Comprehensive guide for the Keeper Web Vault and cross-platform, Keeper Desktop Application.
Your Keeper Vault
With Keeper, your passwords, logins and other personal information are saved in a private, digital vault. It is here where you can view and edit all of your website login credentials and details, as well as store important files and photos.
Master Password Login for Existing Users
If you've already signed up for Keeper on your mobile devices, you can simply login to the Web Vault or Desktop App (links below) with your email address, Master Password and Two-Factor Authentication (if enabled on your account).
Upon Login, you may encounter a "device approval" request. If you are attempting to log in on an unrecognized device or browser, a device approval must take place before you can proceed to your Keeper vault. Users have three methods of approval to choose from: Email Verification, Keeper Push or Two-Factor Authentication.
Keeper Push is Keeper’s proprietary notification-based device approval system that sends a push notification to an existing, recognized device.
If you select Keeper Push, a notification (push) will be appear in your Keeper vault at an approved device or browser.
Select Yes to approve the new device.
You must be actively logged into a different, recognized/approved device to receive the notification.
Once your device has been approved, you will be prompted for 2FA (if enabled), then you will enter your Master Password to proceed to your vault.
New User Account Creation
If you are signing up for Keeper as a new user, click Create an Account at the login page. You will first enter your email address then you will be asked to create a Master Password. This will be the only password you have to remember -- don't forget your Master Password! We recommend that you choose a strong Master Password that is only used for Keeper. To finalize your account and proceed to your vault, you will be asked to enter the verification code that was sent to your email.
Enterprise users who login with SSO do not require selection of a Master Password.
Once you Keeper vault is created, you will be guided through a "Quick Start" walkthrough, that will help you either import passwords from your browser or other password manager or manually create new records.
Watch the video below to learn how to create your account.
Create Your Account
Enterprise SSO Login
Users who login with an existing identity provider have various login choices. Users can either enter their email address at the login screen or click Enterprise SSO Loginand select their login method from the dropdown menu as determined by their Keeper administrator (Enterprise Domain Login or Master Password Login).
Enterprise (SSO) users, should refer to our "Enterprise End-User (SSO)" guide for more information regarding account creation, login flows, device approvals and much more.
Creating New Records
Your passwords, logins, credit card numbers, bank accounts and other personal information are saved in your private digital Vault (as "Records") and are encrypted on your device using 256-bit AES. To begin, simply click + Create New > Record
Name Your Record
Enter Your Email or Username
Enter Your Password or Tap the Dice to Generate One (more on that here)
Watch the video below to learn how to create a record.
Create a Record
Importing Passwords
Keeper can also import logins and passwords directly from your web browser, another password manager, or a text file (.csv).
Account Dropdown Menu > Settings > Import
From Web Browsers
To import passwords from your web browser, you must first install the Keeper Import Tool. To begin the installation, from the Account Dropdown Menu, click Settings > Import > Import. If you came fresh into the Web Vault, you can download the import tool by clicking Install
If you have started the import process from a mobile app and came to the Web Vault, you will be prompted to import your existing passwords, clickNext > Install
Keeper will then walk you through a few steps to download the Keeper Import Tool:
1.
Copy the codeKeeper provides (you will need this when prompted in the Keeper Importer).
2.
If you are using a PC - click Run when prompted.
3.
If you using a Mac - double click the "KeeperImport.zip" file located in your downloads and double click on the "Keeper Import App" to start the import process. You will encounter a few Keychain permission windows that will require you to enter your computer password to allow Keeper to access your web browsers.
4.
Keeper will then ask for the code you received from step one; paste the code and click Import
Once the installation is complete, Keeper will report websites and their associated logins and passwords directly from your web browser. You can then scroll though the report and uncheck those you do not wish to import. Once you have finished reviewing the report, click Add to Keeper to import the selected password.
Watch the video below to learn how to import your passwords from web browsers.
Import Your Passwords
From Password Managers
Keeper can import logins and passwords from other password managers. From the Account Dropdown Menu, click Settings > Import
Click on the password manageryou want to import from, then click View Import Instructions. Once you have created the export file per the instructions, drag and drop the file into Keeper's "Drop a File Here" window.
Confirm the export file has the correct extension at the end of the file name (e.g. export.csv).
