record within your vault as you type.
When logging into a website, KeeperFill will provide a list of matching records. The matching is performed by looking at the "Website Address" field of the record as well as the custom fields.
The list of matching records is determined by looking at the URLs stored within your Keeper record. Once the list is generated, a series of logical steps determines the sort order of the selection list and which specific record is selected as the default choice.
(1) If the page you're visiting has a subdomain (e.g. xyz.google.com), then Keeper first looks at the subdomain for the closest match in your vault records. The best matches are sorted by the last time they were used.
(2) After checking subdomain, Keeper looks at the "path" information (e.g. xzy.google.com/some/path) and compares it to the path stored within your Keeper record. The best matches are again sorted by the last time they were used.
(3) If the page contains an email address on the screen (such as a pre-filled email field) then Keeper will pre-select the record from the subdomain and path criteria which contains the email field.
With KeeperFill, there are multiple paths to create a new record and save it to your vault.
You can quickly create a record from the KeeperFill toolbar at any time by clicking the yellow plus button. If you have no suggested records for the website you are on, Keeper will display an Add Record button instead. Click this button to "quick add" a record by auto-generating its "Title" and "URL" based on the website you are visiting.
Alternatively, you can create a new record from a website's "account creation" or "sign in" page by selecting the Keeper icon in the form field. On "account creation" pages, click the Create a Record or Add to Keeper button that appears to be routed to a secure Extension Tab, where you can create a new vault record. On "sign in" pages, the same Create a Record and Add to Keeper buttons will appear if you have no matching records for that website.
If you do have matching record(s) and you'd like to create a new record, use the options menu in the prompt that appears to begin creating a new record in the secure Extension Tab.
When you begin creating a record in Keeper's Extension Tab, the record "URL" and "Title" will be auto-generated. If you entered any data into the site's username or password fields before opening the Extension Tab, those values will be automatically populated into the new record form as well.
Upon reviewing and saving the record details, the Extension Tab will close and you will be automatically routed back to the website you came from. For additional convenience, Keeper will auto-fill the username and password fields on this website, if they are not already populated.
The Extension Tab is a new security feature that eliminates risk of third parties mimicking Keeper's user interface to trick users into providing sensitive information.
A passkey is a cryptographic key that allows you to log into your accounts and apps without having to enter a password or second factor.
Storing passkeys in your Keeper Vault allows them to be used across different browsers and operating systems. They can also be shared with other users like any other record in your vault.
Passkeys can be used as a replacement for any FIDO2 security key for either first factor or second factor login to supported websites.
To create and save a passkey for a site, typically you'll need to visit the "Security" or "Account Settings" page of the website.
Upon clicking "Create Passkey" at the desired site, Keeper will intercept the request. Click Create Passkey to create and save the passkey to your vault.
The next time you visit a website that supports passkey login, locate the "Sign in with a Passkey" or similar action button on the site, then click Use Passkey in the KeeperFill window to log in.
Long, random passwords that are created for each account help protect your information and reduce your exposure to data breaches. Alternatively, by combining multiple words, passphrases are an even more secure alternative to traditional passwords.
Keeper's password generator can create and securely store strong, random passwords or passphrases for all of your sites and apps.
Generate a Password
To begin, click the dice icon within a new or existing record. You can customize your password by character length (8-99 characters) and choose to include lowercase and uppercase letters, numbers and symbols.
Check the box at the bottom of the toolbar if you'd like to make your selections the default setting for all passwords moving forward. Select Use Password to update the record or Copy Password to copy it to your clipboard.
Generate a Passphrase
Click the dice icon within a new or existing record and from the dropdown menu next to "Type", select Passphrase.
You can customize your passphrase by setting the length, including capitals and numbers in the passphrase and choosing from various symbols to separate the words.
Passphrases can be up to 20 words long, with a minimum length of 5 words and each word including at least 3 characters.
Check the box at the bottom of the toolbar if you'd like to make your selections the default setting for all passphrases moving forward. Select Use Passphrase to update the record or Copy Passphrase to copy it to your clipboard.
Alternatively, you can generate a standalone password or passphrase by clicking the Options Menu > Password Generator.
To view your password/passphrase history, click the clock icon within the generator screen. Hover your cursor over a password to either view it or copy it to your clipboard.
Your password generator history can be cleared at any time by clicking Clear History.
Password Enforcement Policies (Business/Enterprise Users)
The password generator on end-user vaults will adhere to the minimum character length, minimum number of lowercase/uppercase/numbers/symbols and allowed list of symbols as defined by your Keeper Administrator.
The passphrase generator on end-user vaults is enabled by default, but can be disabled by your admin. Passphrases will adhere to the minimum number of words and can be configured to include capital letters and numbers. The separators between words will be selected from the list of allowed symbols.
KeeperFill makes it easy to change your passwords. When a user visits a site's "Change Password" page, you will receive a prompt from Keeper asking if you would like help changing your password. By clicking Yes, Keeper will run a wizard that walks you through a few quick steps to change your password and simultaneously update the record in your vault. These steps will include a series of prompts detailing the following actions:
Autofill your old/current password
Automatically generate and autofill a new secure password
Confirm the changes and save them to your vault
Keeper can automatically fill custom fields into login forms. From the Keeper Web Vault, create a custom field in your record, ensuring the label matches that of the field you want to fill. (e.g. "Last 4 digits of SSN").
You can also fill the the custom field value via the fill window.
If you prefer to use keyboard shortcuts instead of mouse clicks to autofill your passwords, follow the steps below:
Navigate to the site you would like to log in to.
To open the KeeperFill extension, enter shift+command+K (Mac) or Alt+K (Windows).
In the field provided, enter your search terms.
Use the up and down arrows on your keyboard to find and select the record you are searching for.
Use the enter/return key to open the record details and shift+enter/return keys to launch and fill a record.
You can modify the shortcut command to your preference in your browser's extension settings.
Upon autofilling your username and password via KeeperFill, when prompted, a stored two-factor code will also be autofilled into the field provided.
Alternatively, you can click the copy icon next to the code and paste it into the field provided.
Storing two-factor codes in your Keeper Vault has several advantages:
Keeper two-factor codes are more secure than using SMS text messages.
Two-factor codes stored in Keeper are protected with strong zero-knowledge encryption.
They can be auto-filled quickly while logging in to a site, saving time and reducing friction.
Keeper records are securely backed up so if you lose a device you don’t have to reset all the codes.
Keeper records are shareable. If you have multiple people that need to log in with the same credentials, they won’t need to track down the person who has the only device containing the code.
From the fill window you can view and fill the payment cards and addresses that are stored in your vault.
KeeperFill is fully integrated with your browser's right-click context menu and offers an alternative filling method. Simply right-click on a login field to produce a context menu. Select Keeper to fill logins, two-factor codes, payment cards, addresses and create and edit records.
For security reasons, only records with a matching domain name for the site you visit will display in the menu of autofill options.
All your KeeperFill tools and settings are consolidated in an easy to use Options Menu found in the upper right corner of the KeeperFill toolbar.
The Settings Menu covers everything from security settings, appearance, autofill and autosubmit functionality, the various KeeperFill prompts, and much more.
Users can customize their viewing experience with the ability to expand the extension window via “Landscape Mode”. The dual-pane window allows you to view your record details and records list at the same time – providing seamless access to what you need most.
You can easily switch between “Landscape” and “Portrait” mode with a single click of a button on your extension toolbar.
Users have the option to entirely disable form field icons – these are the Keeper icons that appear within website login fields. This will allow you to disable the icons without disabling KeeperFill’s autofill and auto submit functionality.
If "Autofill on page load" is enabled, Keeper will automatically fill a matching record into the login fields of the website. Users can enable this feature on an individual record basis.
If "Autosubmit After Autofill" is enabled, Keeper will automatically submit the form and log in to the website after autofilling your username and password. Users can enable this feature on an individual record basis, or universally enable it for all of your records within KeeperFill's Settings Menu.
With the accessibility setting, users have the ability to control tabbing behavior and focus on the Keeper icon within form fields.
Select the Options Menu > Settings > Accessibility to disable this setting, preventing focus on the Keeper icons when tabbing through form fields with keyboard controls.
The "Match on Subdomain" setting enables KeeperFill to differentiate a record's subdomain (if present) from its domain. In doing so, Keeper will only display records matches based on strict subdomain matching to the website you are currently visiting.
Example: If a user has a record with a website address containing a subdomain and domain such as "subdomain1.company.com" and another record with the website address containing only the domain "company.com" and attempts to log in to "subdomain1.company.com, the only record match that will appear is "subdomain1.company.com".
To enable this feature, select the Options Menu > Settings > Match on Subdomain.
(Chrome, Safari, Firefox, Edge)
Along with your account type (e.g. enterprise, business, personal, etc.), email screenshot(s) to: and someone from our Support Team will be in touch with you.
(3) In the Keeper record for the site, add a . The label name in our example should be "FakePWField123". Enter the label and click Save.
Passkeys only work on websites and applications that have been specifically built to support them. is pretty small right now, but it will grow over time.
Passkeys as a primary login factor only work on websites and applications that have been specifically built to support them. is growing every day.
To learn more about Keeper and Passkeys, including Passkeys for mobile, .
This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password. Click to learn how to easily change your password with KeeperFill.
For more information on record password enforcement policies, please see our .
This guide provides access to our top "tips & tricks" and assists users in optimizing their experience with Keeper on both desktop and mobile devices.
The proceeding pages in this section are dedicated to various FAQs, site-specific guides and other tips & tricks. Have a suggestion? Email our team at feedback@keepersecurity.com.
Recommendations for protecting access to your vault
At the foundation, Keeper is an encryption platform with policies and controls in place to protect customer data. In this security model, the customer is also responsible for protecting access to their vault by following recommended security practices. This document outlines key recommendations that will help you secure the data stored within your vault.
For customers who login to Keeper with a Master Password, the key to decrypt and encrypt the Data Key is derived from the Master Password using the password-based key derivation function (PBKDF2), with 1,000,000 iterations by default. All customers who login to the vault are automatically migrated to 1,000,000 iterations.
After the user types their Master Password, the key is derived locally and then unwraps the user's 256-bit AES Data Key. After the Data Key is decrypted, it is used to unwrap the individual 256-bit AES record keys and folder keys. The Record Key then decrypts each of the stored record contents locally.
Keeper implements several mitigations against unauthorized access, device verification, throttling and other protections in the Amazon AWS environment. Enforcing a strong Master Password complexity significantly reduces any risk of offline brute force attack on a user's encrypted vault.
