Keeper for DevOps: More Than Just Passwords

by , on

By Craig Lurey, CTO & Co-founder of Keeper Security

Keeper is awesome for DevOps teams. Back when we first created Keeper, our goal was to build a digital vault that was ultra secure but also easy to access and use. Website passwords are just one of many types of sensitive information that Keeper can protect.

Unlike other password managers, Keeper is focused on the secure storage and management of all types of private, highly sensitive data – passwords, SSH keys, SSL Certificates, RSA Keys, server logins, confidential notes, top secret files/photos/videos and anything else you need to protect.

We offer a few different ways of storing content outside of Usernames and Passwords. You can use Custom Fields, File Attachments and Secure Notes.

Keeper Custom Fields


Custom Fields

Custom fields is a powerful feature to save information into your Keeper vault without being forced into using a predefined template. Just add a custom field, name it (or select from a previously used field) and save it.  For example, you could create a custom field on-the-fly called “AWS Access Key” and “AWS Secret Key” to store your Amazon AWS credentials.  You can also create custom fields that contain all of the complex command-line utilities that you and your DevOps team utilize.

Keeper Custom Fields


File Attachments

Another way to store information into the Keeper Vault is using the Secure File Storage feature.  Simply drag-and-drop an SSH Key or certificate file into the record on your Desktop App or Web App. Keeper instantly encrypts the file and stores it in your vault. It is then synced to your other devices and computers with complete end-to-end encryption.

Screen Shot 2016-08-12 at 7.01.51 AM

Screen Shot 2016-08-12 at 7.02.09 AM


Secure Notes

It’s quick and easy to create a record in your vault and add text notes.  For example, you can add a note with instructions on how to login to a server remotely or other multi-line content that is too sensitive to be checked into a source code repository.

Screen Shot 2016-08-12 at 7.13.18 AM


Sharing Private Keys

Within a DevOps team, it’s important to be able to share private keys and other access credentials with the highest levels of security but with convenient, on-demand access. Keeper can be used to securely and easily share confidential data.  When you share information from within the Keeper system, your information is protected by the highest level of encryption and an impenetrable zero-knowledge architecture.   

Screen Shot 2016-08-12 at 7.02.30 AM


Simply click on the “Share” button from your Keeper vault record and type in the Keeper email address of the person you are sharing with. If you are a Keeper Business customer, you can also share to an entire team with one click.  Full access rights (view, edit, share) can be assigned per-user or per-team.

Screen Shot 2016-08-12 at 7.02.52 AM

It’s also really easy to add vault records into a shared folder.  Shared folders give teams the flexibility to just add a record into a folder and everyone receives it instantly and securely.

Screen Shot 2016-08-12 at 7.03.42 AM


Zero Knowledge Security

Keeper is the only zero-knowledge solution in the industry.  This means that we do not have access to ANY of your data, the encryption keys that decrypt your data, your files, or your master password.  It’s critical that you use a zero-knowledge platform to store data which could cause irreparable harm to your business or personal life.

Zero Knowledge is a system architecture that guarantees the highest levels of security and privacy by adhering to the following principles:

  1. Data is encrypted and decrypted at the device level (not on the server)
  2. The application never stores plain text (human readable) data
  3. The server never receives data in plain text
  4. No employee or intermediary can view the unencrypted data
  5. The keys to decrypt and encrypt data are derived from the user’s master password
  6. Multi-Layer encryption provides access control at the user, group and admin level
  7. Sharing of data uses Public Key Cryptography for secure key distribution

Data is encrypted on the user’s device before it is transmitted and stored in Keeper’s digital vault. When data is synchronized to another device, the data remains encrypted until it is decrypted on the other device.

Keeper is the most secure, certified, tested and audited password management and digital vault in the world. We are the only SOC2 certified password management solution in the industry and certified by TRUSTe for online privacy. Not only do we implement the most secure levels of encryption, we also adhere to very strict internal practices that are continually audited by third parties to help ensure that we continue to develop secure software.  Detailed information about our Zero-Knowledge security platform can be found at

New Release Available for Download: Keeper for Desktop V10

by , on


Keeper’s engineering teams are working around the clock to provide you with the strongest experience on all major platforms and devices. Today, we’re excited to bring you the latest version of Keeper Desktop.