A display window will appear allowing you customize how you want the import information organized. There are six general fields across the top of the scrollable window. Clicking on the titles of each one allows you to change the organization of that column via a dropdown menu.
The content of each column and change the title of each column to accurately represent that information (e.g. If you see a column of URLs and the column title says "Notes", change that column title to "URL").
Keeper can import passwords from the following password managers:
Import instructions can also be found in the "Import Records" section of the left-hand column of these user guides.
From Text File (.csv)
Keeper can also import logins and passwords from a text file (.csv). To begin, from the Account Dropdown Menu, clickSettings > Import. After selecting Text File (.csv) click View Import Instructionsand follow the instructions provided. Once you have created the export file per the instructions, drag and drop it into Keeper's "Drop a File Here" window.
Please see the full description and file format of our CSV import here:
Keeper also supports advanced JSON structured file formats. We recommend using JSON files for import and export of structured data instead of CSV files. This is described in the JSON Import page.
Download Keeper Applications
Download Keeper to access your Keeper Vault from any platform and be able to use it for native applications across all of your devices.
Keeper allows you to organize your records by folders and subfolders. To create a folder, click on + Create New > Folder
To create asubfolder,right-click on the existing/parent folder and click New Folder
Watch the video below to learn how to create a folder.
Create a Folder
Moving & Shortcuts
Drag-and-drop the record(s) you would like to store in a folder or subfolder and click Move or Create shortcut. To move multiple records, hold "shift" and click the items to drag-and-drop.
Shortcuts like alias files, can exist in two or more places and when edited, change together.
Moving and shortcuts can also be performed by right-clicking on a record or folder to generate a contextual options menu.
Favorites
By right-clicking on a record you can create a record "Favorite", used to easily locate your most frequently visited sites.
Sharing
Securely create, share and manage records and folders with existing Keeper users such as family, friends and colleagues.
Share a Record
While viewing a record click Options > Sharing
Enter the email(s) of the Keeper users then choose their permission type from the dropdown menu.
Permission Type
Permission Level
Can Edit
Users in folder can edit this record
Can Share
Users in folder can share this record
Can Edit & Share
Users in folder can edit and share this record
Read Only
Users can only view the record
Transfer Ownership
User will own the record and control the sharing permissions
Watch the video below to learn how to share a record.
Share a Record
Share a Folder
Click Create New > Shared Folder
Click the dropdown to select where you would like to nest the shared folder. Click Edit to add record(s), user(s), set permission types and the default folder settings.
Default Folder Settings
Permission Type
Can Manage Users
Can add or remove users
Can Manage Records
Can add or remove records
Can Manage Users & Records
Can add or remove users and records
No User Permission
Can view only
Once the default configuration is set, it will only affect users and records added after the change was made. To change users or records added prior to the default configuration, those items will need to be changed either individually or through a bulk change.
Watch the video below to learn how to create a shared folder.
Create a Shared Folder
Identity & Payments
Identity & Payments is the place for you to store your personal contact/address information and credit card numbers safely.
From the left navigation menu, click Identity & Payments, enter a username and click + Phone Number and + Address to enter your corresponding information.
Key Features
Password Generator
Long, random passwords that are created for each login help protect your information and reduce your exposure to data breaches. Keeper generates and securely stores strong, random passwords for all of your sites and apps with the click of the dice.
This will NOT automatically change the website's existing login password. You must still visit the corresponding website's "Change Password" form to update the old password to match the new, stronger password. Click here to learn how to easily change your password with KeeperFill.
Custom Fields
Custom Fields allow you to store additional important data, like the answer to a site's security question or your passport number. Custom fields are created in pairs: a "Custom Field Name" and a "Custom Field Value".
Please note, masked custom field values are only available for Keeper Enterprise customers.
Auto-Launch
Auto-launch allows you securely and quickly navigate to your favorite websites. Simply click a record's Website URL to launch and login with Keeper in a new window.
Security Audit
Security Audit gives your passwords an overall security score and lets you clearly see what passwords are weak from a password strength visual indicator (red being the weakest, green being the strongest).
You can edit a record's password by clicking on the recordfrom the provided list (you will still need to update the password at the record's website to match the new password in your Vault).
Record History
Keeper provides you with the ability to restore previous versions of a record by clicking Options > Record History
Select the version of the record you want to review/and or restore based on the last modified date and time.
Click the info icon to review specific record version information. Click Restore to revert the record back to the selected version.
