Keeper Security Overview 2026 — Password Manager & Secrets Vault

Who Is Keeper For?

Keeper is a password manager and secrets platform that started out as a consumer vault and has grown into a broader security suite covering individuals, families, and large enterprises. It takes compliance and audit seriously and is popular with regulated industries.

It's a strong fit for users who want a single platform covering passwords, secure files, encrypted messaging, and breach monitoring — all under one vendor with one subscription.

It suits families thanks to a 5-user family plan that includes BreachWatch dark web monitoring and secure file storage for each member.

It's a good fit for businesses and regulated industries that need SOC 2, ISO 27001, HIPAA, FedRAMP, and detailed audit logs with SSO and group policies.

It also works well for IT and DevOps teams needing a password vault plus Keeper Secrets Manager for infrastructure secrets and privileged access.

Keeper is less compelling for bargain-hunting individual users. The free tier is limited to a single device, so paid is effectively required, and Keeper is pricier than Bitwarden for personal use.

It's also less suited for open-source purists — Keeper is proprietary and closed source, unlike Bitwarden, which is a trade-off if code transparency is a priority for you.

The Vault & Apps

Keeper's core product is an encrypted vault with the usual password manager features and a clean, well-maintained set of apps.

• Item types — passwords, credit cards, bank accounts, identities, photos, videos, and general secure files.
• Unlimited device sync — on paid plans, vaults sync across unlimited Windows, macOS, Linux, iOS, and Android devices.
• Browser extensions — extensions for Chrome, Firefox, Safari, Edge, Brave, and Opera with KeeperFill auto-fill.
• Native desktop apps — dedicated apps for Windows, macOS, and Linux rather than Electron-only builds.
• Mobile apps — iOS and Android with biometric unlock, Apple Watch support, and widgets.
• Web vault — browser-based access with the same encryption as native apps.
• Folders and subfolders — nested folder structure for organising personal and shared items.
• Sharing — one-to-one and one-to-many sharing with granular permissions (read, edit, share).
• One-time share — time-limited secure links for sharing a single record with someone who does not have Keeper.
• KeeperFill — auto-fill credentials across browsers and desktop apps on Windows and macOS.
• Password generator — configurable length, character sets, and passphrase mode.
• Offline access — cached offline vault access so your passwords work without internet.

The apps are polished and mature, reflecting years of iteration — not flashy, but reliable and fast across every platform.

BreachWatch, KeeperChat & Extras

One of Keeper's differentiators is the collection of add-ons that sit around the password vault, several of which are free on certain tiers.

• BreachWatch — dark-web monitoring that checks your stored credentials against known breach dumps and alerts you when a match appears.
• KeeperChat — an end-to-end encrypted messenger for private communication, with self-destructing messages, retraction, and encrypted media.
• Secure File Storage — encrypted file vault for documents, photos, and videos, with quotas ranging from 10GB to unlimited depending on plan.
• Keeper Security Audit — scores each account in your vault for password strength, reuse, and 2FA coverage.
• Emergency access — designate trusted contacts who can request access to your vault after a waiting period.
• Record history — view and restore previous versions of vault items.
• Self-destructing records — set vault items to auto-delete after a configured period.
• TOTP codes — store and auto-fill two-factor authentication codes directly in the vault.
• Form auto-fill — auto-fill identities and payment cards for faster checkout.
• Importers — import from LastPass, 1Password, Dashlane, browsers, and CSV.

The vault + chat + breach monitoring bundle is unusual in the password-manager space and is a strong fit for users who want one product to cover several privacy workflows.

Security & Compliance

Keeper leans heavily into compliance and enterprise-grade security, which is a big part of why it's common in regulated industries.

• Zero-knowledge architecture — all vault data is encrypted on your device with a key derived from your master password. Keeper servers only ever see ciphertext.
• AES-256 and PBKDF2 — vault contents are encrypted with AES-256-CBC or AES-256-GCM, and the key is derived with PBKDF2 at a high iteration count.
• Per-record encryption — each record is encrypted with its own key so that a compromised shared item does not leak the whole vault.
• Two-factor authentication — TOTP, FIDO2 WebAuthn, YubiKey, Duo, RSA SecurID, and SMS backup.
• SOC 2 Type 2 — long-running SOC 2 Type 2 certification with annual audits.
• ISO 27001, ISO 27018 — certified to the international information security and cloud privacy standards.
• FedRAMP Authorised — Keeper is FedRAMP Authorised, making it one of the few password managers usable by US federal agencies.
• HIPAA, GDPR, CCPA — compliance support for healthcare and privacy regulations with BAAs on enterprise plans.
• StarForce / TrustArc audits — independent privacy and security audits.
• SSO integration — SAML 2.0 SSO with any major identity provider on Business and Enterprise plans.
• Device approvals — new-device login approvals via an existing trusted device.

The FedRAMP and ISO certifications in particular put Keeper in a small group of password managers qualified for the most tightly regulated environments.

Business & PAM Features

Keeper's business tiers layer on enterprise admin features and integrate with Keeper's broader privileged-access product line.

• Admin console — central dashboard for user provisioning, role assignment, policy enforcement, and audit review.
• Role-based policies — enforce master password complexity, 2FA requirements, session timeouts, and allowed IP ranges by role.
• SSO Connect — SAML 2.0 single sign-on with providers like Okta, Azure AD, Google, Ping, and others.
• SCIM provisioning — automatic user provisioning and deprovisioning from identity providers.
• Active Directory bridge — on-prem AD and LDAP integration for hybrid deployments.
• Advanced Reporting & Alerts (ARAM) — event streaming to SIEM platforms and real-time alerting on security events.
• Keeper Secrets Manager — separate product for CI/CD and DevOps secrets, integrated with the same zero-knowledge vault.
• Keeper Connection Manager — privileged session management for remote SSH, RDP, and database access without exposing credentials.
• Compliance reports — scheduled exportable reports for auditors and regulators.
• Team and shared folders — granular team collections with per-role access.

For organisations that want passwords, secrets management, and session management under one vendor, Keeper is one of the more fully-featured options in the category.

Pricing & Final Thoughts

Keeper's pricing is on the higher end of consumer password managers but competitive at the business tier, especially once SSO and compliance are needed.

Compared with the category, Keeper sits in a similar space to 1Password and Dashlane on features but leans harder into compliance, PAM, and regulated-industry needs. Bitwarden is cheaper and open source; NordPass is simpler; Keeper is the most enterprise-ready of the consumer-friendly lineup.

For users who want a polished vault with strong compliance credentials, breach monitoring, and room to grow into secrets management, Keeper is a credible choice in 2026.