Keeper is Mega-Convenient.  It’s Also Mega-Secure.

Keeper is Mega-Convenient. It’s Also Mega-Secure.

Yes, it’s true. And we can prove it.

Believe it or not, Keeper just got even more secure – and we’re not done yet.

We just added additional layers of security to our already iron-clad software. Keeper is safer than ever before. Qualys SSL Labs is a site that tests and scores the security levels of different web servers, and they just gave us a big fat A+. We’ll explain why in a second, but first, check it out for yourself.

So what exactly did we do to get a gold star on our report card?

We received our new grade for a few reasons, but the most important of these is the implementation of something called forward secrecy. As you know, Keeper converts your most precious data into code to keep it safe from hackers. However, if this encrypted data is recorded, it could potentially be cracked at a later time if an attacker gained access to something called a server key. Without forward secrecy, that is. By upgrading our transport-layer security (TLS), a temporary key is generated every time you use Keeper data, on any browser. That means that even if a hacker gains access to a server’s master key, they still can’t decipher your data.

On top of that, we are now Service Organization Control certified following a stringent independent audit of our internal controls and security measures. SOC2 certification means that we meet a certain set of internal control and security standards for handling and securing people’s financial information and personal data. More specifically, these standards comprise the following (from Wikipedia):

  • Security: The system is protected against unauthorized access (both physical and logical)

  • Availability: The system is available for operation and use as committed or agreed

  • Processing Integrity: System processing is complete, accurate, timely, and authorized

  • Confidentiality: Information designated as confidential is protected as committed or agreed

  • Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA

If this seems like a lot of information, that’s because it is. Our team is working constantly to ensure that your most sensitive data is kept absolutely safe. We continue to lead our industry in this regard.

Just for fun, try plugging any website into the Qualys SSL scanner. Does it measure up?