Keeper Adds New Folder Sharing Feature

by , on

Keeper has added a powerful new feature to our Web App. You can now click to select an entire folder and share selected records with a Keeper user or your Keeper Group. This simplifies the process of sharing multiple passwords with multiple users.

Keeper’s secure vault-to-vault sharing is seamless and fast. It uses the strongest levels of PKI encryption – RSA public and private keys in combination with AES-256 encryption — making Keeper the most secure password management software of its kind.

Combined with our Admin Console and Enterprise Bridge, folder sharing makes maintaining password security at an enterprise a breeze.

Keeper designs and engineers elegant solutions to solve complex problems. Our new folder sharing is only the latest example of our work to make Keeper even easier to use. We continuously improve and refine Keeper. That’s why we have over 50,000 5-star reviews.

Keeper is Immune to the Heartbleed Hack

by , on

You may have heard about a major security threat that affected nearly every site on the Internet this week. It’s called Heartbleed and you can read about it hereKeeper WAS NOT affected by this vulnerability. We would like to explain why – it relates to our robust security.

Our Web App, mobile apps and desktop apps all use what we refer to as “Client Encryption“. When data is sync’d to your devices, it cannot be decrypted by a 3rd party — or even us.

Additionally, Keeper enforces Perfect Forward Secrecy to combat against man-in-the-middle replay attacks and spying. Keeper’s servers are also patched with the latest OpenSSL updates.

You may be contacted by individual websites requesting that you reset your password to those sites. As always, we recommend that you use our secure password generator (the “Dice” button) to make sure that every website you access uses a unique and strong password.

Keeper is certified as SOC 2 Type 1 compliant in accordance with the AICPA Service Organization Control framework. To read more about Keeper’s security practices, visit our Security Disclosure page.

To check if a particular website is vulnerable to Heartbleed, we recommend using the Qualsys SSL Labs testing tool.

Announcing Keeper for Windows 8 and Surface Tablets

by , on

Hey, Windows users! Remember our post a few weeks ago about Keeper Enterprise Bridge? You might recall we hinted about another awesome development coming for our Windows-using Keepies. Well, it’s here.

Keeper Password and Data Vault is now available for Windows 8 and for Surface tablets!

Our goal is to make Keeper available to absolutely everyone. It’s what sets us apart from other password managers out there–along with our A+ security, of course. Focusing in particular on the mobile experience, we’ve developed a version of Keeper for just about every device and browser out there. We’re talking Android, iOS, Windows Mobile, Firefox, Safari, Chrome, IE…. even Linux users get love from us.

Because no matter how you use the Internet, you need protection. And we’ve got your back.

Click here to download Keeper for FREE from the Windows Store! (And while you’re at it, check out our nearly perfect rating.)

Keeper on AT&T Smart Controls

by , on

Hey guys! Remember the blog entry we posted awhile back announcing our collaboration with AT&T? Well the day has come when Keeper comes preloaded on AT&T Android and Windows smartphones.

AT&T selected Keeper to be part of their new Smart Controls program (from the AT&T website):

“AT&T Smart Controls is the all-in-one destination to get the most from AT&T services for your mobile phone, computer and TV. With information and tools to manage content, spending, safety, time and your location, Smart Controls lets you take control of the technology in your life.”

Keeper Password and Data Vault is featured in the section of Smart Controls meant to “Increase Safety.” Users can opt to sign up for Keeper Backup protection for one device, unlimited devices or a 3-user, unlimited devices plan.  Or, they can simply use the Keeper free application that comes on the phone. A breakdown of plans and pricing is available here.

We want to commend AT&T for taking action to help consumers practice good mobile security and password management.  We thank AT&T for selecting Keeper for their valued mobile subscribers. In this day and age, we all need to team up to stay safe. Here’s to our new teammate!



Keeper is Mega-Convenient. It’s Also Mega-Secure.

by , on

Yes, it’s true.  And we can prove it.

Believe it or not, Keeper just got even more secure – and we’re not done yet.

We just added additional layers of security to our already iron-clad software.  Keeper is safer than ever before. Qualys SSL Labs is a site that tests and scores the security levels of different web servers, and they just gave us a big fat A+.  We’ll explain why in a second, but first, check it out for yourself.

So what exactly did we do to get a gold star on our report card?

We received our new grade for a few reasons, but the most important of these is the implementation of something called forward secrecy. As you know, Keeper converts your most precious data into code to keep it safe from hackers. However, if this encrypted data is recorded, it could potentially be cracked at a later time if an attacker gained access to something called a server key. Without forward secrecy, that is. By upgrading our transport-layer security (TLS), a temporary key is generated every time you use Keeper data, on any browser. That means that even if a hacker gains  access to a server’s master key, they still can’t decipher your data.

On top of that, we are now Service Organization Control certified following a stringent independent audit of our internal controls and security measures.  SOC2 certification means that we meet a certain set of internal control and security standards for handling and securing people’s financial information and personal data. More specifically, these standards comprise the following (from Wikipedia):

  • Security: The system is protected against unauthorized access (both physical and logical)

  • Availability: The system is available for operation and use as committed or agreed

  • Processing Integrity: System processing is complete, accurate, timely, and authorized

  • Confidentiality: Information designated as confidential is protected as committed or agreed

  • Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA

If this seems like a lot of information, that’s because it is. Our team is working constantly to ensure that your most sensitive data is kept absolutely safe.  We continue to lead our industry in this regard.