Deleted records can be reviewed and restored by visiting theDeleted Itemssection of the left navigation menu.
Emergency Access
Give trusted family and friends access to your Keeper Vault in the event of an emergency or loss of life. You can designate up to five emergency contacts and decide how much time should pass before their access is granted. From the Account Dropdown Menu, click Account > Emergency Access
Select Trusted Users and enter the email addresses of up to 5 contacts.
Set their "Delay access" duration and click Send
The amount of time between request and access granted can be set up to three months per contact. Please note, the Emergency Access feature is only available for consumer accounts.
If a delay is configured, the countdown starts the moment the trusted user attempts to login to your vault.
In order for the recipient to accept the request, you must first establish a "sharing" relationship with them if one hasn't already been established through our sharing features.
Click Send Invite
If the recipient is an existing Keeper user, they will receive an email like the one below notifying them you want to establish a sharing relationship, at which point they will be prompted to login to their Keeper Vault and accept or deny the request. Once the recipient has accepted the request, you will be notified and then you must send the Emergency Access invite once more.
If the recipient is not an existing Keeper user, they will receive an email inviting them to sign up for a Keeper account. Once they sign up and login to their account, they can accept the sharing relationship request.
After the recipient accepts the emergency access request in their vault, they will notice a red notification indicator appears in the Emergency Access section of their Account Settings. There they can then navigate to My Access and Accept or Decline the emergency access request and proceed to Login(once the access delay has passed, if enabled).
Recipient's Vault
Recipients Vault
Once requests are accepted, trusted users will appear within the Emergency Access section of your vault.
If a delay is configured, the countdown starts the moment the trusted user attempts to login to your vault.
Two-Factor Codes for TOTP
For extra security on supported sites and apps, click + Add Two-Factor Code to store Two-Factor Authentication codes for standard TOTP (Time-Based One Time Passwords) in your Keeper records.
Two-Factor Codes Integration
Storing Two-Factor Codes in your vault has several advantages:
Keeper two-factor codes are more secure than using SMS text messages.
Two-factor codes stored in Keeper are protected with strong Zero-Knowledge encryption.
They can be auto-filled quickly while logging in to a site, saving time and reducing friction.
Keeper records are securely backed up so if you lose a device you don’t have to reset all the codes.
Since Keeper records are shareable, Two-Factor Codes are always available to everyone who has access to the record.
Record Containing a Two-Factor Code
For detailed instructions on how to set-up Two-Factor Codes for Websites and Applications, click here.
KeeperFill
With the KeeperFill browser extension, you can autofill your passwords and save new login credentials to your vault. KeeperFill is available for every web browser (Chrome, Firefox, Safari, IE, Edge, and Opera).
Download KeeperFill for your browser by visiting our Downloads Page.
Watch the video below to learn how to autofill with KeeperFill.
Autofill with KeeperFill
To learn more about the KeeperFill Browser Extension, click here.
Changing Passwords with KeeperFill
KeeperFill makes it easy to change your passwords. When visiting a site's "Change Password" form, you will receive a prompt from Keeper asking if you would like help changing your password. By clicking Yes Keeper will walk you through a few quick steps to change your password and simultaneously update the record in your vault. These steps will include a series of prompts detailing the following actions:
Autofill your old/current password
Automatically generate and autofill a new secure password
Confirm the changes and save them to your vault
KeeperFill's Prompt to Change a Password
Watch the video below to learn how to change your passwords with Keeper.
Changing Your Passwords
Secure Add-Ons
Secure File Storage
Keeper offers Secure File Storage to protect your confidential files, photos and videos. Securely upload and store files such as passport photos, medical cards, drivers licenses, tax and loan documents, videos and any other private file to your Keeper vault.
Files can either be added to an existing record or you can create a standalone record to store the file independently of other login information.
Click + Files or Photosto upload a file, or simply drag-and-drop the file directly into your Vault.
Drag-and-Drop a File Directly Into Your Vault
To learn more about Secure File Storage, click here.
BreachWatch
BreachWatch is a powerful secure add-on feature that monitors the internet and dark web for breached accounts matching records stored within your Keeper vault. BreachWatch alerts you so that you can take immediate action to protect yourself against hackers. Once activated, BreachWatch continuously monitors for compromised credentials and notifies you if any of your records are at risk.
