Keeper review: Security is the greatest strength of this password manager
- 30 October, 2019 21:32
Keeper has always emphasized security, more than some other password managers. But in the past that sometimes came at the expense of things that consumers prize like ease-of-use and eye-catching aesthetics. Thankfully, the password manager has made some smart updates since the last time I reviewed it, including modernizing its interface, while strengthening its already impressive security features.
Note: This review is part of our best password managers roundup. Go there for details about competing products and how we tested them.
Keeper’s guided multi-step setup gets you up and running quickly. You’re first asked to import any passwords you have saved in your browser. Given the inherent risks of storing passwords this way, all users should happily oblige. You can also import passwords from 15 other popular password managers, including Dashlane and LastPass. Next, it walks you through the process of installing the Keeper browser extension, creating your first record, and adding your personal and credit card information for auto form filling. Finally, it prompts you to turn on two-factor authentication; it supports several different authentication methods, including text message, Google Authenticator (TOTP), Smart Watch, RSA SecurID, and DUO Security and FIDO Universal 2nd Factor (U2F) compatible hardware security keys.
As with other password managers, Keeper’s main utility is capturing your credentials whenever you log in to a website. When you first visit a secure site after installing Keeper, you can have it save your login when prompted or create a new username and password directly in Keeper by clicking the lock icons that appear in those fields. Keeper will generate a password of 8 to 51 characters using a combination of upper- and lower-case letters, numerals, and symbols. When you save the record, Keeper automatically fills the site’s login fields with the new credentials.
Once you’ve saved your login credentials for a website, Keeper will surface a pop-up prompt each time you return, asking if you want it to autofill the credentials. If you have multiple logins for a site—a bank where both you and your spouse have accounts, for example—you can view all of them by clicking the lock icon and select the appropriate one for autofill.
Keeper also recognizes when you’ve accessed a website’s “change password” page and surfaces a one-click update-and-save option to store the new password in your vault. It does not, however, support automated password updates as this violates Keeper’s “zero knowledge” policy—to ensure your sovereignty over your passwords, the password manager eschews any features that would expose your login credentials to the company. As a Keeper contact explained to me, automatic password updates require passwords to temporarily reside on Keeper’s servers and that is anathema to the company.
The Keeper browser plugin is fairly minimal. At the top is a search field for looking up password records by website name. Beneath that is a toggle for enabling/disabling the lock icons that appear in websites’ login fields, and buttons for accessing your vault, various Keeper settings, a user guide, and a logout button.
Clicking on “vault” in the browser extension opens Keeper’s web interface. The vault displays all your passwords in a list or as tiles, and you can group records into folders if you want to organize them further. Every password record allows you to attach files and photos, create custom fields, and add notes. The vault also keeps a complete record of every password you’ve used for a site and allows you to restore them. It maintains version histories of all attached files, as well. Personal information and credit card records are stored in their own section.
The Security Audit section of the interface assigns a password strength to each entry so you can easily identify weak and reused passwords and change them. It also displays how long it’s been since each password was changed, though NIST guidelines no longer recommend regularly changing you password and advise you to do it only after you know it’s been compromised. Keeper’s BreachWatch feature makes it easier to discover stolen passwords, by scanning the Dark Web to see if any of your credentials have been found in previous breaches.
Keeper supports secure sharing of any password with anyone who has a Keeper account. If you try to share a record with someone who doesn’t, they will be instructed to sign up for a free account. By default, the recipient will be able to use the login but not change it. You can expand permissions on the record up to making the recipient its owner. You can also share multiple passwords by creating a shared folder, with permissions working much the same as with an individual record. Keeper’s Emergency Access feature allows you to grant access to up to five trusted contacts, who can log in in the event you can’t for whatever reason.
Keeper’s free version provides access on one device with unlimited password, payment, and identity info storage; fingerprint and face ID login; and password autofill for mobile devices only. A personal subscription adds secure record sharing, the Emergency Access feature, web app access and 24/7 support for unlimited devices for $30 per year.
You can add KeeperChat, the company’s secure messenger app, for an additional $20 a year. But the better deal is the Max Bundle, which includes the password manager, KeeperChat, BreachWatch, and 10GB of secure file storage, for $59.97 annually. Keeper offers similar subscriptions for families and a 50 percent discount for students.
Thanks to some welcome features updates, Keeper is one of the strongest password managers available. While seriously security-minded users stand to get the most out of its robust features set, even those just wanting an easier way to manage their passwords will be safer for using it.