⮐ Keeper Home
All Documentation
Admin Console
Keeper Enterprise Guide
Resources
Why Choose Keeper Enterprise
Implementation Overview
Deploying App to End-Users
Keeper Admin Console Overview
Nodes and Organizational Structure
User and Team Provisioning
Roles and Permissions
Delegated Administration
Account Transfer Policy
Teams
Folders and Shared Folders
Creating Vault Records
Two-Factor Authentication
BreachWatch
Advanced Reporting and Alerts
Vault Offline Access
SSO Welcome Template
Master Password Template
Training and Support
Whitelisting Keeper
System Architecture
On-Prem vs. Cloud
Keeper Encryption Model
Developer SDK
Recommended Security Settings
End-User Guides
Docs Home
Powered by GitBook

Recommended Security Settings

In order to help lock down your account these are recommended settings.

1. Enforce a strong master password.

Reducing the risk of a cybersecurity attack starts with the use of a strong master password for all users who are on-boarded to your Keeper enterprise account. While many organizations have minimum password complexity rules many do not. Regardless, a strong and complex master password is highly recommended as the first step towards reducing unauthorized access to a users vault.

The National Institute of Standards and Technology (NIST) provides password guidelines in: Special Publication 800-63B. The guidelines promote a balance between usability and security; Or in other words, passwords should be easy to remember but hard to guess. The NIST instruction recommends an eight character minimum but a higher value will ultimately result in a harder to guess/crack password.

Password complexity can be configured on a per role-basis. See the master password complexity enforcement setting in the guide.

2. Mandate the use of Two-Factor Authentication.

Two-factor authentication (2FA), also commonly referred to as multi-factor authentication, adds an additional layer of security to access the vault. The first layer is something your users know; his or her master password. The second layer is something they have. It can be either their mobile device (SMS text or a TOTP application) or by using a hardware token (Duo or RSA offers hardware tokens. Or adding a security key like a YubiKey). Adding a second means of authentication will makes it considerably more difficult for an attacker to gain access a users vault. To set up 2FA See the section in the guide: Two-factor Authentication

3. Configure IP Whitelisting

To prevent users from accessing their work vault outside of approved locations and networks, administrators will want to enable IP Address Whitelisting. This is a role-based enforcement setting that will ensure users can only access their vaults when their device is on an approved network.

Visit the section on IP Whitelisting for more information on configuring roles to include this feature.

4. Set up Email Provisioning

Follow the instructions to set up Email Auto-Provisioning as a way to prevent users from creating a a free vault using their organizational email address outside of the enterprise subscription. This on-boarding mechanism will allow you to place users inside of a role to apply enforcement settings at the onset of the creation of their account.

Previous
Developer SDK
Next
End-User Guides
Last updated Wed Sep 11 2019 18:16:38 GMT+0000 (UTC)
Contents
1. Enforce a strong master password.
2. Mandate the use of Two-Factor Authentication.
3. Configure IP Whitelisting
4. Set up Email Provisioning