Keeper Desktop is a cross-platform password manager and digital vault providing encrypted storage and seamless cloud synchronization on Windows, Mac and Linux.  

This new version delivers:

  • UI refinements and enhancements
  • Performance enhancements including faster login, searching and syncing
  • Support for multi-select drag and drop for shared folders
  • Support for Keeper Business enforcements including, master password strength and expiration, mandatory two-factor authentication and cloud backup

Download Keeper Desktop 10 Now

The Keeper 10 Quick Start Guide can be found here

Please contact our support team at if you have questions.

Protect and Preserve Your Family Legacy with the Keeper Family Plan

by , on

In an increasingly digital world, families everywhere struggle to keep track of passwords, files, documents and other sensitive information. Families share nearly everything – files, photos, videos, Internet accounts, security system codes and personal identification numbers.

Reusing simple, easy-to-remember passwords is a huge problem. In fact, more than 60% of cyber breaches occur due to weak or stolen passwords. Hackers target young adults to the elderly, stealing their identities, money and digital assets.


Introducing the Keeper Family Plan

You can now protect your whole family (up to 5 people) for one low price of $59.99/yr. Keeper Family Plan secures passwords, private files, photos and videos and lets you securely store and share these between family members with ease.


Keeper Family Plan includes the following benefits:

  • Up to 5 users with private vaults
  • Unlimited password storage
  • Unlimited devices + sync
  • Unlimited secure cloud backup
  • Unlimited secure record sharing
  • 10GB Secure File Storage
  • Fingerprint login
  • Web app
  • 24/7 support


Upgrading your existing Free or Paid plan is quick and easy – Sign Up Now!

Customer Survey: Keeper for Business Takes Less Than an Hour to Deploy (Infographic)

by , on

The effectiveness of security technology depends on whether it’s being adopted by users, yet it’s rare to see a security solution that offers a fast time-to-security and ease of use. We surveyed a variety of Keeper for Business customers and found that on average, Keeper for Business takes less than an hour to deploy.


See the infographic below (click to expand):

Keeper Deployment Infographic


Learn more about Keeper for business at

Feb. 1 Was Change Your Password Day: Why You Should Care

by , on

keeper app

Weak passwords: there’s no excuse for them yet we still see so many people using them.  It is often disregarded as unimportant and a result of not having a nominal level of security education and awareness. Weak passwords and password reuse account for over 70% of all computer and internet account breaches. People hate creating passwords and even more so, have a tough time remembering them.  It’s a simple function of human nature that we call “password fatigue.”

Last month, a survey was published with the most common leaked passwords during data breaches that occurred throughout 2015. Once again, “123456” and “password” dominated the top of the list and new ones appeared, such as “starwars”, “princess” and “login”. While many consumers are attempting to use longer passwords, they remain so simple that most hackers could guess them.

As we celebrate “National Change Your Password Day,” it only makes sense to remind people everywhere that most online breaches are caused by weak or stolen passwords.  Every time there’s a new breach, your personal data is leaked to cyber criminals who can use it as bait for phishing scams, to steal your credit card information, social security number, tax information or more. And once you’ve clicked on that link – accidentally or not – hackers can now implant a keystroke logger onto your laptop or mobile device, embed malware and ultimately steal your information, money and worse, your identity.

The cybercriminal playbook doesn’t change much for businesses either. One weak, cracked password or an employee falling for a phishing scam could yield a data breach that could ultimately put a company out of business, or cost them millions of dollars to recover.

