The main point of storing your login credentials in a password manager is that doing so lets you use a different, strong password for every website. However, it’s also important that you can get at your passwords from every one of your devices. Keeper Password Manager & Digital Vault has you covered. It offers native apps for Windows, macOS, Android, iOS, Kindle, Windows Phone, and Linux, as well as browser extension for Chrome, Firefox, Safari, Edge, and Internet Explorer (though the IE extension doesn’t yet have the very latest features).
You pay $29.99 per year for a Keeper subscription, the same as for Sticky Password and just a little more than the $24 per year price of LastPass Premium. Dashlane and LogMeOnce both cost $10 more per year. Keeper’s family plan makes it a real bargain, though. For $59.99 per year, you get five licenses, plus 10GB of secure file storage. Given that secure file storage would normally cost an extra $9.99 per year, the family plan is a better deal even if you just have two users.
With version 11, the Keeper app got a user-interface makeover. It’s very sleek and modern-looking software, with a restrained color palette. If it seems drab, no worries; you can choose from a number of lively color themes. The new interface uses the same layout on all platforms, as much as possible. In particular, the macOS and Windows versions are almost indistinguishable. Note that as of this writing, the App Store for macOS doesn’t have the latest version—you must get it directly from Keeper Security.
Just about every password manager offers a warning at installation—if you forget your master password, there’s no way to access the passwords you stored in the password manager. The company can’t recover them for you. And that’s a good thing. The fact that only you have your master password means that a subpoena can’t force the company to turn over your passwords, and a shady employee can’t weasel into your stored data.
Zero knowledge is central to the philosophy of Keeper Security. Keeper didn’t include a password inheritance feature until the developers came up with a zero-knowledge technique. Keeper still doesn’t attempt updating passwords automatically, though it helps with the process of updating to better passwords. My contact at the company points out that competing products aren’t fully zero-knowledge during automated password updates. Your passwords exist in memory on the company’s servers, at least briefly.
Getting Started With Keeper
As with Dashlane and others, you can use Keeper at no cost if you’re willing to restrict your usage to a single device. That one-device limit is a major restriction, of course, but you can store all the passwords you want on that one device. The easiest way to get started is to sign up for a free account, then upgrade to the paid version when you’re sure you want it.
Note that if you bought a laptop recently, you may already have the free edition of Keeper installed. My contact at Keeper Security said that most HP and Dell laptops have it, among others. I verified that it showed up on a new Microsoft Surface Pro.
In this version, Keeper adds a thorough onboarding module that walks you through the entire setup process. To start, it offers to import any passwords stored insecurely in your browsers. It’s up to you to delete those passwords and turn off the browser’s password capture. Keeper can also import from almost 20 competitors, among them LastPass, Dashlane, RoboForm, and True Key.
Keeper walks you through the process of creating your first record and installing the browser extension, with an optional tour of the extension’s features. It shows how to add a payment card and personal information, for filling web forms. It also encourages you to turn on two-factor authentication. I’m impressed with this thorough introduction.
As part of the setup process, you’ll define a security question and answer. I always advise creating your own question rather than accepting the canned ones, and making the answer something nobody else could know or find out. You’ll need this answer the first time you log in on a new device, and to reset a forgotten master password.
Reset a forgotten password? How can Keeper do that and still be a zero-knowledge solution? My Keeper contact explained that Keeper encrypts your local data both with your master password and with your security answer, and can decrypt it using either. However, logging in with the security answer requires an emailed code as well as whatever two-factor option you’ve selected. You can read a full explanation on Keeper Security’s website. The main takeaway is that you should be extra-careful selecting your security question and answer.
Password Capture and Replay
Like most password managers, Keeper captures passwords as you log in to secure sites. However, it does the job just a bit differently. When it detects a login screen, it pops up a small window that offers to create a new record or add to an existing one. If you choose to create a new record, you enter your username and password directly into Keeper, after which it fills them in on the login page. At this time, you can give the entry a friendly name and add a note. If you want to assign the entry to a folder, you’ll need to edit it in the vault.
If you hit an oddball login page, one with nonstandard fields, Keeper may not pop up its offer to create a record. You can still click Keeper’s lock icon and try creating a record. That worked fine for me on a page with two numeric password fields and no username. You can also add custom fields as necessary. It’s not quite as automated as the feature that saves entered data from all fields in Sticky Password or LastPass, but then, nonstandard login pages are becoming scarce.
When you return to a page for which you’ve saved login data, Keeper offers to fill the credentials you used most recently. You can click to view all available logins, or create a new one. Simple!