To start your BreachWatch scan, from the left navigation menu, click BreachWatch > Let's Begin
BreachWatch will then scan your records and report any risks associated with them. Clicking each record listed will allow you view the steps needed to resolve each risk.
Resolving the risk requires you to change the password at the affected website. Once you have done that, be sure toupdate the corresponding record in your Keeper Vault with the same password.
If you clickIgnore, then that record will be skipped on future scans until the password is reset. You may also do nothing (deferring a response) and leave the risky password unchanged and thus still at risk.
Users can change specific features like language, theme and Two-Factor Authentication in the Settings menu. You can access the Settings menu from the Account Dropdown Menu.
General
Choose a New Color Theme
Set Clipboard Expiration
Choose another language: English US & UK, Spanish, Japanese, Romanian, Chinese Simplified & Traditional, French, Korean, Russian, Arabic, Greek, Dutch, Slovak, Brazilian Portuguese, Hebrew, Polish, German, Italian, and Portuguese
Two-Factor Authentication (2FA) provides an extra layer of security when logging into your Keeper Vault or another site or application by requiring a secondary passcode upon logging in.
Enabling Two-Factor Authentication is advised for highly valuable or sensitive accounts (e.g. banking, medical and social media accounts).
Keeper provides two ways to take advantage of 2FA:
To log into your Keeper Vault.
To login into any site or application from your Keeper Vault by embedding a Two-Factor code into your records.
2FA for Keeper Vault
To enable 2FA for your Keeper vault, from the Account Dropdown Menu, click Settings > Security , toggle "Two-Factor Authentication"on and select your 2FA method.
Text Message Setup:
(1) The Text Message toggle is on by default. Select a Region from the dropdown (US+1 by default), enter your 10 digit phone number including your area code and click Next
(2) To verify that you trust this number and device, enter the Keeper Web code that was sent to the phone number you provided. Select your 2FA code duration from the dropdown menu and clickNext
You will be prompted for 2FA every time you login to your Vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
Codes will only last for a minute; if you need another code sent, click Send a new code
(3) Backup codes will be shown next. If you are unable to receive Two-Factor codes via the phone number you entered, you can enter one of the codes listed instead. Click I have written these codes downto finish.
If you are NOT receiving SMS messages from Keeper, please use the TOTP method or contact [email protected] to troubleshoot the issue.
Google and Microsoft Authenticator (TOTP) Setup:
(1) Toggle "Google and Microsoft Authenticator (TOTP)" on and click Next
(2) Using the device that runs the Google or Microsoft Authenticator App, scan the QR code provided. The app will then acknowledge the QR code and produce a verification code.
(3) Enter that verification code and click Next
You will be prompted for 2FA every time you login to your Vault unless you select an alternative code duration. Business customers may be required to enter the code every login as determined by their Keeper Administrator.
(4) Backup codes will be shown next. If you are ever unable to receive Two-Factor codes, you can enter one of the codes listed instead. Click I have written these codes down to finish.
In order for Azure MFA (using the Microsoft Authenticator app.) to be utilized as a TOTP, the Azure administrator needs to allow the verification method "Verification code from mobile app or hardware token" when setting up MFA in Azure.
KeeperDNA Setup:
Keeper DNA is a Two-Factor Authentication method that uses your smart watch as your second factor.
To use this feature, toggle the switch next to Keeper DNA, then follow these links to set up KeeperDNA on your preferred platform:
(1) At your target website, visit the two-factor authentication screen which is usually located within security settings. It is sometimes referred to as "login verification" or "two-step verification". Screengrab the QR pattern or copy the secret code to clipboard.
(2) Within a Keeper record, select Edit > Add Two-Factor Code
(3) Upload the screengrab of the Two-Factor QR pattern (with security key) associated with the site or application. If there isn't a QR pattern, use the manual entry method. Enter the code given under “Secret Key”, often a 32-digit code and fill out the rest of the fields.
(4) After adding the security key to the vault record a Two-Factor Code will be generated inside the Keeper record.
(5) The two-factor code will be regenerated frequently and can then be copied and filled into the site or app when prompted after logging in with a username and password.
Security Keys
To increase security, Keeper supports FIDO-compatible U2F hardware-based security key devices such as YubiKey and Google Titan keys as a second factor. A user can register up to five security keys. Any one of those keys will unlock the account.