As the CEO of Keeper Security, the leading global password management application, I advise people on how to protect themselves and their personal information. Here are some quick tips for improving your overall password security:

  1. Use a secure password manager.  Utilizing a password manager like Keeper allows you to create randomly generated secure passwords for all of your sites so you do not have to remember simple passwords, reuse the same password and keep passwords on sticky notes or word files.  The average person has over 25 passwords to remember and there is no possible way to remember all of them. A strong password manager like Keeper can give you peace of mind knowing that your data is encrypted and safe from cybercriminals.
  2. When resetting your passwords, be careful about the reset questions you choose. It’s easy to forget passwords for your various accounts and click on the reset button to get an email prompting you to pick another password. As a form of increased security, most sites ask you “security questions” that you must answer to enable a password reset. The questions are typically very simple: “What’s your maiden name?” or “What was the street you lived on growing up?” These questions are very easy to guess, especially with social media giving away so much personal data. Try to pick a question that nobody can guess to help increase the security of your password resetting feature.
  3. Use two-factor authentication. Many sites offer 2FA now so you should turn it on at all times – for your bank accounts, GMail accounts, Facebook, Twitter, etc. You should always choose more security over less!
  4. Change your passwords regularly. If you choose to not use a password manager, you should be vigilant about choosing strong, complex passwords and changing them every month or so. You must use unique passwords for each account and not recycle them. Enterprises should enforce password changing with employees every 100-120 days, as a standard business practice.
  5. Audit your passwords and your own personal security when data breaches occur, especially those that impact you directly. Every time a major data breach occurs, it’s important to be proactive and take precautionary measures to change your passwords immediately, as your personal data most likely leaked during the breach. It’s also not a bad idea to double check that your software and apps are updated regularly on both your personal computers and mobile devices and run your antivirus checks as well.

We hope you will take these security tips seriously — not only on National Change Your Password Day, but every day.


Keeper Security’s Top 5 Security Predictions for 2016

by , on

2015 was a record breaking year for data breaches impacting almost every sector – healthcare, education, financial services, retail, the federal government and more. During the first three quarters of the year, over 3,000 data breaches were reported. Of course, the most eye-opening breach of all was at the Office of Personnel and Management (OPM), where the sensitive data of more than 21.5M federal workers and contractors was exposed, as well as biometric data. Every time there’s a new breach where data leaks out, it’s just another opportunity for cyber criminals to use the exposed data to steal identities and carry out other malicious deeds.

As we look ahead into 2016 and beyond, we predict the following events:


  • Hackers will exploit weaker supply chain partners. There is a trickle down effect when data breaches occur and supply chain partners are not immune. Once forensic analysis and investigations are completed, there’s often a clearer understanding of how a breach happened in the first place. With the Target and Anthem attacks, not only were employees and customers impacted, but others who were connected to the breached victims were put at risk as well. It is widely known that the hackers first gained access into Target’s system through one of its HVAC vendors. In 2016, we’ll see more B2B companies not only invest heavily in their own security upgrades but also demand a higher level of security from their partners.
  • Hackers will get more creative and breach a hot new target: IoT devices. According to Gartner, by 2050, there will be over 20 billion connected devices in our homes and in the workplace. Wearable products such as the Apple Watch, fitness trackers and new “smart” objects such as household appliances and connected cars were counted among 2015’s hottest products. With new technology, comes new security threats. In 2016, we expect to see security holes exposed by IoT will dwarf today’s traditional cyber threats. With expansive user bases scattered in the cloud and among third-party vendors, IoT devices running mobile applications can be hacked or riddled with malware, with the potential to affect millions.  
  • Encryption technology will become the norm.  There is an ongoing debate among government agencies and technology providers regarding the use of encryption. Encryption provides a much stronger layer of protection for consumers and businesses which prevents government actors from accessing files and communications.  While governments may want access to certain individual assets, technology companies who open the doors to one individual or agency provide an opening for any hacker to penetrate that system.
  • Wearable devices will force BYOD policy changes. Now that wearables like the iWatch are the new “norm,” companies will have to adjust their BYOD policies to accommodate for all IoT devices brought into the workplace — not just smartphones. According to a survey from IT staffing firm Modis, 90 percent of employees surveyed were interested in receiving a wearable device from their employer to complete work tasks and 60 percent said they would be extremely interested in using such a device at work. As employees begin to use wearables for work-related activities, IT security teams will have to rethink how these will impact the company and revamp security policies and employee training.
  • OEMs will implement greater security in their products. In 2016, original equipment manufacturers (OEMs) will integrate security features into the hardware and software layers of a device from the onset of design, rather than as an afterthought. By preloading mobile devices with security apps, customers are immediately protected, from the moment their phone is booted up. As a result, consumers will feel more secure in using their mobile device for things like e-commerce transactions and web-browsing, potentially reducing the number of software security patches OEMs are responsible for, as a result.