Just for fun, try plugging any website into the Qualys SSL scanner. Does it measure up?

Announcing Keeper Enterprise Bridge™ for Windows Users

by , on

Attention Keepies using Windows! We’re excited to announce that we’ve improved our Keeper for Groups application, and we did it just for you. Allow us to introduce Keeper Enterprise Bridge.

Keeper Enterprise Bridge seamlessly integrates into Microsoft Active Directory to add users to your group in real time. Keeper Enterprise Bridge also supports integration with the LDAP protocol. That means that everyone in your Windows server network can easily and instantly become part of your Keeper Group.

It looks a little something like this:

Best of all, Keeper Enterprise Bridge is free for all Keeper for Groups customers. Just log in to your Keeper for Groups admin console and install Keeper Enterprise Bridge to your Windows server.

If you aren’t a Keeper for Groups customer and want to learn how Keeper can help your company securely manage passwords and private information, contact our sales team. Our base plan starts at only $59.99 per year.

Also–psst! Stay tuned for another Windows-related update coming soon. Very, very soon.


California's Cybersecurity Crisis

by , on

Around this time of year, it’s easy to dream of moving to sunny, warm California. While it was 12 degrees Fahrenheit today here in Chicago, it was 60 degrees and clear in Los Angeles. But the sunshine state has its challenges, too.

According to this article published today in the San Jose Mercury News, there have been about 300 data breaches in the state of California over the past two years. Both businesses and government agencies have been attacked, exposing the financial and social security information of more than 20 million personal accounts.

As a hub of technological innovation, California is both a national leader in the digital revolution, and a huge target for cybercrime. As a result, the state’s attorney general will be making cybersecurity a top priority for 2014.

In the meantime, we urge Californian Keepies to spread the word about Keeper. For residents of the state, strong, varied passwords, heavy-duty encryption and two-factor authentication are particularly essential to stay protected.

And remember, refer your Cali friends and get a free month of Keeper Backup for each one you refer.  Refer twelve friends and get a year of Keeper Backup free.  To make it easy for you, we’ve come up with a catchy slogan: “Enjoy the beaches, avoid the breaches!”


Cybersecurity at Sochi 2014

by , on

Earlier this month, NBC news reporter Richard Engel created a stir by attempting to show how easy it is to get hacked in Russia. He reported that his phone was hacked while accessing WiFi at a coffee shop within 24 hours of arriving in Moscow.

Visitors to the 2014 Sochi Winter Games may be left wondering if they, too, are vulnerable.

The answer is, to a degree, yes. According to this CBS News article, the chances of encountering malicious software in Russia last year were a staggering 63 percent, versus a mere four percent in the U.S. But encountering malware and getting hacked are not the same thing. Malware, or malicious software, works by disguising itself as a benign  application or program that asks a user for certain permissions. These permissions include access to personal data that can then be used for purposes of identity theft and other cybercrimes. However, if the user identifies the download as malicious and does not grant it access to their data, they remain safe.

So what does this mean for international guests at the Olympics? Just be smart. Don’t download suspicious files or enter login credentials on an untrusted website. Following the same precautions you would at home should be enough to avoid hacking. And by using Keeper, you can keep your identity safe at home or abroad.

Happy Valentine's Day! Love, Keeper

by , on

Ah, February 14th. To some, Hallmark nonsense. To others, a meaningful celebration of love. But no matter which camp you fall into, Valentine’s Day is an opportunity to show the people close to you that you care for them, with or without the pink hearts.

Show someone special that you’re looking out for them by referring them to Keeper. By protecting them from hackers, identity thieves and other cybercriminals, you can really show them how much they mean to you.

And the best part is… you get a free month of Keeper just for referring them. So even if you’re one of those anti-Valentine’s cynics, it doesn’t have to be a grand selfless gesture. It’s just a darn good deal for both of you.

Are you in a committed relationship? Then according to Pew research, chances are that you and your sweetie share at least one password protected account together. Keeper for Groups allows you and your significant other to easily and securely share passwords with one another with the click of a button. And what says true love better than 256-bit encryption for your shared secrets?

Have a safe and sappy holiday!

2014 Cybersecurity News

by , on

We’re one month in to 2014 and already there have been some high-profile password and data breaches that you should know about (if you don’t already). Here’s what’s new in cybersecurity world:

  • Did you watch the Superbowl? If so, did you hack into the Metlife stadium’s internal security headquarters’ Wifi network? No? Well, you could have. The network’s login credentials were accidentally broadcast publicly on national television during pregame coverage. While the username and password (‘marko’ and ‘w3Lc 0m3!HWERE’) were not the weakest we’ve ever seen, they certainly weren’t the strongest, either. But even the strongest password becomes useless when it’s been seen by over 100 million people… Oops. Read more about the leak here.
  • According to this article on GMA news online, Yahoo mail also suffered a data breach, although this was an attack from an outside source rather than an inside blunder. In a public blog post,  Senior Vice President of Platforms and Personalization Products Jay Rossiter called it a “coordinated effort to gain unauthorized access to Yahoo Mail accounts.” It’s a familiar story: some malicious software collected email addresses and passwords from a third-party database. And as unsurprisingly, Yahoo advises its users to use strong passwords and change them regularly. Good advice, to which we’d like to add one more suggestion: get Keeper!