Keeper doesn’t include fully automated password updates such as you get with LastPass, Dashlane, or LogMeOnce Password Management Suite Ultimate. However, when it detects a password-change page, the kind with one field for the old password and two for the new, it offers a one-click option to update and save a new, strong password. As noted, Keeper’s developers contend that when competing products perform a fully automatic password update, your passwords exist for a time on company servers, which doesn’t pass the zero-knowledge smell test.
Clicking the browser extension’s toolbar button brings up a simple menu with four items: Vault, Settings, Quick Start Guide, and Logout of Keeper. Clicking Settings lets you toggle a half-dozen important features such as whether Keeper should prompt you to create a new login and whether it should automatically submit filled-in credentials. You can also control whether Keeper displays a lock icon in fields that it recognizes. I like the new option to show the lock only when the mouse cursor is over a field.
Selecting Vault brings up the full Keeper interface in your browser, which includes access to the full range of settings. This interface is almost indistinguishable from the standard Keeper Windows app. I frequently found myself confused as to which I was using, and that’s a good thing. Note that the Windows Store edition necessarily looks very different. Microsoft is very fussy about the appearance and layout of apps that it allows into the Store.
You can attach a file or photo to any password entry in Keeper, or create an entry just to hold the attachment. Your basic subscription lets you store five such attachments. If you want more, you pay another $9.99 per month for 10GB of secure online storage. As noted, the $59.99 per year family pack gets you five licenses and includes that 10GB of storage.
New in this edition, Keeper retains every version of every entry. You can scroll back through every password you’ve ever used for a given site, and also peruse all versions of files you’ve saved. In addition, it retains entries you’ve deleted, in a kind of Recycle Bin.
Keeper’s password generator automatically comes up with a new password any time you create a new record. If you’re logging in with an existing password, you simply overwrite the generated one. By default, it creates 12-character passwords using all character types. Interestingly, the one-click password updater creates 16-character passwords.
Dashlane also defaults to 12 characters, and RoboForm to just eight. Password Boss Premium creates 20-character passwords by default. Given that you don’t have to remember these passwords, they might as well be plenty long. I recommend 16 characters or more.
Improve Your Passwords
Using a password manager doesn’t improve security if all your passwords are “password” or “123456.” Keeper’s Security Audit lists all your saved passwords, from weakest to strongest, flags the worst of them for update, and assigns a security score. The similar feature in Dashlane points out a couple of quick wins, changes that would raise your score.
Passwords don’t just need to be strong—they need to be unique. If you use the same super-strong password on multiple websites, a breach at one of those sites could expose them all. Keeper separately lists all sites that have re-used passwords, though it doesn’t match up entries that have the identical password the way LastPass does. That’s not really a problem, since changing one of a pair of dupes makes both vanish from the list.
LastPass and Dashlane also flag old passwords, meaning ones that haven’t been changed in a long time. LastPass goes even further, flagging passwords that a data breach may have compromised. Do note that as of earlier this year, the National Institute of Standards and Technology (NIST) no longer recommends periodic password changes. Rather, NIST now recommends changing passwords only after a breach.
Your master password protects all your other passwords, so it needs to be strong. But no matter how strong it is, if a malefactor gets hold of it, you’re in trouble. That’s where two-factor authentication comes in. When logging in requires both your master password and a fingerprint or physical token, a cyber-crook across the world can no longer gain access.
As I mentioned, Keeper walks you through setting up two-factor authentication during the onboarding process. Specifically, it asks for a mobile phone number to send six-digit authentication codes. It also generates a collection of one-use codes, in case you lose your phone or have no cell service. Digging into settings, you can choose several other options, including whether to require the second factor just once on new devices, every 30 days, or at every login.
Like Dashlane, Keeper can register a FIDO U2F (Universal Two-Factor) key such as a Yubikey for authentication. LastPass also supports Yubikey authentication, but in the device’s older one-time-password mode. You can register multiple U2F keys, in case you lose one.
Authentication using a code sent to the Google Authenticator app (or a workalike such as Twilio Authy or Duo Mobile) is more secure than using SMS. Like LastPass and Password Boss, Keeper supports Google Authenticator. You can also use an RSA SecureID token, or Keeper’s own KeeperDNA app (on your smartphone or watch). With KeeperDNA, you simply respond to the notification on your device. The fact that you have the device is the second authentication factor, so no need for a six-digit code. On a device (mobile or desktop) that has a fingerprint reader, you can add biometric authentication to the mix.
