Review: Keeper Password Manager

Keeper is a name that comes up a lot when shopping for password managers, largely due to its robust list of certifications—it’s certified for enterprises, government agencies, and medical institutions. Despite a clear focus on large-scale credential management, it’s still a pretty dang good password manager for personal use.

Intuitive apps, plenty of features, and easily the best sharing system I’ve seen top the charts for Keeper, keeping it in lockstep with competitors like 1Password and Proton Pass. However, it loses a few points due to higher pricing and the odd choice to charge extra for dark web monitoring, a feature that’s included for free with most of its peers.

An Extremely Limited Free Plan

Keeper via Jacob Roach

Like NordPass and 1Password, Keeper offers personal and commercial plans, the latter of which I won’t be focusing on for this review. On the personal plans, there are three options: Free, Unlimited, and Family. It’s great to see a free plan in the aftermath of LastPass’s data breaches, especially since 1Password and Dashlane offer no free option. But Keeper’s free plan is just too restrictive to be useful.

It’s only available on a single mobile device. You can’t use the extension, and you can’t sync your entries. You can store credit cards and identities, but you’re limited to just 10 entries for passwords and/or passkeys. If you’re looking for a free password manager, Proton Pass is the best because it supports syncing across devices, but NordPass is a good option, as well.

Unlimited is what most people interested in Keeper should go for. It's where you get unlimited storage, multi-device sync, and access to customer support (something not available on the free plan). Keeper has steadily raised prices over the past few years, but it’s now in line with other password managers. You’ll pay $40 per user, per year. 1Password and Proton Pass are a touch cheaper at $36 per year, but Keeper costs less than Dashlane ($60 per year).

The Family plan is a bit higher than I’d like it to be. You get five private vaults and 10 GB of shared encrypted storage for $85 per year. 1Password comes with the same number of vaults for $60, while NordPass clocks in at $72 for six accounts. Keeper’s Family plan even struggles compared to Dashlane, which will run you $90 per year, but for 10 accounts.

I’m not splitting hairs over a few dollars here or there. Keeper’s pricing is largely in line with the rest of the market, but it leans toward the more expensive end of the range. My main issue with pricing is what Keeper calls “secure add-ons.” Those add-ons include BreachWatch, Keeper's dark web monitoring tool, and additional secure storage. Neither is included with Keeper Unlimited. You need to pay $25 per year for BreachWatch, and $13 for 10 GB of file storage, or up to $100 per year for 100 GB.

Except for NordPass, most password managers don’t offer multiyear discounts, but Keeper does. You’ll save 20 percent on two years and 30 percent on three, which makes these add-ons much more palatable. Still, features like dark web monitoring and secure storage are standard with services like Proton Pass and 1Password, and they’re paid add-ons with Keeper.

Getting Started

Setting up my account with Keeper started like any other password manager. I exported my list of entries from another password manager—in this case, Proton Pass—and imported the 600 or so records into Keeper. Like most other password managers, Keeper allows you to import a generic CSV file, as well as CSV files from specific services like Proton Pass, 1Password, or Dashlane.

For all of these services, Keeper includes instructions for exporting your passwords, as well as a reminder to delete the exported file to prevent storing plaintext passwords. The problem is how Keeper reads CSV files. When you select a file, you’re shown a table with the fields Keeper automatically matched. It easily picked up on the names of different records, as well as my username/email and the password. Any additional fields were a struggle.

For instance, I store some time-based one-time passwords (TOTP) with logins, and those weren’t properly identified. Thankfully, you can scroll through and change the category for each column in the table to get everything to line up before importing.

That only solves some of the problems with importing into Keeper. Although Keeper gives you up to 26 custom fields to help organize your entries during the import process, it doesn’t recognize entries that aren’t logins. That led to some odd organization of notes, credit cards, and addresses, with many of them showing up as a login record with no username or password, just raw CSV data in the “Notes” section.

This is frustrating because Keeper supports separate entries for things like credit cards and addresses. They just aren’t recognized during the import process properly, which is something other password managers, such as 1Password, don’t struggle with. Thankfully, I was only left with about a dozen entries I had to create from scratch. The vast majority of entries I have are passwords, and they were picked up properly.

Using Keeper Day-to-Day

Keeper via Jacob Roach

Like most password managers, you’ll mainly interact with Keeper in your browser. KeeperFill, which is the name of Keeper’s extension, is available in Chrome, Firefox, Safari, Opera, and even Brave, while the desktop application is available on Windows, macOS, and popular Linux distributions like Ubuntu, Mint, and CentOS. The desktop apps are largely a mirror of the web application, so I spent most of my time in the browser.

