You may have heard about a major security threat that affected nearly every site on the Internet this week. It’s called Heartbleed and you can read about it here. Keeper WAS NOT affected by this vulnerability. We would like to explain why – it relates to our robust security.
Our Web App, mobile apps and desktop apps all use what we refer to as “Client Encryption“. When data is sync’d to your devices, it cannot be decrypted by a 3rd party — or even us.
Additionally, Keeper enforces Perfect Forward Secrecy to combat against man-in-the-middle replay attacks and spying. Keeper’s servers are also patched with the latest OpenSSL updates.
You may be contacted by individual websites requesting that you reset your password to those sites. As always, we recommend that you use our secure password generator (the “Dice” button) to make sure that every website you access uses a unique and strong password.
Keeper is certified as SOC 2 Type 1 compliant in accordance with the AICPA Service Organization Control framework. To read more about Keeper’s security practices, visit our Security Disclosure page.
To check if a particular website is vulnerable to Heartbleed, we recommend using the Qualsys SSL Labs testing tool.