Keeper is a Zero-Knowledge platform. The data stored in a Keeper vault is encrypted and decrypted locally on the user’s device using keys that are derived by the user's master password. Note: business customers may not use a Master Password if Keeper is integrated into the enterprise Single Sign-On (SSO) solution. Keeper Security employees have no ability to decrypt customer data, because the keys are managed by the customer. In addition to zero knowledge architecture, Keeper provides a number of two-factor authentication methods including Google Authenticator, Microsoft Authenticator, SMS and FIDO U2F security keys. Keeper Security is SOC2 and ISO27001 certified and we actively maintain a public vulnerability disclosure program and bug bounty program.
For more information about our security please visit our public security disclosure page at: https://keepersecurity.com/security
Detailed encryption architecture can be found at: https://docs.keeper.io/enterprise-guide/keeper-encryption-model