Keeper offers a lot through its browser extension, but the first and most important aspect of a password manager is auto-fill, and Keeper does a fairly good job. When it comes to filling logins, Keeper is perfect. I never once found a field it didn’t recognize, and unlike LastPass, Keeper didn’t shoot out false positives on text fields it shouldn’t auto-fill. Password capture was perfect, as well. In most cases, Keeper popped up and asked if I wanted to save a login, but it also allows you to manually trigger this process if a record isn’t available for the website you’re on.

Auto-fill for credit cards and logins wasn’t as flawless. Keeper didn’t always show up in the credit card and address fields, though it popped up on the latter more than the former. If I could get the Keeper auto-fill window to appear, it worked well, but that would only happen on certain pages, like a checkout page where there’s also space to log into your account.

This isn’t a problem unique to Keeper. 1Password doesn’t always recognize identity and credit card fields, either. However, 1Password includes a button in the extension that allows you to auto-fill anyway, and Keeper doesn’t. I’d love to see that function in Keeper in a future update. On mobile, similar issues with auto-fill show up, but that’s largely an issue with mobile devices. Keeper worked well in applications, but auto-fill is always a bit spotty in mobile browsers.

Although auto-fill isn’t perfect, Keeper’s browser extension is still excellent, mainly because of how many options it has. With most password managers, you need to open the web app to change any serious settings, but Keeper gives you a lot of control directly from the extension. You can set up clipboard expiration, turn on biometric authentication (even on desktop), and change the capture prompt location. You can change the layout of the extension, either showing a longer portrait mode or a shorter landscape mode. You don’t see that kind of flexibility often.

On the desktop, Keeper mirrors what you’ll find in the web app, though with one notable change. You can turn on offline mode. Keeper isn’t the only password manager to support offline mode, but it’s front and center in the app. You’ll also find a manual sync button, which is a small addition that does wonders if you’re constantly swapping between devices.

A Sharing Machine

Keeper via Jacob Roach

Keeper focuses heavily on credential management for enterprises, and some of that focus has clearly worked its way down to the consumer product. Sharing is excellent, and to understand why, we need to start with records.

Everything stored in your Keeper vault is known as a record. There are several different record types, including logins, credit cards, identities, secure notes, and software licenses, but you can also create a general record with any fields you want, as well as add custom fields and attach files to other record types. Rather than tags or categories, Keeper lets you make folders, and you nest folders within each other.

You can share at a record or folder level. Record sharing speaks for itself, but folder sharing is interesting. Rather than sharing a full vault, as you have to do with a service like Proton Pass, you can create a shared folder with a permission structure similar to Google Drive. You can set your records to view only, give shared users editing access, and even allow users to add and manage other users.

These sharing settings aren’t strictly global. You can set up a view-only shared folder, but give some users the ability to manage users and/or records, and you can change the permissions on individual records within that folder. Some records can be view-only, while others can be unlocked for editing.

You can share individual records in a few ways. You can share them in perpetuity, but you can also create one-time share links for non-Keeper users. Access is limited to one device through that link. If you need something even more temporary, you can create a self-destruct record, which will be shared and then deleted shortly after the record is opened.

Keeper’s Security

Keeper uses a zero-knowledge, zero-trust security architecture. Each record you store in Keeper is encrypted individually with its own AES-256 key. Those keys are then wrapped in another AES-256 key, which is derived from your master password. Even if someone were to break your AES-256 key–not likely–that wouldn’t unlock your individual records.

All encryption happens locally, so Keeper never sees your vault data, and it doesn’t have the keys to decrypt it (read our passkey explainer for more on public-key encryption and how zero-knowledge models work). That gives you full end-to-end encryption, and to make extra sure nothing can happen in transit, Keeper generates an additional AES-256 transmission key to protect the data from man-in-the-middle attacks.

A zero-knowledge security architecture and several layers of encryption are expected from a password manager, but what stands out about Keeper is how transparent it is about its security architecture. Likely due to its enterprise focus, Keeper maintains extensive documentation about how it works and the protections in place.

Keeper has a lot of tools for operational security. In the browser extension, for example, there’s a clipboard expiration setting that defaults to 30 seconds. Anything you copy will be automatically cleared. There’s also a warning that will automatically display if you attempt to autofill on an HTTP address, blocking your credentials from traveling over an unsecured network.

Keeper’s enterprise focus surprisingly works well for personal use. The security architecture is top-notch, the apps come packed with features, and the sharing capabilities are second to none. Where Keeper loses out is pricing. Although its pricing is in line with the rest of the market for a single user, it’s a bit high for a family plan. And features that come standard with other password managers, such as dark web monitoring, are paid add-ons.