The National Institute of Standards and Technology (NIST) provides password guidelines in: Special Publication 800-63B. The guidelines promote a balance between usability and security; Or in other words, passwords should be easy to remember but hard to guess. The NIST instruction recommends an eight character minimum but a higher value will ultimately result in a harder to guess/crack password. Keeper enforces a minimum of 12 character master passwords.
2FA can be added to any consumer or business account. Business customers can enforce the use of 2FA with various levels of control and security options. The 2FA step comes before the Master Password entry. Performing the device verification and 2FA step prior to the Master Password entry phase offers mitigation of several attack vectors including brute force attack, password testing and account enumeration.
To activate Two-Factor Authentication, visit the Settings screen of the Keeper Web App, Desktop App or mobile application.
Keeper also supports FIDO2-compatible WebAuthn hardware-based security key devices such as YubiKey and Google Titan keys as a second factor. Security keys provide a convenient and secure way to perform two-factor authentication.
Access to your email account is a key component in the overall security of your personal information. Ensure that your email account uses a strong auto-generated password created by Keeper. And ensure that you are protecting your email account with multi-factor authentication. Follow the steps provided by your email provider to lock down your account with the most restrictive methods possible.
We recommend that customers protect email accounts using a hardware-based Yubikey or Google Titan key when possible. If this is not available from your email provider, or if you don't own a Yubikey device, the next best thing is using a TOTP code generator.
Keeper supports the ability to store TOTP codes for logging into your email account or other service. To learn more about protecting TOTP codes in your Keeper Vault, click here.
While using SMS as a two-factor authentication setting is better than having nothing at all, we don't recommend relying on SMS due to well documented SIM swapping attacks.
As a general security practice, we recommend that our customers be very cautious with installation of 3rd party browser plugins / browser extensions, such as ad blockers, coupon tools and other "helpful" utilities. Many browser extensions request elevated permissions which have the ability to access any information within any website or browser-based application that you visit. Make sure you fully trust the company who developed the browser extension, and look for their security certifications before you install it.
If you have any other security related questions, feel free to email our team at security@keepersecurity.com.
Accessing KeeperFill on Internet Explorer
From the Microsoft website: "Since 1/12/16, Microsoft no longer provides security updates or technical support for old versions of Internet Explorer."
Although Keeper maintains the Internet Explorer 11 extension, we recommend that customers stop using IE or consider the latest Microsoft Edge with "IE Mode" as documented here: https://docs.microsoft.com/en-us/deployedge/edge-ie-mode. If you still require the use of IE for legacy applications, please see the instructions below.
KeeperFill for IE installer is only available on request. After installing Keeper for Internet Explorer, you may need to perform the following actions:
Exit and restart the browser to activate Keeper.
Right-click along the top bar and ensure Command bar is selected for display.
Open Internet Explorer, click on the Tools icon, then Internet Options.
Click the Content tab.
Under "AutoComplete", click on Settings.
Disable 'User names and passwords on forms".
Open Internet Explorer, click on the tools icon, then Internet Options.
Click on the Advanced tab.
Under the "Security" section, ensure that enhanced protected mode is disabled.
Under the "Browsing" section, Enable third-party browsing extensions.
IE11 - Trusted Sites Policy
Customers who login to Keeper with SSO, or customers who are on corporate networks that deploy group policies for Internet Explorer, ensure that the following entries exist in your Trusted Sites settings under Tools > Internet Options > Security.
US / Global Customers:
keepersecurity.com
*.keepersecurity.com
US Public Sector / GovCloud:
govcloud.keepersecurity.us
*.govcloud.keepersecurity.us
EU Data Center Customers (Dublin, Ireland):
keepersecurity.eu
*.keepersecurity.eu
AU Data Center:
keepersecurity.com.au
*.keepersecurity.com.au
CA Data Center:
keepersecurity.ca
*.keepersecurity.ca
JP Data Center:
keepersecurity.jp
*.keepersecurity.jp
Enterprise customers must push group policies to end-users with these Trusted Sites in order to fully function with SSO and other critical features.
Helpful info for website developers
If you are a website developer and your users are experiencing a compatibility issue with Keeper's browser extension, please follow the steps below.
Keeper uses pattern matching to determine if a field should display a lock icon. If a lock icon is showing on a form field in error, you can supply a CSS class of keeper-ignore
to your form element. For example:
Troubleshooting instructions for troubleshooting vault issues.
Please follow the steps below to provide Keeper Support with information to assist vault related errors.
(1) Using Chrome browser, open the Web Vault at: https://keepersecurity.com/vault
(2) Click on View > Developer > Developer Tools.
(3) Login to your Keeper Vault.
(4) On the Developer Tools window, click on the "Console" tab and check for any errors in red.
(5) If there are errors, take a screenshot and/or copy-paste the information for the Keeper Team.
How to clear the browser and extension cache to reset Keeper on your device.
If you would like to reset Keeper on your web browser, please follow these steps.
Open the Vault at https://keepersecurity.com/vault.
Press F12 key or click on View > Developer > Developer Tools.
Select “Application” in the console's top menu.
On the left side, Right click your site(s) and click clear to delete the local storage.
On the left side clear out the Local Storage, Session Storage, IndexedDB and Cookies.
(1) Go to the URL: chrome://extensions.
(2) Click on background.html.
(3) Turn on "Developer Mode", then click on 'background.html' inside the extension box.
(4) From the Developer Tools, repeat the same process as above and clear all the local storage.
This guide provides an overview of how Enterprise and Business users can create a free, Keeper Family Plan and once created, how to easily switch between their Keeper accounts.
All Keeper Enterprise users can create a free, Keeper Family Plan for up to 5 family members with unlimited devices. To create your personal vault, follow the steps below:
This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.
(1) Log into the Keeper Web Vault or Desktop App.
(2) Click on the Account Dropdown Menu (your email address).
(3) Select Account.
(4) Enter your personal email within the "Keeper Family License for Personal Use" section and click Send Email.
(5) Logout from your business vault on your browser by clicking on the Account Dropdown Menu > Logout.
(1) Open the Keeper invitation sent to your personal email and click Verify Email Address.
(2) You will then be redirected to Sign Up by creating a master password for your personal account.
If you follow the link sent on your desktop computer, you'll be properly routed to the same geographic data center that is associated with your Keeper Business Vault. Therefore we recommend using your Desktop computer to create your personal Keeper Vault.
If you decide to use your mobile device for creating your personal vault, see the instructions below.
If you decide to create your personal account on an iOS or Android device, please ensure you are in the correct data center location.
If you set up your personal Keeper account in the wrong region, you'll need to contact Keeper support to delete and re-create your account.
After your personal account has been created, it will appear in your business vault Account Menu.
Your linked personal account is licensed as a Keeper Family Plan account with 10GB of secure file storage and BreachWatch dark web monitoring.
The company managing your Business vault does not have any access rights or ability to decrypt information stored in your personal vault.
Your linked personal account will remain free on unlimited devices for as long as the business account is active.
If you leave the business, or if the business does not renew their subscription with Keeper, your Family license converts into a Keeper Free subscription. You may continue to use your personal license on one device, or purchase a Family or Unlimited subscription for all of the premium features.
Your Business Admin may remove the ability to share records from the business vault to the linked personal vault.
This vault is intended for personal use only. All business-related credentials must be stored within your company issued vault.
You can easily switch between your business/enterprise and personal accounts on Keeper for Web Vault, iOS and Android.
From your Web Vault, click the Account Dropdown Menu (your email address) > Account > Switch Account.
You will then be redirected to sign into that account using your master password.
If you have not already logged into the account you would like to switch to on the device you are using, you will first need to tap Add Account and enter your login credentials. Once added, it will appear in the list of accounts that you can switch between.
KeeperFill provides unique features to help you change/rotate passwords on any website.
Login to the site using the KeeperFill browser extension
Visit the site's "Change Password" Page
Follow Keeper's on-screen instructions
See the below example video using Twitter.
If you prefer to use keyboard shortcuts instead of mouse clicks to make the process of auto filling your passwords even more seamless, follow the steps below:
Navigate to the site you would like to log in to.
Type command+shift+k (for Mac OS) or alt+k (for Windows).
In the field provided, begin typing your search terms.
Use the up and down arrows on your keyboard to find and highlight the record you are searching for.
Use the enter key to quickly fill and log in to the site.
This guide reviews how to enable the new Stay Logged In feature and extend your Logout Timer setting.
By default, users are logged out of Keeper if their browser closes, or if their computer restarts. Keeper's "Stay Logged In" feature allows you to instead remain logged into for a configurable duration. Continuing reading to learn how to enable Stay Logged In in the Keeper Web Vault, Desktop App and the KeeperFill Browser Extension.
Sign in to the Keeper Web Vault or Desktop App and click the Account Dropdown Menu (your account email) > Settings > Security and turn "Stay Logged In" on.
Keeper will then recommend that you also enable the "Auto-Logout" setting, to protect your account if you walk away from your device. Also known as the "Inactivity Logout Timer", this automatically logs you out of Keeper after a period of inactivity. You can set this timer to the duration you prefer and it will continue to count down if you close your browser.
If you've downloaded the KeeperFill Browser Extension, you can manage the Auto-Logout setting from the extension's security settings menu (more on this in the section below).
Business customers should note that your Keeper Administrator may disable or limit this feature based on the security settings of your organization.
If you've downloaded the KeeperFill Browser Extension you can enable both the Stay Logged In and Logout Timer features from the extension's security menu.
Click Settings > Security and enable (or disable) "Stay Logged In Between Sessions" and set a "Inactivity Logout Timer".
For security reasons, we recommend setting a reasonable logout timer duration when Stay Logged In is enabled.
Keeper's Stay Logged In feature uses Login API V3. The user's Master Password is NOT stored on the device or computer when using the Stay Logged In feature. Keeper utilizes advanced encryption, session management tokens and device authorization capabilities to protect your vault.
Some sites have more than one domain (website address) that require the same exact login/password. If this is the case for any of your records, rather than creating an entirely separate record, Keeper allows you to store multiple website domains within one record.
So no matter what domain you are logging in from, KeeperFill will recognize that domain as an alias and allow you to log in with the same stored credentials.
To store multiple website domains within a single record:
While viewing the record, click Edit.
Click the + Custom Field button.
Select URL from the Custom Field types
In Website Address, enter the site's alternate domain name.
To finish, click Save.
You can continue to repeat this process for additional domain names by clicking the + Custom Field button again.
Keeper protects TOTP codes for multi-factor authentication into sites and services.
Records that have a stored Time-based One-time Password (TOTP) for two-factor authentication purposes (2FA) can be filled with KeeperFill.
Two-Factor Codes can also be filled from the right-click context menu.
