I’ve been using Keeper password manager for about a year and I’ve been happy with it. When I perused your recommendations, it’s not listed. Should I switch to one of the recommendations immediately? I paid for a three year subscription when I signed up so I would rather continue using it. Is it a bad idea to continue using it until my subscription is expired? Is Keeper as bad as LastPass?
We only list products in this section that have a third party security audit, (with the exception local password managers). I couldn’t find anything about that for this particular product.
In fact all I was able to find was aggressive marketing campaigns (astro turfing), saying the product was secure, and an article entitled “Security Audit” which was about auditing users in your team, not a third party security audit. I suspect they purposely chose to name that page, that in order to achieve certain search engine results.
In the case of Bitwarden and 1Password these have had regular audits:
This is why we require third party security audits. As for LastPass that was known to be bad for quite some time, sadly people just believed the marketing, and used it anyway.
It’s important to remember that it was never quite as bad as Lastpass, as there were simply fields in Lastpass that were not encrypted at all, (eg URL field).
Bitwarden has increased the rounds, (there is an option to do that) and they are working on adding argon2. Honestly I have a lot more confidence in Bitwarden, than I would in Lastpass.
What these disclosures will likely mean in the future is there must be a way for the provider to increase them for accounts which are low.
I my eyes keeper is more of an enterprise solution (although i see they offer to both) not really something for personal usage. All the integrations offer a lot of options but also heavily increase attack factor. I wouldn’t be so keen using this if I had no need for this.
Keeper has a history of suing journalists and threatening security researchers, so I would stay away from them. I would do research again, focusing on sources that don’t take money for ranking services. One example is PrivacyGuides.
I actually have tested this password manager and i had to conclude the UX is aweful. It is terrible at autofilling in websites and very clunky in editing and searching. Even bitwarden does a better job at it and well that is already worse from using proton pass and 1password, it still is miles ahead of Keeper.
Fun, I actually know the person who did this test, but it is so long ago that i did not even know about this story surely going to hear him about about it next time I see him.
In the light of NIS2/DORA (EU resilience regulations) I assume (hope for them) also the stance of the vendor has changed in this but yet it is sad that this at least used to be their culture. It surely is a red flag.
On the advantages you listed. i would say 2, 4 and 7 are the bare minimium to expect. The rest is not much convincing to me.
Thanks, that does explain the room full of ghosts when I ask the question.
Playing the devil’s advocate here though, the article quotes a rather long time period where the situation existed, 16 months … perhaps that was the rage factor … in any case that was a long time ago, in computer circles, and everyone has time to redress issues and march on … not as if pretty much all companies have had issues which they address and this one was nowhere near the scope of today’s issues, one listed as among best choices, as recent as 2019 …
Further inspection from their site does show a level of acceptance of researcher probes but within seemingly certified protocols … this is beyond my interest but suggest that those that are critical verify other more recent material as well … also they brandish federal and state certifications obviously to be able to offer their services to these as well.
Therefore, the point #1 of compliance in the business sector should be an added bonus to a company’s credentials not a line to use that they have no consumer appeal.
Have added these screenshots from their website for easy search, but can verify bottom pages from the following link …Keeper Website with Certifications
Was just listing all the comments to see if I could stir the bats out of the closet, not necessarily complete …
Think you underestimate the positive experience of good customer support, and clear guides, which I read ( negative ) for many/ most companies, and my own experiences, see it regularly listed on forums.
Also, think the UX may be unfair …have not had the experience of other PM’s you listed … granted some sites don’t fill automatically but it is literally 2 keystrokes more when this happens …count my life in kph and experiences/ hour not so much keystrokes/ h or mins !
As Nate puts it, " Whatever flaps your jack man … "
Keeper was the password manager of choice when I worked IT for a regional Credit Union. I tend to agree the UX isn’t great but I have no doubts of its security. My employer was beyond careful when it came to that. Considering the other comments in this thread though, doesn’t seem like it would meet PG standards. I ended up sticking with Bitwarden after leaving that job.