A Two-Factor Authentication method must be set up before you register a security key. This ensures that there is a backup method if the key is not present. Click here to learn how to set-up a two-factor method.
1.
Under Settings > Security > Security Keys select Setup
2.
Make sure the security key is NOT already inserted into your USB port and click Next
3.
Insert the security key into the USB port, name the key and click Register
4.
Tap the sensor on your security key and click Done
To delete a security key, click Editwithin the "Security Keys" section of the Settings menu and click the trash icon next to the registered key to delete it. If you turn-off the backup two-factor authentication, you will delete the registered keys as well.
KeeperFill for Apps
KeeperFill for Apps is a convenient tool used to further enhance your experience with the fully-featured Keeper Desktop App. Used in conjunction with your desktop applications, KeeperFill for Apps provides a simple login solution and quick access to your vault records.
Using a hotkey, KeeperFill for Apps also provides autofill features for native desktop applications. Please note, this feature is only available when using the Keeper Desktop application.
KeeperFill for Apps
To learn more about KeeperFill for Apps, click here.
Platform-Specific Features
Touch ID Magic Keyboard (Fingerprint Login)
On supported Mac devices equipped with the Apple M1 chip, users with Touch ID Magic Keyboards can use their fingerprint to log in to the Keeper Desktop App.
Magic Keyboard Configuration
To configure your Touch ID Magic keyboard fingerprint login capabilities, you must first be running the latest version of macOS (Big Sur 11.5.2). Once updated, navigate to your computer's System Preferences > Touch ID > Add Fingerprint. Follow the prompts to register your fingerprint to the device.
Mac System Preferences
System Preferences > Touch ID
Fingerprint Successfully Registered
Enable Touch ID in Keeper Vault
Once you have registered your fingerprint, log in to the Keeper Desktop App and click on your account email address in the upper right corner of your screen, then click Settings > Security and toggle "Touch ID" on.
The next time you login to the Keeper Desktop App, the "Touch ID" button will appear at the login screen. Click Touch ID and when prompted, apply your registered fingerprint to the Touch ID sensor on your keyboard to log in.
Touch ID Prompt
Touch ID (Fingerprint Login)
On supported MacBook Pro devices, Keeper supports the use of Touch ID to login to your Vault. You can enable Touch ID from Keeper's Settings menu.
The next time you login to Keeper, the Touch Bar will show the Touch ID button, tap it.
Apply your registered fingerprint on the Touch ID sensor to log in.
Windows Hello Login
Keeper is compatible with Windows Hello, a biometrics-based technology that allows users to authentic and log into their Windows device using biometric facial recognition, fingerprint reader, or pin (available on Windows 10).
To enable Windows Hello Login for Keeper, from the Account Dropdown Menu, click Settings > Security and toggle "Windows Hello Login" on.
Enabling Windows Hello Login
Next time you log in to Keeper, Windows Hello will first attempt to authenticate your identity. Once authenticated, you will be automatically logged into Keeper.
Windows Hello & Keeper
To learn more about logging into Keeper with Windows Hello, click here.
Password Export (Backup)
To backup your records, from the Account Dropdown MenuclickSettings > Export. There are three formats for export: PDF, .csv File, and .json File. To begin backup, simply click Export Now under the file format you would like to export to.
Exporting to a .csv file will not back up file attachments saved in records. For advanced backup capabilities see Keeper Commander.
Uninstall
The instructions below are for uninstalling Keeper Desktop App (Keeper Password Manager) for Mac and Windows OS.
Uninstalling the Keeper Password Manager will delete the data from Keeper on the local device. Data stored in Keeper's Cloud Security Vault is NOT erased.
Mac
1.
Drag the Keeper Password Manager app to the Trash.
2.
Empty the Trash.
Uninstalling Keeper Password Manager will also remove KeeperFill Browser Extension from Safari. Data stored in Keeper's Cloud Security Vault will NOT be erased.
Windows
Uninstall Keeper Password Manager
1.
Navigate to the Windows Start Menu > Settings > Apps & Features.
2.
Within Apps & features, click the Keeper Password Manager application.
3.
Click Uninstall.
4.
You will be warned that the app and its related info will be uninstalled, click Uninstall to confirm.
5.
User Account Control will ask you to confirm making changes to your device, confirm the changes by clicking Yes.