Here's a video demo of setting up TOTP codes with Twitter:
If you are experiencing an issue where the Two-Factor (TOTP) codes are different between your mobile and desktop devices, this is usually caused by the time difference between your devices.
To resolve, ensure that your device time and date is set to "Automatic". If the times are different by even a few seconds, this will cause different codes to appear on different devices.
If you encounter an issue with your Keeper Desktop application and you need to reset the content and settings, please follow these steps:
Use the "Reset Keeper" menu bar item
Additional information may need to be deleted manually if you installed Keeper from the Mac App Store. Open the "Terminal" application from your Applications > Utilities menu then run the below command:
User guide for Enterprise customers who login using DUO for Two-Factor Authentication.
If you are new to logging into Keeper using DUO for Two-Factor Authentication, the videos below will demonstrate the process for Web Vault, iOS, and Android users. To learn more about DUO's Two-Factor Authentication method for Enterprise, click here.
To login with DUO you must first activate it in your Keeper account's Two-Factor Authentication settings.
To receive login requests from DUO, notifications must be turned on for both DUO and Keeper on your mobile device. If you use iOS, you must tap the DUO notification pull-down when it appears on you mobile device.
To receive login requests from DUO, notifications must be turned on for both DUO and Keeper on your mobile device. To verify your identity, you must tap the DUO notification pull-down when it appears on you mobile device.
To receive login requests from DUO, notifications must be turned on for both DUO and Keeper on your mobile device.
How to configure Keeper Desktop with Windows Hello biometric login.
Windows Hello integration currently works with the Keeper Desktop App only.
Keeper is compatible with Windows Hello, a biometrics-based technology that allows users to authenticate and log into their Windows device using biometric facial recognition, fingerprint reader, or pin (available on Windows 10). If Windows Hello is configured on a user's device and enabled in Keeper, this eliminates the requirement for users to enter their master password at the Keeper login screen, further expediting the login process.
Enable Windows Hello:
Open the Account Dropdown Menu.
Click Settings > Security.
Toggle "Windows Hello Login" on.
Once you have read the warning notification, click Enable to accept.
If Windows Hello is not yet configured on your device, you will receive a prompt to open your Windows Settings to configure it. Once you have configured Windows Hello, close out of the Settings window and return to your Vault to proceed with steps 3 & 4 above (Enabling Windows Hello).
Next time you log in to Keeper, Windows Hello will first attempt to authenticate your identity. Once authenticated, your vault will be decrypted and you will be automatically logged into Keeper.
By clicking Cancel you will be returned to the login screen to log in with your Master Password instead.
Windows Hello login became available in March 2020 in our new unified App Installer when Keeper Desktop is installed from the download page of our website or the Microsoft Store. Customers on a prior version will not receive the Windows Hello feature until they install the proper version. The Windows Hello-compatible version of Keeper can be installed one of two ways:
1. Via the App Installer link on our website download page 2. From the Microsoft Store download site
How to login to Keeper with Touch ID on your Mac
Keeper is compatible with Touch ID on macOS, a biometrics-based technology that allows users to authenticate and log into their device using a fingerprint. If Touch ID is configured on a user's device and enabled in Keeper, this eliminates the requirement for users to use SSO or enter their Master Password at the Keeper login screen, further expediting the login process.
To enable Touch ID, click Account Dropdown Menu > Settings > Security and toggle "Touch ID" on.
If Touch ID is not yet configured on your Mac, you will need to first enable the feature from your device settings. Once you have configured Touch ID , close out of the Settings window and return to your vault to proceed with the steps above.
Next time you log in to Keeper, tap on the Touch ID icon from the login screen. Once authenticated, your vault will be decrypted and you will be automatically logged into Keeper.
By clicking Cancel you will be returned to the login screen to log in with your master password or SSO instead.
Logging in with Windows Hello to a vault tied to SSO.
Keeper supports the ability to login with Windows Hello or Touch ID on a vault that is tied to an SSO provider such as Microsoft Azure. To set this up, please follow the instructions below.
(1) Login to your vault using your SSO as usual, and click the Account Dropdown Menu (your email) > Settings > Security.
(2) Enable Windows Hello (or Touch ID if you're on a Mac). Note that if you previously tried using this setting, you should turn it OFF and ON in order to reset the master password storage in your device.
(3) The next time you login to the Keeper Desktop App, simply click the "Windows Hello" or "Touch ID" button.
(4) You will now be able to login seamlessly to your vault using Windows Hello or Touch ID, without having to constantly login using your SSO provider.
If you receive an error when attempting to login with Windows Hello or Touch ID, please turn the setting off then on.
This guide will review Keeper's most common use cases for social media management.
For the examples below, the site "X" (Twitter) will be used, however, Keeper works across all social media platforms.
To create a new record from Keeper's Web Vault or Desktop App, click the Create New > Record. Select a record type from the dropdown menu and enter a record "Title".
Enter the record details including your username, password and URL (if it wasn't auto-generated for you). Use Keeper's password generator by clicking on the dice to create a strong, random password or enter your existing password. Click Save when done.
You can also create new records using the KeeperFill Browser Extension, which allows you to autofill your passwords and save new login credentials to your vault. KeeperFill is available for every web browser. Download KeeperFill for your browser by visiting our Downloads Page.
To create a record while at the site's login page, click the Add Record button in the KeeperFill toolbar. This “quick add” functionality will auto-generate a record “Title” and “URL” based on the website you are visiting.
Use Keeper's password generator by clicking on the dice to create a strong, random password or enter your existing password.
Using Keeper's password generator will NOT automatically change the website's existing login password. You must visit the website's "Change Password" page to update the old password to match the new, stronger password.
Make any necessary edits to the record details and click Save when done.
Next time you need to log in to a site, you can quickly launch the record's website from your web or desktop vault, navigate to the site directly, or search for the record in your KeeperFill toolbar then autofill your login credentials by clicking the fill icon.
For extra security on supported sites and apps, store two-factor authentication (2FA) codes for standard TOTP (Time-Based One-Time Passwords) in your Keeper records.
Navigate to the site's "security settings" or similar page to enable two-factor authentication. Of the methods listed, select "Authentication app" and follow the steps as directed.
Next you will be asked to link the authenticator app (Keeper) to your account.
Log in to the Keeper Desktop app, navigate to the corresponding record, click the edit icon and Add Two-Factor Code.
Click Scan. This will open a scan window.
Please note, Keeper's scan feature is only available on the Keeper Desktop application, which you can download here.
Return to the target site and drag the scan window over the QR code that is presented.
Once the QR code is identified, it will automatically generate a two-factor code in the Keeper record. Hover next to the two-factor code and click the copy icon that will appear.
Paste the code into the field provided. Once confirmed, setup is complete.
The next time you log in to a site or app where you have enabled two-factor authentication, copy the code from your Keeper vault or autofill it from the KeeperFill browser extension.
Upon autofilling your username and password via KeeperFill, when prompted, the stored two-factor code will also be autofilled into the field provided.
Alternatively, you can click the copy icon next to the code and paste it into the field provided.
KeeperFill makes it easy to change your passwords. When visiting a site's "Change Password" page, you will receive a prompt from Keeper asking if you would like help changing your password. Keeper will then run a wizard that walks you through a few quick steps to change your password and simultaneously update the record in your vault.
To begin, navigate to the site's "Change Password" page, or similar. Once there, Keeper will recognize the page and ask if you would like help changing your password, click Yes.
Next, follow the steps provided that will guide you to click on the Keeper icons in each password field. This will create and fill a strong, random password using Keeper's password generator.
Once you submit the change on the site, you will have a chance to review the changes and save them to your vault.
If the change was successful, click Yes. If not, click No - Revert Change to revert the record back to its original state.
This document covers the most common use cases for the Keeper Enterprise product.
Upon deployment of the Keeper Enterprise product, each user is provided a secure, private Keeper Vault. Keeper works on all device types, platforms and operating systems to enable users to:
Create and manage strong passwords across all device types
Securely store files and other private information
Autofill passwords across web browsers, apps and mobile devices
Share confidential information between users and teams
Keeper zero-knowledge, secure vault is protected with multiple layers of encryption. Each user’s vault is protected by a Master Password which is used to encrypt and decrypt data on the local device. Additionally, Two-Factor Authentication protects cloud access. Below are some of the key vault security features:
A user's Master Password is used to derive an encryption key using PBKDF2, which will encrypt and decrypt their vault.
Each password and file stored in the vault are protected with a separate, strong 256-bit AES key.
Users who login with Keeper SSO Connect integration don’t require a master password, since the encryption keys are managed by the Enterprise. For convenience, Admins can permit Biometric Login to the vault (Face ID/Touch ID, Windows Hello, etc.).
Creating strong, randomly generated login passwords for each website is critical in protecting against data breaches, password stuffing and password spraying attacks. Keeper’s password generator and auditing capabilities ensure password compliance company-wide.
Keeper protects passwords and private information on all devices and operating systems. Deployment options are available through the Keeper Security website and every major app store. SCCM deployments and virtual environments (e.g. Citrix) are fully supported.
Keeper's fully-featured desktop application for fast and secure access to your Keeper vault.
The KeeperFill browser extension quickly autofills your login credentials into your favorite websites.
Keeper's fully-featured mobile application for fast and secure access to your Keeper Vault.
KeeperFill for web browsers provides a powerful and easy-to-use autofill feature. Various paths and scenarios are covered by the browser extensions, including the following:
Filling a login and password
Selecting from multiple passwords on the same website
Autofilling a login, password and two-factor code
Prompting to fill or manual click to fill
Saving new passwords to the vault as you type
The ability to customize the behavior of the browser extension can be configured from the extension's Settings Menu.
KeeperFill makes it easy to change your passwords. When visiting a site's "Change Password" form, you will receive a prompt from Keeper asking if you would like help changing your password. By agreeing, Keeper will walk you through a few quick steps to change your password and simultaneously update the record in your vault. Additionally, using Keeper’s Security Audit feature within the vault, users can identity which accounts contain weak passwords and take the necessary steps to change them.
KeeperFill for Apps is a convenient tool used to further enhance your experience with the fully-featured Keeper Desktop App. Used in conjunction with your desktop applications, KeeperFill for Apps provides a simple login solution and quick access to your vault records.
Additionally, KeeperFill for Apps provides a unique and powerful native app form fill capability using simple hotkey commands. IT admins who are accessing remote services can make use of this capability without having to resort to “copy” and “paste”. By storing all of your passwords in the vault and using KeeperFill for Apps, you can rest assured that even your application passwords aren't left vulnerable in plain text.