Yes, mobile technology is bringing new, sophisticated cyber threats into our workplaces and homes, but it’s also bringing greater convenience and productivity. As we adapt to this new landscape, cybersecurity investments cannot be overlooked.

Wi-Fi Sync Removal

by , on

Keeper has removed its Wi-Fi syncing feature. We’re now auto-enabling our Cloud-based Internet Syncing feature for all users. This is great news for users – it simplifies the user experience, reduces confusion, enhances the product and increases security.

Keeper’s Internet Sync feature is the most secure way to sync information between your devices and protect your data in case your device is lost, stolen, damaged or replaced. It works instantly across all devices, computers and web browsers – and no configuration is required.

Security is our #1 priority. Keeper is a zero-knowledge security provider. Zero Knowledge is a system architecture that creates the highest levels of security and privacy by adhering to the following principles:

1. Data is encrypted and decrypted at the device level (not on the server)
2. The application never stores plain text (human readable) data
3. The server never receives data in plain text
4. No employee or intermediary can view your data
5. The keys to decrypt and encrypt data are derived from the user’s master password
6. Multi-Layer encryption provides access control at the user, group and admin level
7. Sharing of data uses public key cryptography for secure key distribution

Data is encrypted on the user’s device before it is transmitted and stored in Keeper’s digital vault. When data is synchronized to another device, the data remains encrypted until it is decrypted on the other device.

Keeper is the most secure, certified, tested and audited password management and digital vault in the world. Keeper is the only SOC2 certified password management solution in the industry and certified by TRUSTe for online privacy. Keeper uses the most secure levels of encryption and adheres to very strict internal practices that are continually audited by third parties. As a company, we do this to create the best product in our industry and most importantly, honor your security. Detailed information about our zero-knowledge security platform can be found at

If you have any questions, please contact

5 Tips for Safer Holiday Shopping in Stores & Online

by , on

blog post image

‘Tis the season for holiday shopping and hackers! As Black Friday and Cyber Monday approach us, the two biggest shopping days of the year, it’s imperative that consumers everywhere follow some simple steps to protect themselves and their wallets. This level of security awareness should not only apply during the holiday season but ALL the time. Remember, cyber criminals work around the clock – 24x7x365 – which is why you need to protect yourself around the clock too!

As you probably know, 2015 brought another overload of data breaches across many sectors including retail, and as a result, many consumers have had their personally identifiable information (PII) exposed. And with each breach, more PII can fall into the hands of hackers, resulting in identity theft which is never easy to clean up.

So to help consumers this holiday shopping season, we’re offering some helpful tips and reminders for keeping consumers secure, both online and in stores:


  1. Update your anti-virus and computer software regularly. And if you don’t have anti-virus, get it immediately. However, be careful where you download your AV from because there are a lot of fake AV scammers out there. Go to the website of the AV provider directly to download it safely and double check ratings on sites like PC Magazine and ZDNet to find the best one for you.
  2. When to use cash vs. credit? Whenever possible, use cash for your transactions in stores. Just remember to keep all your receipts either printed out or via email in case you have to make a gift exchange. When shopping online, it’s always a better idea to use a credit card versus a debit card. That way, if there are fraudulent charges made to your account, you can dispute them with your credit card provider more easily.
  3. Do not use public Wi-Fi. It’s never a good idea to use public Wi-Fi from airports, coffee shops, restaurants and more, and certainly not when you are shopping online and transacting with retailers using your credit cards. Public Wi-Fi is a great attack vehicle for online cyber criminals who can spy on your activity through man-in-the-middle attacks. Use a private home Wi-Fi connection or your own personal hotspot available inside your phone.
  4. Ensure you are using SSL-encrypted websites whenever you transact. While not foolproof, making sure you’re using a website that has the HTTPS (look for the “S” that stands for “secure” and the little padlock in the upper lefthand corner) connection in the web address. This will at least give you peace of mind that your connection is encrypted to prevent cybercriminals from eavesdropping on your traffic.
  5. Use a strong password manager and digital vault. The average person has 19 passwords to remember but 1 in 3 passwords are not strong enough. Utilizing multiple passwords (and recycling the same 3 or 4) makes it nearly impossible to keep them all straight when you’re shopping on,, and more. It’s a much better idea to use a password manager like Keeper that gives you one master password to remember and uses military grade encryption to ensure any data inside the Keeper digital vault remains secure at all times. Password managers alleviate the headache of managing too many passwords and will only make your life easier.