LogMeOnce encourages using smartphone-based verification instead of a master password. True Key can also log you in without the master password, though doing so requires multiple other authentication factors.
Form Filling and Payments
New in this edition, Keeper can use stores personal and payment data to fill web forms. Where Sticky Password, AgileBits 1Password, and many others let you create multiple identities, Keeper allows just one. However, you can add multiple phone numbers and addresses, which is effectively the same as having multiple identities. You can also add as many payment cards as you like. If you’re using a smartphone, you can add a card by scanning it.
Filling forms with Keeper isn’t quite as automatic as with most other password managers. First, you click the lock icon in any field to display the familiar popup. Then you click the tab for addresses. You can select an address and click to fill all matching fields, or expand the view and fill fields one by one. Another tab lets you fill payment information.
RoboForm 8 Everywhere started life as a form-filler utility, and it remains the most flexible. You can store a ton of data types, with multiple entries for each field if needed. However, Keeper’s form-fill feature handles all the fields you need when making an online purchase, and that’s the most important thing.
KeeperFill for App Passwords
The KeeperFill feature in Keeper’s Android edition previously had the ability to fill app passwords. New in the current edition, KeeperFill works for app passwords on all platforms. On macOS and Windows, you use a hotkey to bring up KeeperFill and locate the desired entry. Another hotkey fills in the username, and a third fills in the password.
LastPass and Sticky Password Premium use a somewhat awkward multi-step process to capture app passwords. RoboForm attaches a toolbar to app windows that seem to be asking for a password. Keeper doesn’t attempt capture. You either create the entry manually, or use one of your existing website logins.
At the moment, Keeper relies on Accessibility Services to fill Android app passwords. I asked one of Keeper’s co-founders about the news that Google is cracking down on use of Accessibility Services unless it’s directly related to helping users with disabilities. He was delighted that I asked. Not only is Keeper migrating to the new Autofill API, Keeper’s engineers worked with Google on developing that API.
You know not to share your passwords with just anybody, but there are cases when you must share with a trusted partner. With Keeper, you can share any password record with another Keeper user, and maintain as much control as you like.
To share a record, you start by entering the recipient’s email. If that email address doesn’t correspond to a Keeper account, the product lets you know that the recipient will have to sign up for a free account, and that it will email you once that happens. The recipient gets notification within Keeper itself.
By default, the recipient can view and use the login, but can’t change it. You can set it to allow editing, allow sharing with others, and even make the recipient the owner of the record. The simpler sharing system in LastPass just lets you choose whether the recipient can view the password. Dashlane lets you choose between limited access (like Keeper’s default) and full co-ownership.
If you want to share multiple passwords with other users, you’re better off creating a shared folder. Here, too, you can limit how much control you grant to the other users. To start, you get to say whether each user can add or remove users, and add or remove records. You also control whether other users can edit or share each record. A small sharing icon distinguishes shared folders from others.
What happens to your online accounts after you shuffle off this mortal coil? Will your descendants be able to access your bank accounts? Post a final message on your social media pages? Like Dashlane, LogMeOnce, and several others, Keeper now includes a system to give a trusted friend or relative emergency read-only access to your accounts.
You enter the email address for up to five trusted individuals who have a Keeper account. For each of them, you set a timeout, from no delay to one week. If one of them requests access while you’re still aboveground, you get a notification, and an opportunity to revoke access by the over-eager heir. The similar feature in RoboForm and LastPass allows a longer timeout, up to 30 days. With the business-focused Zoho Vault, access is immediate, and an administrator can take control of any work-specific passwords.
Complete and Comprehensive
Keeper Password Manager & Digital Vault offers native apps for Android, iOS, Kindle, Linux, macOS, Windows, and Windows Phone. Its equally capable browser extension works with Chrome, Edge, Firefox, Internet Explorer, and Safari. And it includes the advanced features found in the very best password managers, among them password inheritance, secure sharing, two-factor authentication, and an actionable password strength report. For security reasons, it doesn’t perform fully automated password updates, but you can update and save a password with a single click. It has a new, streamlined user interface that’s consistent across all platforms and browsers. I’m going to switch to Keeper for my own password management needs.
A password manager needs to do its job with as little friction as possible. Otherwise users will drop it and go back to using the same password everywhere, or writing passwords on sticky notes. Keeper’s interface is even slicker than Dashlane’s, and it’s impressively consistent across platforms. It joins Dashlane as a password manager Editors’ Choice. Sticky Password Premium and LogMeOnce Password Management Suite Ultimate also currently have Editors’ Choice status, but they’ll both need to up their game to retain that honor.