KeeperFill for Apps works across Mac and PC platforms with popular native applications such as:
Skype, Slack, Evernote and other productivity apps
Custom and/or proprietary applications
Remote Desktop, VNC, Terminal and other command-line utilities
KeeperFill for Apps can be configured via Settings > KeeperFill within the Keeper Desktop App. Once opened, it can be accessed through your computer's menu bar (MacOS) or system tray (Windows) via the familiar Keeper icon.
Folders and Subfolders (or folders within folders) provide greater control and organization over your private Keeper records and files. Subfolders also increase organization across teams and accounts types.
Grid view allows you to view your records in a graphical, tile format which displays beautiful, curated logos for popular websites. To enter Grid view, simply click on the grid icon in your vault.
Every change made to a record creates a backup version that can be viewed and restored at any time. Similarly, deleted records can be recovered and there is no limit to the number of record versions that can be stored.
A record can exist outside of a folder, inside a folder or inside a shared folder. A record can also be linked to multiple folders or shared folders and is referred to as a “shortcut”. Shortcuts like alias files, can exist in two or more places and when edited, change together.
Keeper offers Secure File Storage to protect your confidential files, photos, and videos. Keeper protects these files with 256-bit AES encryption using record-level keys, just like our password encryption technology. Users can easily drag-and-drop files directly into their vault and take pictures & videos directly from their mobile devices. These files can be easily and securely shared with other Keeper users, from vault-to-vault.
Examples of files that might be stored in the vault include:
Customer Information
Financial and Banking Documents
Tax Returns
Medical Photos and Videos
The growing threat of trust-based attacks is opening security risks for IT organizations who rely heavily on access to critical systems via digital certificates and keys. Keeper protects certificates and keys with 256-bit AES zero-knowledge encryption. Examples of the types of certificates that can be stored include:
SSL Certificates
SSH Keys
RSA Key Pairs
Code Signing Certificates
API Keys
Certificates and SSH keys can be stored in any Keeper vault record as either a custom field, note, or file attachment.
In addition to storing SSH keys, they can be used to securely establish connections.
Keeper Commander, a command-line SDK and toolkit for DevOps users allows you to connect to remote systems using stored credentials or SSH keys.
For more information on establishing connections using Keeper Commander, click here.
Keeper uses RSA encryption to share passwords and files. You can share passwords or files directly with another Keeper user or with a team. Behind the scenes, information is encrypted with the recipient’s public key and decrypted with their private key. Permissions (can edit, can share, can edit & share, and read only) can be assigned to individual users or to teams of users.
View, edit and share permission sets can be applied to individual users. Shared folder permissions can provide control over the management of the folder, users and records.
Teams are created and managed in the Keeper Admin Console. Teams can also be provisioned automatically using our Active Directory Bridge software, SCIM protocols or the Keeper Commander SDK.
Since Keeper Enterprise provides a mechanism for administrators to suspend and transfer end-user vaults, Keeper recommends that end-users keep business and personal vaults separate. This easily be achieved by using Keeper’s Account Switching features. Every platform supports the ability to easily switch between business and personal vaults.
Through the use of Keeper SSO Connect technology, end-users can seamlessly log in to their Keeper Vault with any existing SAML 2.0 compatible identity provider such as Okta, Centrify, Microsoft AD FS / Azure, G-Suite, JumpCloud and F5 BIG-IP APN.
Once this capability is activated by the Keeper Administrator, logging in is seamless across all device types and platforms. Alternatively, users can first log in to their identity the provider and then launch their Keeper Vault.
Keeper Enterprise provides a web-based Admin Console application. The Admin Console allows administrators to:
Onboard and offboard users
Apply role-based enforcement policies
Manage two-factor authentication
Monitor the security score of the organization
Customize the end-user experience
The Keeper Admin Console provides several solutions to deploy Keeper to users based on the size of the organization. Users can be provisioned through one of the following methods:
Active Directory or LDAP sync via AD Bridge
Single Sign-ON (SAML 2.0)
SCIM and Azure AD
Email Auto-Provisioning
CSV File Upload
Manual entry via the web interface
Command Line Provisioning via Keeper Commander SDK
Different organization units (nodes) can be provisioned in different ways. For example, end-users within one organizational unit can onboard via Active Directory and another group of users can be provisioned with an identity platform like Microsoft Azure or Okta.
Keeper’s role-based enforcement policies provide organizations with the most flexibility to customize their solution to meet the needs of internal controls, this includes:
Master password complexity rules
Two-Factor Authentication channels
Physical location, IP addresses and device platforms
Sharing and data export rules
Device biometrics
Administrative permissions are also applied at the role level. Any role with administrative permission can log in to the Keeper Admin Console and perform specific job functions.
Retaining critical and confidential data is important when employees leave the organization, especially users that are in some administrative or management capacity.
Through the use of Keeper’s secure “Account Transfer” feature, a user’s vault can be locked and then transferred to another user within the organization. The process of account transfer remains fully zero-knowledge, and the responsibility of performing the account transfers can be limited based on roles within the organization. For example, only the Engineering Manager can transfer the vault of an Engineer or the Marketing Manager can only transfer the vault of a Marketing Coordinator.
Keeper’s security model is based on the least-privileged access, meaning, Keeper implements least-privileged policies, so when a user is a member of multiple roles, their net policy is most restrictive. Administration of groups can be delegated and restricted based on job function or any other criteria.
Account Transfers are a one-directional action. Upon account transfer, the source account is deleted and the vault records are transferred to another user account.
The overall security score of the organization can be monitored by delegated Keeper administrators to ensure compliance with password policies. Detailed reports identify users who need to take corrective action. Record password strengths, master password strengths and two-factor authentication usage can all be monitored in the Security Audit tab and are what make up an organization's security score.
Keeper’s Advanced Reporting & Alerts Module (ARA Module) provides event logging and log event tracking for over 75 event types, the ability to send event based alerts and the capability to log events to an external system.
Admins can create customized reports by specifying what criteria to filter and present in each column. Reports can now be filtered and saved based on Event Types (Policy Changes, Sharing, Logins, etc), Users, and Attributes (Nodes, Devices, Location, etc).
Alerts can be triggered based upon any event criteria, such as role policy changes, privileged password access or other security events. Alerts can be sent via SMS or email and can also be viewed within the Admin Console interface.
The ARA Module integrates with 3rd party Security Information and Event Management (SIEM) tools for external logging. Integrations include the following:
Splunk
Sumo Logic
Amazon S3
IBM QRadar
The ARA Module supports over 75 event types (e.g. Expired Master Password, Changed Master Password, Shared Record, Disabled Two-Factor Authentication etc. ) that can be automatically pushed to popular SIEM products such as Splunk, Sumo and QRadar.
Keeper’s “Recent Activity” report provides event logging and forensic analysis capabilities to comply with corporate governance and audit requirements. Events are tracked throughout the system while maintaining zero-knowledge. Only privileged users with sharing or ownership rights to decrypt individual vault records are capable of viewing the stored vault information.
This guide details the account creation and login process for Enterprise customers who deploy Keeper through an existing Single Sign-On Identity Provider (IdP) such as Azure, ADFS or Okta.
Your Keeper vault is easy to create, simple to use and you’ll be up and running in just minutes. You can create and access your Keeper vault by either logging in directly from Keeper via an email invitation from your Keeper Administrator or from your SSO provider dashboard.
You may have received an email from your organization's Keeper Administrator inviting you to create a Keeper account with a subject line that reads: "Action Required >> Instructions for Your Keeper Security Account"
To create your Keeper account, click the yellow action button that by default says "Set Up Your Account Now", however, your organization may have chosen to customize the exact wording.
Since your Keeper account is deployed through your Single Sign-On Identity Provider (IdP) integration, you will automatically be routed to authenticate against your IdP if a current SSO session is not active.
Once you have successfully authenticated to the IdP, you will be routed to your Keeper vault. Upon accessing your vault, you may receive a "Vault Transfer" acceptance dialog.
Next, you will be guided through a "Quick Start" walkthrough, that will help you either import passwords from your browser or other password manager (if enabled by your Keeper Admin) or manually create new records.
Please note, the Quick Start module may be disabled by your Keeper Admin.
Alternatively, you can create your Keeper account by visiting your SSO provider dashboard. This is called "Identity Provider-initiated login". First, log in to your existing Single Sign-On identity provider as you normally do.
You will observe your Keeper administrator has integrated Keeper into your identity provider dashboard. Simply click the Keeper icon to launch the Keeper application.IdP-Initiated Login
You will be guided through a "Quick Start" walk through, that will help you either import passwords from your browser or other password manager (if enabled by your Keeper Admin) or manually create new records.
Please note, the Quick Start module may be disabled by your Keeper Admin.
Once your Keeper account has been created, logging into your Keeper Vault is both easy and secure. Users can do so from either Keeper's vault login page or from their SSO provider dashboard.
You can login to Keeper by entering either your email address or Enterprise Domain at Keeper's login page.
Login to your Keeper vault by region:
From the Keeper vault login page, enter your email address and click Next
You will automatically be routed to your Identity Provider to sign in. Once you have successfully authenticated to the IdP, you will be routed to your Keeper vault.
From the Keeper vault login page, select Enterprise SSO Login > Enterprise Domain
Enter your Enterprise Domain and click Connect
Please note, the Enterprise Domain is provided by your Keeper administrator.
You will automatically be routed to your Identity Provider to sign in. Once you have successfully authenticated to the IdP, you will be routed to your Keeper vault.
Log in to your existing Single Sign-On identity provider as you normally do.
Simply click the Keeper icon to launch the Keeper application and you will be routed to your Keeper vault.
If you sign into Keeper on a new platform, you may encounter a "device approval" notification (SSO Cloud Users Only). If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper vault. Users have two methods of approval to choose from, Keeper Push or Admin Approval.
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device. This is a self-service process that allows users to handle the device approval on their own.
Admin Approval will send a notification to your Keeper Admin requesting device approval. If you do not have an existing, recognized device, this will be the only path gain access again.
If you select Keeper Push, a notification (push) will be appear in your vault at an approved device or browser. Select Yes
to approve the new device.
You must be actively logged into a different, recognized/approved device to receive the notification.
Alternatively, if you select Admin Approval, your Keeper Admin will receive notification for approval. Once the device has been approved, you will be able to proceed to your Keeper Vault.
Please note, your Keeper Admin may have configured automatic approvals, in which case the request is handled within 15 seconds.
Importing Passwords, Folders and Shared Folders into Keeper
Keeper provides several methods of importing data into the vault. Each method is fully documented with screenshots and example data in the subsequent pages of this user guide.
Records created in any platform will instantly sync to the your other devices. Records that are shared among users will receive updates in real time.