Hopefully, these simple security tips will help to ensure a safer and more secure holiday for all and keep the cyber criminals locked away with the naughty elves and a lump of coal!



The Keeper Support Team

5 Things to Know About the Excellus BlueCross BlueShield Breach

by , on

data breach

Excellus BlueCross BlueShield and its parent company, Lifetime Healthcare, announced today that they were hacked and the information of 10.5M customers have been compromised.  The vulnerability was discovered when Excellus hired cybersecurity firm, FireEye, Inc., to investigate.  This news comes after Anthem and Premera BlueCross BlueShield announced they were hacked earlier this year.

Here’s a roundup of the top 5 things you need to know about the breach so far.


1) The stolen Excellus data is highly sensitive

Like any other healthcare company, Excellus carries medical records in their database which are be extremely valuable to a hacker – up to 10x more valuable than a credit card.  The Excellus data stolen could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information.


2) It took Excellus 19 months to discover the breach

The initial hack of the Excellus systems occurred on December 23, 2013, but it wasn’t discovered until August 5, 2015.  The delay in discovering the breach is very concerning and should encourage all other healthcare companies to take a close look at how they’re handling cybersecurity – both prevention and detection.


3) The breach affects primarily Excellus customers in upstate New York

This assumes that the breach numbers don’t rise, but the victims of the attack reside mostly in the upstate New York area, which is where Excellus, a BlueCross BlueShield affiliate, is located.


4) How to know if you are affected

If you are an Excellus or Lifetime customer and you were affected, you may receive a letter in the coming days with an offer for two years of identity-theft protection. If you are concerned that you were affected, you should contact one of the major credit reporting agencies (such as Equifax) and place a free credit alert on your file. Do not open any emails that claim to be from Excelllus or Lifetime – hackers have been known to use a method called phishing to steal financial or other personal information.  Wait for the letter to come in the mail.


5) Healthcare data breaches are an epidemic

The records compromised in the Excellus breach have been reported at 10.5M, which makes this a top 20 healthcare data breach. The state of cybersecurity in healthcare is becoming increasingly worrying, as there have been 18 reported breaches so far this year, according to the Privacy Rights Clearinghouse. A recent survey found that the vast majority of healthcare organizations have had their networks compromised in a cyberattack – 81% to be exact.  

As we’ve said many times before, we are in a cyberwar and healthcare organizations are one of the primary targets.  It’s imperative that the healthcare sector take preventionary and proactive measures to bolster its security processes, systems and measures in safeguarding its genuine, digital assets.

National Cybersecurity Awareness Month: How to Get Involved on Social Media

by , on

National Cyber Security Awareness Month (NCSAM) is coming up in October.

To say that cybersecurity is at the top of the priority list for governments, consumers and businesses is an understatement.  With the high-profile data breaches that made the news headlines over the past year, the need to be vigilant is more important than ever before.

Here are some recommended ways to get involved on Social Media from the National Cyber Security Alliance:

  • Use the hashtag #ncsam on Twitter and Facebook to post online safety and cybersecurity tips
  • Use the NCSAM logo as your profile picture for October –  Download 
  • Blog about cybersecurity throughout the month

Learn more here.

Have any other ideas for getting involved? Post them in the comments!