Importing from other password managers
Instructions for how to uninstall Keeper.
Removing Keeper Password Manager will also remove KeeperFill from Safari. Data stored in Keeper's Cloud Security Vault is NOT erased.
Drag the Keeper Password Manager app to the Trash.
Empty the Trash.
Uninstall will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
Navigate to the Windows Start Menu > Settings > Apps & Features.
Under Apps & features, click the Keeper Password Manager application.
Click Uninstall.
You will be warned that the app and its related info will be uninstalled, click Uninstall to confirm.
User Account Control will ask you to confirm making changes to your device, confirm the changes by clicking Yes.
On your desktop locate the Keeper App tile.
With your mouse, right-click and choose Uninstall from the options toolbar at the bottom of your screen.
If you are using a touchscreen:
Tap and hold the Keeper tile and drag it downward slightly, then release. A check mark will appear in the corner of the tile.
Tap Uninstall to remove Keeper.
Click Start and then click Control Panel.
Under Programs, click Uninstall a program.
Select the Keeper application.
Click Uninstall.
To finish, accept any prompts that might appear while the software is being removed.
Open up a command line and run the following command:
Open up a command line and run the following command:
If your distribution uses the DNF Package Manager, run the following command:
Alternatively, Linux systems also use a software manger/center system that can uninstall software for you:
Debian/Ubuntu
Click on the Ubuntu Software icon in the activities toolbar, this will open the Ubuntu Software Manager/Center.
Here you can search for and uninstall Keeper from your computer.
Click the Installed tab to list the applications.
Click the Remove button next to the Keeper listing.
Confirm you want to remove Keeper by clicking the Remove button and enter the password for Administrator or sudo user.
Finish by clicking Authenticate.
Fedora/Red Hat/CentOS
Users can use GNOME Software like Ubuntu's Software Manager/Center to uninstall Keeper.
Uninstall will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
Navigate to the Windows Start Menu > Settings > Apps & Features.
Under Apps & features, click the Keeper application.
Click Uninstall.
You will be warned that the app and its related info will be uninstalled, click Uninstall to confirm.
User Account Control will ask you to confirm making changes to your device, confirm the changes by clicking Yes.
Uninstalling Keeper will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
On your device, long press on the Keeper App icon.
Tap Remove App > Delete App > Delete. (For older iOS systems, long press on the Keeper App icon until all the apps start to shake. Tap the "X" that appears in the upper left corner of the Keeper App icon. To confirm, tap Delete).
The instructions below apply to the latest OS. Third party operating system instructions may differ.
Uninstalling Keeper will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
Open your device's Settings menu.
Tap Apps or Application Manager (depending on device).
Navigate to the Keeper App.
Tap Uninstall.
Confirm by tapping OK when prompted.
Uninstalling Keeper's Browser Extension from Chrome does not effect the data stored in Keeper's Cloud Security Vault.
Right click on the Keeper extension icon in the upper right corner of your browser.
Click Remove from Chrome...
When the pop-up menu appears, click Remove.
Uninstalling Keeper's Browser Extension from Firefox does not effect the data stored in Keeper's Cloud Security Vault.
Right click on the Keeper extension icon in the top right corner of your browser.
Click Remove Extension
When the pop-up menu appears, click the Remove button.
To uninstall “KeeperFill”, you must remove the “Keeper Password Manager” desktop application.
Uninstalling Keeper's Browser Extension from Safari does not effect the data stored in Keeper's Cloud Security Vault.
Navigate to the Safari Menu Bar > Preferences... or Safari Menu Bar > Settings... (for macOS 13 and above).
Click Extensions.
Click KeeperFill.
Click the Uninstall button.
Click the Show in Finder button to locate the application.
Drag Keeper Password Manager.app to the Trash.
Empty the Trash.
Uninstalling Keeper's Browser Extension from Internet Explorer does not effect the data stored in Keeper's Cloud Security Vault.
Open the Control Panel.
Go to Programs & Features (Uninstall a program).
Select Keeper for Internet Explorer from the list
Right-click, select Uninstall.
On the first pop-up, select Yes.
On the second pop-up, select Uninstall.
On the third pop-up, select Close the applications and Ok.
Uninstalling Keeper's Browser Extension from Edge does not effect the data stored in Keeper's Cloud Security Vault.
Open the Overflow Menu.
Click Extensions.
From the menu locate the Keeper Browser Extension.
Click the gear icon next to Keeper.
Click on the Uninstall button.
Click Ok to confirm.
Uninstalling Keeper's Browser Extension from Opera does not effect the data stored in Keeper's Cloud Security Vault.
Right click on the Keeper extension icon in the toolbar.
Click Manage Extension...
Click Remove Extension.
Confirm by clicking Remove.
End-user guide for the Keeper Web Vault and cross-platform, Keeper Desktop Application.
With Keeper, your passwords, logins and other personal information are saved in a private and secure digital vault. It is here where you can view and edit all of your website login credentials and details, as well as store important files and photos.
If you are a new user, click Create Account
at the login page and enter your email address. You will then be asked to create and confirm a Master Password. This will be the only password you have to remember -- don't forget your Master Password! Lastly, you will be asked to enter the verification code that was sent to your email.
Once your Keeper vault is created, you will be guided through a "Quick Start" walkthrough, that will help you either import passwords from your browser or other password manager or manually create new records.
Enterprise (SSO) users, please refer to our supplemental "Enterprise End-User (SSO)" guide located in the sub-section of this guide for details on account creation, login flows and device approvals.
Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital Vault (as "Records") and are encrypted on your device using 256-bit AES. To begin, simply click + Create New > Record
.
Name Your Record
Enter Your Email or Username
Enter the Website Address
Click Save
to Finish
Keeper can also import logins and passwords directly from your web browser, another password manager or a text file (.csv).
Click Next
to install the Keeper import tool and begin the import process.
After installing the import tool, you'll be asked to copy-paste a code or "token" from the vault into the import tool.
Keeper will report websites and their associated logins and passwords directly from your web browser. You can then scroll though the report and uncheck those you do not wish to import. Once you have finished reviewing the report, click Add to Keeper
to import the selected password.
If you are using an existing password manager or if your passwords are stored in a text file (.csv), you can import those passwords by first selecting your import source from the list and then clicking View Import Instructions
to follow the provided instructions.
Enterprise Users, importing Passwords may not be available as determined by your Keeper Administrator.
Note: Keeper Browser Extension v15 and newer is required for SSO Cloud users.
Keeper allows you to organize your records by folders and subfolders. To create a folder, click on + Create New > Folder
.
To create a subfolder, right-click on the existing/parent folder and click New Folder
.
Drag-and-drop the record(s) you would like to store in a folder or subfolder and click Move
or Create shortcut
. To move multiple records, hold "shift" and click the items to drag-and-drop.
Shortcuts like alias files, can exist in two or more places and when edited, change together.
Moving and shortcuts can also be performed by right-clicking on a record or folder to generate a contextual options menu.
By right-clicking on a record you can create a record "Favorite", which is used to easily locate your most frequently visited sites.
Securely create, share and manage records and folders with existing Keeper users such as family, friends and colleagues.
While viewing a record click Options > Sharing
.
Enter the email(s) of the Keeper users then choose their permission type from the dropdown menu.
Click Create New > Shared Folder
.
Click the dropdown to select where you would like to nest the shared folder. Click Edit
to add record(s), user(s), set permission types and the default folder settings.
Once the default configuration is set, it will only affect users and records added after the change was made. To change users or records added prior to the default configuration, those items will need to be changed either individually or through a bulk change.
Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely.
From the left navigation menu, click Identity & Payments
, enter a username and click + Phone Number
and + Address
to enter your corresponding information.
Long, random passwords that are created for each login help protect your information and reduce your exposure to data breaches. Keeper generates and securely stores strong, random passwords for all of your sites and apps with the click of the dice.
This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password.
Custom Fields allow you to store additional important data, like the answer to a site's security question or your passport number. Custom fields are created in pairs: "Custom Field Name" and "Custom Field Value".
Please note, "masked" custom field values are only available for Keeper Enterprise customers.
Auto-launch allows you securely and quickly navigate to your favorite websites. Simply click a record's Website URL to launch and login with Keeper in a new window.
Security Audit gives your passwords an overall security score and lets you clearly see what passwords are weak from a password strength visual indicator (red being the weakest, green being the strongest).
You can edit a record's password by clicking on the record from the provided list (you will still need to update the password at the record's website to match the new, corresponding password in your vault).
(1) At your target website, visit the two-factor authentication screen which is usually located within security settings. It is sometimes referred to as "login verification" or "two-step verification". Screengrab the QR pattern or copy the secret code to clipboard.
(2) Within a Keeper record, select Edit > Add Two-Factor Code
(3) Upload the screengrab of the Two-Factor QR pattern (with security key) associated with the site or application. If there isn't a QR pattern, use the manual entry method. Enter the code given under “Secret Key”, often a 32-digit code and fill out the rest of the fields.
(4) After adding the security key to the vault record a Two-Factor Code will be generated inside the Keeper record.
(5) The two-factor code will be regenerated frequently and can then be copied and filled into the site or app when prompted after logging in with a username and password.
With the KeeperFill browser extension, you can autofill your passwords and save new login credentials to your vault. KeeperFill is available for every web browser (Chrome, Firefox, Safari, IE, Edge and Opera).
Once downloaded, the KeeperFill browser extension will appear in the upper-right corner of your browser window (for Safari, it will appear left of center).
You will be automatically logged into the KeeperFill Browser Extension upon signing into the Keeper Web Vault. Alternatively, you can log in by clicking the Keeper icon located in your browser toolbar and entering your email address and Master Password.
If this is your first time logging into a site while logged into KeeperFill, you will be asked if you would like to auto-fill your login, to do so, click Yes
Alternatively, clicking on the Keeper lock in a login field allows you to view and edit the record match (or create a new one). Click the fill button to fill your login credentials or click Show More
to view/fill individual fields.
KeeperFill's easily accessible search bar, allows you to search within your vault to quickly locate and fill the desired login credentials, payment cards and personal info such as addresses.
Keeper recognizes when you are at a site's login form and will prompt you to create a record if one has not yet been created.
Click + Create New Record
Review and edit the details of the Keeper generated record and click the check mark to fill and save the record to your Keeper vault.
KeeperFill makes it easy to change your passwords. When visiting a site's "Change Password" form, you will receive a prompt from Keeper asking if you would like help changing your password. By clicking Yes
Keeper will walk you through a few quick steps to change your password and simultaneously update the record in your vault. These steps will include a series of prompts detailing the following actions:
Autofill your old/current password
Automatically generate and autofill a new secure password
Confirm the changes and save them to your vault
KeeperFill's Prompt to Change a Password
Keeper offers Secure File Storage to protect your confidential files, photos and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper vault.
Files can either be added to an existing record or you can create a standalone record to store the file independently of other login information.
Click + Files or Photos
to upload a file or simply drag-and-drop the file directly into your vault.
BreachWatch is a powerful secure add-on feature that monitors the internet and dark web for breached accounts, matching records stored within your Keeper vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.
To start your BreachWatch scan, from the left navigation menu, click BreachWatch > Let's Begin
.
BreachWatch will then scan your records and report any risks associated with them. Clicking each record listed will allow you view the steps needed to resolve each risk.
Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure to update the corresponding record in your Keeper Vault with the same password.
If you click Ignore
, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.
Two-Factor Authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in.
Enabling Two-Factor Authentication is advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts).
To enable 2FA for your Keeper vault, from the Account Dropdown Menu, click Settings > Security
, toggle "Two-Factor Authentication" on and select your 2FA method.
(1) The Text Message toggle is on by default. Select a Region from the dropdown (US+1 by default), enter your 10 digit phone number including your area code and click Next
(2) To verify that you trust this number and device, enter the Keeper Web code that was sent to the phone number you provided. Select your 2FA code duration from the dropdown menu and click Next
You will be prompted for 2FA every time you login to your Vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
Codes will only last for a minute; if you need another code sent, click Send a new code
(3) Backup codes will be shown next. If you are unable to receive Two-Factor codes via the phone number you entered, you can enter one of the codes listed instead. Click I have written these codes down
to finish.
(1) Toggle "Google and Microsoft Authenticator (TOTP)" on and click Next
(2) Using the device that runs the Google or Microsoft Authenticator App, scan the QR code provided. The app will then acknowledge the QR code and produce a verification code.
(3) Enter that verification code and click Next
You will be prompted for 2FA every time you login to your Vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(4) Backup codes will be shown next. If you are unable to receive Two-Factor codes via the phone number you entered, you can enter one of the codes listed instead. Click I have written these codes down
to finish.
In order for Azure MFA (using the Microsoft Authenticator app.) to be utilized as a TOTP, the Azure administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure.
Keeper DNA is a Two-Factor Authentication method that uses your smart watch as your second factor.
To use this feature, toggle the switch next to Keeper DNA, then follow these links to set up KeeperDNA on your preferred platform:
Keeper DNA on Android devices is undergoing a revision and planned for a future release. Legacy versions will function as expected.
Users can change specific features like language, theme and Two-Factor Authentication in the Settings menu. You can access the Settings menu from the Account Dropdown Menu.
Choose a New Color Theme
Set Clipboard Expiration
Choose another language: English US & UK, Spanish, Japanese, Romanian, Chinese Simplified & Traditional, French, Korean, Russian, Arabic, Greek, Dutch, Slovak, Brazilian Portuguese, Hebrew, Polish, German, Italian, and Portuguese
Reset Master Password
Reset Security Question
Change Email Address
Locate and Delete Duplicate Records
Delete All Owned Records
Enable Auto-Logout
Enable Stay Logged In (Desktop App)
Enable Self-Destruct
Adjust PBKDF2 Iterations
The instructions below are for uninstalling Keeper Desktop App (Keeper Password Manager) for Mac and Windows OS.
Uninstalling the Keeper Password Manager will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
Drag the Keeper Password Manager app to the Trash.
Empty the Trash.
Uninstalling Keeper Password Manager will also remove KeeperFill Browser Extension from Safari. Data stored in Keeper's Cloud Security Vault will NOT be erased.
Navigate to the Windows Start Menu > Settings > Apps & Features.
Within Apps & features, click the Keeper Password Manager application.
Click Uninstall.
You will be warned that the app and its related info will be uninstalled, click Uninstall to confirm.
User Account Control will ask you to confirm making changes to your device, confirm the changes by clicking Yes.
US:
EU:
Enter Your Password or Tap the Dice to Generate One (more on that )
Enter Additional Notes, , and
to access your Keeper Vault from any platform and be able to use it for native applications across all of your devices.
Visit: to download the Keeper App for all of your desktop and mobile devices.
Download KeeperFill for your browser by visiting our .
Setup
Setup
Additional user tutorial videos are available at:
Permission Type | Permission Level |
Can Edit | Users in folder can edit this record |
Can Share | Users in folder can share this record |
Can Edit & Share | Users in folder can edit and share this record |
Read Only | Users can only view the record |
Transfer Ownership | User will own the record and control the sharing permissions |
Permission Type | Permission Level |
Can Manage Users | Can add or remove users |
Can Manage Records | Can add or remove records |
Can Manage Users & Records | Can add or remove users and records |
No User Permission | Can view only |
This guide contains instructions on how to manually export saved passwords from Chrome and import them to Keeper.
IMPORTANT: Keeper can import password directly from your web browsers such as Chrome, using the automated import tool found in your Keeper Web Vault and Desktop App Settings. The import tool is an easy to use application that runs on your computer to quickly locate and import your passwords. Click here for further instruction on how to automate the import of your passwords from a web browser such as Chrome.
If you have attempted to use Keeper's automated import tool and have been unsuccessful, or you are running Linux OS, follow the directions below to complete the process manually. You will first need to perform a manual export of your passwords from Chrome and then import the file to Keeper as a Text File (.csv).
From your Chrome Browser, click Settings > Passwords
then click
A popup will appear, click Export Passwords...
and complete the necessary steps to save the passwords to your computer as .csv file.
From Keeper, click Settings > Import > Text file (.csv)
Drag and drop the exported file into the target window "Drop a File Here"
Use the dropdown menus to set the column headers to the following: Title, URL, Login, Password, then click Import
For more on importing from a text file (.csv) and field mapping click here.
Instructions on how to import passwords from Microsoft Excel into Keeper.
(1) If you are importing your passwords from Excel, first save the file in CSV format.
(2) Log into your Keeper web vault at https://keepersecurity.com/vault/
(3) Click on your account email in the upper right-hand corner, then click on Settings > Import.
(4) Select “Text file (.csv)” from the list of options.
(5) Drag and drop the exported file into the target window.
(6) You can use the drop-down menu in each column to map to the correct Keeper field.
(7) Click Next.
(8) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
(9) Click Import.
Instructions on how to import passwords from 1Password to Keeper
To import from 1Password, you must export your records from the 1Password application on MacOS or Windows.
(1) Log into your 1Password account using a desktop computer.
(2) Select the vault you want to export.
(3) Choose File > Export > Your Vault
(4) Enter your Master Password to unlock
(5) Choose the file format: 1PUX or CSV, then click Export Data. The 1PUX format is preferred since it contains all data.
(6) Choose a location to save the export. Make sure to delete this file after the import is complete.
(1) Open and unlock 1Password.
(2) Select the vault you want to export.
(3) Click on the 3 vertical dot menu and choose Export > Your Vault
(4) Choose the file format: 1PUX or CSV, then click Export Data. The 1PUX format is preferred since it contains all data.
(5) Choose a location to save the export.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose 1Password from the list.
(5) Drag the exported file into the target window "Drop a File Here"
If you intend to share all top-level folders with other people, check the box "Import Root Level Folders as Shared". Otherwise leave it unchecked.
(6) Click on Import.
Make sure to delete the local 1Password .csv or .1pux file locally on your computer.
Keeper Commander also supports a 1Password import that allows more configurable options, such as default folder permissions. See the below link for more details:
Instructions on how to import records from popular browsers.
Keeper Importer can automatically import unprotected passwords from web browsers such as Chrome, Firefox, Edge, Safari, Internet Explorer and Opera automatically from the Keeper Web Vault and Keeper Desktop Application.
To import from Safari 17+ and macOS 14.0 Sonoma, visit this page
(1) Log into Keeper's web vault at https://keepersecurity.com/vault/ or simply login to the Keeper Desktop App (download from https://keepersecurity.com/download)
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import then select Import button at the top of the screen.
(4) If you are using the Web Vault, Keeper will prompt you to download the Keeper Import Tool. This is a small application that runs on your computer to import any found passwords. The Import Tool will download into your default Downloads folder. Please download, unzip and run this application to continue.
(5) Copy the code provided to your clipboard by clicking the copy button.
(6) If using the Web Vault, unzip the Keeper Import application in your download folder.
(7) If using the Web Vault, launch the Import Tool from the Download folder.
On Windows, you can just double-click the Importer application and Run when prompted.
(8) Keeper will then ask for your token. Paste the code you copied previously in step 5 and click Import.
(9) Keeper will import all of the passwords that it can find in your local web browsers. Review the passwords and select which records you would like to import. Click Add to Keeper to import the selected passwords.
(10) Once you have completed the import and verified that the data appears properly in your Keeper Vault, we recommend deleting stored passwords from your web browser, and turning off password saving features from your web browser settings.
For Mac users, to complete import of passwords from Safari and the iCloud Keychain, you will need to complete a few more steps as described below.
Import from iCloud Keychain is only available on the Keeper Desktop application that is downloaded from the Keeper website. The Mac Store version of Keeper does not allow iCloud Keychain import. To download from the Keeper website please visit: https://keepersecurity.com/download
(1) Click "Next" to open Accessibility Settings
(2) Click on "Open System Preferences"
(3) Click the Lock to unlock permissions
(4) Check "Keeper Import"
(5) Safari will open in a few seconds. When prompted, type in your computer password to unlock Safari passwords.
(6) Keeper will then ask for your token. Paste the code you copied previously in step 5 and click Import.
(7) Keeper will import all of the passwords that it can find in your local web browsers. Review the passwords and select which records you would like to import. Click Add to Keeper to import the selected passwords.
To import 2FA codes from iCloud Keychain to Keeper, follow the Safari import instructions page.
(8) Once you have completed the import and verified that the data appears properly in your Keeper Vault, we recommend deleting stored passwords from your web browser, and turning off password saving features from your web browser settings.
We recommend turning off your Web Browser's password saving and filling features. Visit the Settings or Preferences screen of your web browser to turn off these features.
Instructions on how to import a generic or specific .csv file into Keeper.
(1) Log into Keeper's web vault at https://keepersecurity.com/vault/
(2) Click on your account email address in the upper right-hand corner.
(3) Click on Settings > Import.
(4) If the .csv file was generated from a specific password manager, please select the password manager from the list of choices. If this is a generic .csv file generated from another source, proceed with the "Text file (.csv)" selection.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
(8) Click on Import.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
If you are getting garbage characters in the import, ensure that the CSV file was saved/exported using UTF-8 or Unicode encoding.
Keeper's CSV import method also supports advanced structure including Folders, Subfolders, Shared Folders, and any number of Custom Fields (CustomFieldName,CustomFieldValue).
Currently $variables
don't work on the web vault import, but they do work when importing with commander.
• To specify Subfolders, use backslash "\" between folder names • To make a Shared Folder specify the name or path to it in the 7th field
Here is a list of some record types (you may have more if you have custom record types, or less if you are restricting some record types):
Here is a list of all possible field types (including custom fields):
Example 1: Create a regular folder at the root level with 2 custom fields
Example 2: Create a shared subfolder with edit and re-share permission, inside a regular folder
Example 3: Create a shared folder with edit and re-share permission on the outside and a nested folder tree underneath.
In this 3rd example, the outer shared folder is called "Family Records" and underneath is a folder tree. The record is added to the nested folder 3 levels down.
To visually see how the import will look, drag and drop the file into the Import screen and click Next. You'll see a preview of the structure:
A Folder, Subfolder (nested folder) and Shared Folder are objects that are created independently of records. Folders are often used to categorize records of a similar type.
Keeper's implementation of folders is powerful and flexible and includes ease-of-use functionality such as drag-and-drop.
A folder is a container of records and record references (shortcuts).
A shared folder is a container of records, with flexible user and team sharing capability.
A folder can be made up of personal records, shared records or other regular subfolders.
Subfolders can be either shared or personal.
You can create an unlimited number of folders and shared folders.
A shared folder can be made up of an unlimited number of subfolders, each subfolder beneath a shared folder retains the permissions of the parent.
There is no limit to the folder tree depth.
Folders and subfolders contained within shared folders will inherit the permission of the shared Folder.
A shared folder with just one user (nothing shared to anyone) is still a Shared Folder.
A shared folder does not have to be shared with anyone else.
The permissions of records within a Shared Folder can be individually controlled with the following two permissions:
Can Edit - when this permission is enabled, the record can be edited by any user with the shared folder.
Can Share - when this permission is enabled, records can be shared by any user with the shared folder.
Keeper also supports advanced JSON structured file formats. We recommend using JSON files for import and export of structured data instead of CSV files. This is described in the JSON Import page.
Import Keeper JSON structured file format
Keeper supports importing a structured JSON file. You may use this, for example, if you have backed up a Keeper file from a different vault or if you are building a file from another data source. This is an advanced feature, typically used by Keeper Enterprise administrators or more technical customers. If that's not you, head over to CSV import.
Once your JSON is properly formatted, import the JSON file by dragging and dropping or using the browse button from your vault under Settings > Import > Keeper JSON
The JSON file can be created in several ways:
Exporting .JSON file from the Keeper Vault
Exporting .JSON from Keeper Commander SDK
Creating your own custom file
To create a .JSON file from your existing Keeper vault, click on your email > Settings > Export:
Click on Export Now and type in your Master Password (if requested) to export your records in JSON format.
Keeper Commander is a developer / Admin tool that has many capabilities for managing your vault and Enterprise account.
Visit the Keeper Commander SDK repository here: https://github.com/Keeper-Security/commander
The command to export a vault in JSON format is demonstrated below:
When creating a custom JSON import file, Keeper supports an array of "records", "folders" and "shared_folders". Several examples are included below that you can import into your vault for testing purposes.
Example JSON file: Records, Folders and Shared Folders
This file demonstrates several JSON import features including:
Array of records
Each record can have custom fields, notes and be added to folders
Folders can be created as regular (private) or shared folders
Records can also contain TOTP seeds (advanced feature, see Facebook entry in example below)
Here is a list of all possible field types (including custom fields):
Here are some record types (you may have more if you created custom record types, or less if you are restricting some record types):
Example JSON file: Shared Folders and Permissions - No Records
The below JSON file demonstrates the ability to create a shared folder structure (without records) that has permissions configured.
Note: Example references to "UID", "Team UID", etc are placeholders that are specific to your vault.
Example JSON File: Both Private Records/Folders and Shared Records/Folders
The below example JSON file combines several features - Shared Folders, Private Folders, Records and TOTP seeds.
Note: Example references to "UID", "Team UID", etc are placeholders that are specific to your vault.
Instructions on how to transfer records from Avast Passwords to Keeper
To import from Avast Passwords, you must export your records first.
(1) Launch Avast Passwords and log in to your account
(2) Select Import/export data (3) Click Export to File (4) Name the file and click Save
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Avast from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to export/import records from EnPass.
To import from Enpass CSV file please reference the generic section.
To import from EnPass, you must export your records from first.
Mac
(1) Click File > Export.
(2) Select .json as your file format.
(3) Choose the location to save the file.
(4) Name the file and click Save.
(1) Click on the menu in the upper left-hand side.
(2) Click on File > Export.
(3) Select .json as your file format.
(4) Choose the location to save the file.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose EnPass from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
(7) Click on Import.
Instructions on how to export/import records from Bitwarden.
To import from Bitwarden, you must export your records first.
(1) Launch the Bitwarden Desktop App and log in to your account.
(2) Select File > Export Vault.
(3) Select file format .csv from the dropdown and enter your Master Password.
(4) Click the Submit button and Export Vault.
(5) Select your destination for the .csv file and click Save.
Option 2: From Bitwarden Web Vault
(1) Click on Tools > Export Vault.
(2) Select file format .csv from the dropdown and enter your Master Password.
(3). Click Export Vault twice to confirm the action.
(4) Open the file to save it. Select your destination for the .csv file and click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Bitwarden from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to import records directly from KeePass encrypted .kdbx files.
Keeper supports the ability to import directly from encrypted Keepass files in .kdbx file format. Keeper can import both password-protected and private key-protected formats. All versions of .kdbx files are supported.
This import includes Folders, Password, Custom Fields and even File Attachments!
To import into Keeper, please locate your encrypted .kdbx file, and if you are protecting your Keepass file with a private key, you will need that file as well.
(1) Login to Keeper on your computer
Login to the Keeper Web Vault:
Or, download the Keeper Desktop App:
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose KeePass (.kdbx).
(5) Type in your KeePass Password.
(6) Click on the Key File + button and navigate to your Key File if one was used.
(7) Locate your .KDBX file and drag and drop it the target labeled "Drop a File Here".
Please note that import from the latest KeePass KDBX4 file format is slow and might take up to 30 seconds or more. When importing, please be patient :)
(8) If necessary, use the drop-down menu in each column to map to a Keeper field. For KeePass files, the structure is automatically mapped so you should not need to perform any manual mapping.
(9) Click on Import to complete the process.
If you run into any issues, you may need to first update your Keepass application to a newer version, or export your Keepass database to a newer format.
Note: Importing records with File Attachments is restricted to paid Keeper customers with Secure File Storage plan.
Instructions for migrating from Kaspersky to Keeper
To import from Kaspersky, you must export your records first.
(1) Click Settings > Import/Export
(2) Export to text file and Save
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Kaspersky from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to export/import records from Dashlane.
To import from Dashlane, you must export your records first.
Login into https://www.dashlane.com.
Under My Account, select Settings, Export Data.
3. Under DASH: Dashlane Secure Archive click on Export to Dash.
4. Create a password and confirm it in the second field.
5. Click on Export data.
6. A file called Dashlane Export.dash will be made where you have assigned downloads to go.
Login into https://www.dashlane.com.
Under My Account, select Settings, Export Data.
3. Under CSV, click on Export to CSV.
4. A file called "dashlane-credential-export.zip" will be made where you have assigned downloads to go. Warning: This can be read by anyone.
Once your files have been exported from Dashlane using one of the two methods above, continue to Keeper's Web Client or Desktop App to import.
Log into the Keeper Web Vault or Desktop App.
Click on your account email in the upper right-hand corner.
Click on Settings > Import.
Choose Dashlane from the list.
5. Drag your Dashlane Export.dash file to the Drop a File Here. window.
6. Enter the Dashlane password you assigned it during the export.
7. Use the drop-down menus in blue to map each column to a Keeper field. Click Next.
8. If you intend to share all first level folders, check the box Import Root Level Folders as Shared.
9. Review and approve the import by pressing the “Import” button.
Log into the Keeper Web Vault or Desktop App.
Click on your account email in the upper right-hand corner.
Click on Settings > Import.
Choose Text File (.csv) from the list.
5. Your file from Dashlane may be zipped, un-zip it and select the right .csv you want imported. Dashlane separates files by credentials, ids, payments, personal info, secure notes.
6. Select the .csv you want imported and drag it to Drop a File Here.
7. Use the drop-down menus in blue to map each column to a Keeper field.
8. If you intend to share all first level folders, check the box Import Root Level Folders as Shared.
9. Review and approve the import by pressing the Import button.
Folder | Title | Login | Password | Website Address | Notes | Shared Folder | Custom Field1 Name | Custom Field1 Value | Custom Field2 Name | Custom Field2 Value | Custom Field3 Name | Custom Field3 Value | Custom Field4 Name | Custom Field4 Value |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
(US)
(EU)
Folder1\subfolder
Google Account
user@example.com
liu.W241Q<q$RGl9r;N1
main google account
TeamFolder
$oneTimeCode
otpauth://totp/?secret=ABC123ABC123ABC123ABC123ABC123
$type
login
$host
10.0.0.1
$url
Instructions for migrating from MyKi to Keeper
To import from MyKi, you must export your MyKi records first.
On Windows
(1) Click Settings > Import/Export
(2) Export to text file and Save
On Mac
(1) Click on File > Export CSV
(2) Select folder destination and Save
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose MyKi from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to export/import records from MacPass.
Keeper supports direct KeePass .kdbx file import which supports more content and file attachments. Please see those instructions here.
To import from MacPass, you must export your records first.
Mac
(1) Click File > Export as XML.
(2) Name the file and click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose MacPass from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(8) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(7) Click on Import.
Instructions on how to export/import records from mSecure.
To import from mSecure, you must export your records first.
Mac
(1) Click File > Export CSV.
(2) Accept the warning by clicking OK.
(3) Select Export All Records.
(4) Name the file and click Export.
Windows
(1) Click on the Settings Icon
(2) Click on Backups > Export.
(3) Name file and click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose mSecure from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to import records from KeePass XML format.
Keeper supports direct KeePass .kdbx file import which supports more content and file attachments. Please see those instructions here.
To import from KeePass, you must export your records first.
Windows
(1) Click File > Export > KeePass XML File. Use XML for KeePass 2.0 and above. XML supports folder organization. If you use KeePass 1.X, export as a CSV file. If you have a .kdbx file, use the Import from KeePass KDBX instructions instead.
(2) Provide a filename and click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose KeePass. If you have a .kdbx file, see Importing fom KeePass KDBX.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to export/import records from Passpack.
To import from Passpack, you must export your records first.
Web Vault
(1) Click Settings > Export.
(2) Click on Download.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Passpack from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to transfer records from LastPass to Keeper
Keeper supports multiple methods of importing your vault records from LastPass, both manual and automatic.
The Keeper Desktop application provides automatic transfer of your LastPass vault to Keeper. Features included:
Transfer of all passwords
Transfer of Folders
Transfer of Shared Folders
Transfer of Templates and Custom Fields to Keeper Record Types
Transfer of custom fields, TOTP seeds
Transfer of Record File Attachments
(1) Download Keeper Desktop from: https://keepersecurity.com/download
(2) Login to Keeper Desktop
(3) Click on your account email in the upper right-hand corner
(4) Click Settings > Import
(5) Choose LastPass
(6) Input your LastPass Email and Password and click Next. To import your Shared Folders from LastPass select the "include shared folders" option.
(7) Review the import and map fields if needed.
(8) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
(9) Click Import.
Note 1: Direct communication to lastpass.com and keepersecurity.com must be allowed by your network firewall, if using a product such as Zscaler or other proxy. Note 2: If you're using a Security Key with your LastPass account, switch to TOTP or some other MFA method first.
Keeper supports automatic import of your LastPass vault using Keeper Commander, our CLI tool.
The Keeper Commander LastPass import feature supports:
Transfer of all Passwords
Transfer of Folders
Transfer of Shared Folders
Transfer of Shared Folder permissions (users and teams)
Transfer of Templates and Custom Fields to Keeper Record Types
Transfer of Record File Attachments
To learn more, click here:
https://docs.keeper.io/secrets-manager/commander-cli/using-commander/lastpass-import
If the automated methods are not available to you, follow the below instructions.
(1) Log into the LastPass vault at https://lastpass.com/?ac=1 with your username and master password. Or, from the LastPass Browser Extension click on the LastPass Extension Icon > Open My Vault.
(2) On the bottom left-hand side, navigate to Advanced Options and under Manage Your Vault you will select Export. This will send an email to your email associated with LastPass to confirm the Export Request.
(4) Once confirmed, return to your LastPass vault and select Export again.
(5) Depending if your LastPass Extension includes the Binary Component... With Binary Component: Enter a file name for your export, then click Save to save the CSV export file. Without Binary Component: Your exported data will be displayed on a webpage, and also downloaded to your downloads folder as a .csv file named "lastpass_vault_export".
Mac Users: Copy and paste the plain text output into TextEdit or any other text editor. On TextEdit select Format > Make Plain Text. Then save the file as a “.csv” plain text file with Unicode encoding.
(5) Log into your web Vault at https://keepersecurity.com/vault/
(6) Click on your account email in the upper right-hand corner.
(7) Click Settings > Import.
(8) Choose LastPass from the list.
(9) Drag the exported file into the target window "Drop a File Here".
(10) Use the drop-down menu in each column to map to a Keeper field.
(11) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(12) Click Import
Psono users can quickly migrate to Keeper
To import from Psono, you must export your records first.
(1) From Psono, click email address on upper right then 'Other'
(2) Click 'Export' then select JSON
(3) Save the file.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Psono from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
(8) Click on Import.
Instructions on how to export/import records from Password Boss.
To import from Password Boss, you must export your records first.
(1) Click File > Export Data.
(2) Choose Password Boss JSON - Not Encrypted.
(3) Navigate to where you want to save the file. Click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Password Boss from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to export/import records from RoboForm
To import from RoboForm, you must export your records first.
Macintosh
(1) Before proceeding, make sure you do not have your Passcards organized in folders in RoboForm.
(2) Click File > Print List > Logins or Identities or SafeNotes
(3) Right-Click HTML page and choose Save As...
(4) Select the format as Webpage, HTML Only.
(5) Navigate to where you want to save the file and click Save.
Windows App
(1) Click on the RoboForm dropdown menu in the upper left column.
(2) Choose Options, then Account & Data.
(3) Choose Export.
(4) Under Format, select CSV file.
(5) Browse the location to save and choose Export.
Windows Extension
(1) Select the RoboForm icon on your taskbar or toolbar.
(2) Click on the Overflow Menu.
(3) Choose Options then Account & Data.
(4) Choose Export.
(5) Under Format, select CSV file.
(6) Browse the location to save and choose Export.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose RoboForm from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Passportal users can quickly migrate their data to Keeper
To import from Passportal, you must export your records first.
(1) Click Settings > Import/Export
(2) Select checkbox to include field headers
(3) Click Export and save the file.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Passportal from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
(8) Click on Import.
Instructions on how to import passwords from Proton Pass to Keeper
To import from Proton Pass, you must export your passwords first.
(1) Open the Proton Pass browser extension for Chrome or Firefox and click Settings.
(2) Click on the Export tab. Ensure "Encrypt your Proton Pass data export file" is unchecked.
(3) Click Export. A file title "Proton Pass_export_[date].zip" will be saved to your computer's downloads.
(1) Log into the Keeper Web Vault or Desktop App.
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Proton Pass from the list of password managers.
(5) Drag-and-drop the exported zip file into the target window "Drop a File Here".
(6) If you intend to share all first level folders, check the box "Import Root Level Folders as Shared". By selecting this option, all first level folders will become shared.
(7) Click Import.
Make sure to delete the local Proton Pass zip file from your computer.
Instructions on how to export/import records from Safari
To import from Safari, you must export your records first.
(1) From Safari, click on Safari > Settings then select the 'Passwords' tab.
(2) Select '...' then select 'Export All Passwords...'
(3) Save the Passwords.csv file.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Text file (.csv) from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
The mappings are as follows:
Title: Title
URL: URL
Login: Username
Password: Password
Notes: Notes
Two-Factor Code: OTPAuth
(8) Click on Import.
Instructions on how to export/import records from SplashID.
To import from SplashID, you must export your records first.
Mac
(1) Click File > Export > CSV.
(2) Name the file and click Save.
Windows
(1) Click the SplashID Icon > Export > Export to CSV.
(2) Name the file and click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose SplashID from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to export/import records from True Key.
To import from True Key, you must export your records first.
(1) Click on the Settings icon.
(2) Click App Settings > Export Data > Export.
(3) After warning appears, click Continue.
(4) Enter your Master Password.
(5) Name your file and click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose True Key from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.
Instructions on how to export/import records from Sticky Password.
To import from Sticky Password, you must export your records first.
Mac
(1) Click on File > Export > Unencrypted.
(2) Name the file and click Save.
Windows
(1) Click Menu > Export.
(2) Click Export All or Export only selected items.
(3) Select Sticky Password 6 XML.
(4) Click Next.
(5) Name the file and click Save.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose Sticky Password from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(8) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(7) Click on Import.
Automated import through Keeper's Commander CLI
The Keeper Commander SDK provides command-line or scripted capabilities to import records and folders into your Keeper Vault. Supported import formats are below:
JSON import files can contain records, folders, subfolders, shared folders, default folder permissions and user/team permissions.
CSV import files contain records, folders, subfolders, shared folders and default shared folder permissions.
Keepass files will transfer records, file attachments, folders and subfolders.
lastpass CSV file format is supported, however we recommend the automated LastPass import method which supports folders, shared folders and file attachments.
myki import method supports records and folders.
1password method supports records, folders and file attachments.
manageengine method supports records, folders and file attachments.
Most features available in the Keeper Admin Console are available through Commander's interactive shell and SDK interface.
Learn more about Keeper Commander at https://docs.keeper.io/secrets-manager/commander-cli/overview
This page has moved:
Export and Reporting Capabilities
The Keeper Web Vault and Desktop application provide export and reporting capabilities. For consumer accounts, this is available for all users. On Enterprise accounts, this may be restricted by the Keeper Administrator.
For Enterprise users, role policies must allow export.
Keeper's CSV format supports Folders, Subfolders and Shared Folders. CSV files can be imported and exported with Keeper.
File Format:
Folder,Title,Login,Password,Website Address,Notes,Shared Folder,Custom Fields
More information about Keeper's CSV format is available here.
The JSON format is structured as an array of Shared Folder objects, and an array of Record objects. The JSON format is compatible with Keeper's import tools and the Keeper Commander CLI.
More information about Keeper's JSON format is available here.
For a printer-friendly version of records, the PDF version is also available.
To print the PDF, click on the printer icon at the bottom:
Keeper supports encrypted Keepass export through the Keeper Commander CLI which is available to all customers.
To install Keeper Commander, visit this link:
https://docs.keeper.io/en/v/secrets-manager/commander-cli/overview The command to run is the export command, documented at this link below:
Audit your Shared Records
Keeper's Shared Records Report is available from the Settings menu of the Web Vault and Desktop App.
For Enterprise users, role policies must allow export.
The Shared Records Report provides you with an audit of each shared record (either direct share, or shared folder). The export contains the following fields:
Record UID
Record Title
Shared To (email)
Shared From (Shared Folder or Direct Share)
Permissions (Read Only, Can Edit, Can Edit and Share)
Folder Path
File Format:
Record UID,Record Title,Shared To,Shared From,Permissions,Folder Path
The JSON format is structured as an array of shared_record objects.
For a printer-friendly version of the report, the PDF version is also available.
To print the PDF, click on the printer icon at the bottom:
Commander also provides a CLI for the Shared Records Report: Command: shared-records-report (or "srr")
Example output:
For Enterprise customers, we provide an advanced enterprise-wide Access Report through the Keeper Compliance Reports feature.
Compliance Reports provide on-demand visibility to access permissions on records and credentials in your enterprise. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring periodic access control auditing.
To learn more about Keeper Compliance Reports, click here:
Instructions on how to export/import records from ZOHO.
To import from ZOHO, you must export your records first.
Web Vault
(1) Click the Tools tab and choose Export Secrets on the left panel.
(2) You can either export all the secrets or export only the ones that belong to a particular secret type
(3) Choose General CSV and click on the Export Secrets button.
(1) Log into the Keeper Web Vault or Desktop App
(2) Click on your account email in the upper right-hand corner.
(3) Click on Settings > Import.
(4) Choose ZOHO from the list.
(5) Drag the exported file into the target window "Drop a File Here".
(6) Use the drop-down menu in each column to map to a Keeper field.
(7) If you intend to share all first level folders, check the box Import Root Level Folders as Shared. By selecting this option, all first level folders will become shared.
If you only wish to share some of the folders, you will need to split the CSV file into two separate files prior to importing each accordingly.
(8) Click on Import.