Introducing 24-Word Recovery Phrases – The Most Secure Recovery Method
April 24, 2023
Share this blog
Written by Craig Lurey
Keeper Security continually invests in new, more robust technologies to counter emerging threats. That’s why Keeper is upgrading our account recovery process via a new and more secure 24-word “recovery phrase” feature, replacing the current user-customizable security question-and-answer recovery method.
What are Recovery Phrases?
A 24-word recovery phrase is a break-glass method of recovering your Keeper Vault if you forget your master password. As long as you have your recovery phrase, you can always regain access to your Keeper Vault.
Keeper has implemented recovery phrases using the same BIP39-word list used to protect crypto wallets. The word list in BIP39 is a set of 2,048 words used to generate an encryption key with 256 bits of entropy. Each word in the BIP39 list is carefully selected to improve visibility and make the recovery process less error-prone.
What Does This Mean for Keeper Users?
Users with security questions enabled on their vaults will be prompted to replace their security answer with a strong 24-word recovery phrase that is generated by Keeper. Users should store this recovery phrase in a safe place such as a physical safe.
Note: This only replaces your security answer in case you forget your master password. This does not replace your master password, fingerprint or Face ID. Keeper will generate the recovery phrase for you when you log in to your vault. If you don’t want a recovery phrase, you can skip it; however, this means that if you forget your master password you won’t be able to recover your account. Creating a recovery phrase is an opt-in change, which means that Keeper will remind you to make this change periodically, but it’s up to you whether or not you proceed.
The 24-word recovery phrase generates a unique 256-bit AES key that encrypts a copy of the user’s 256-bit AES data key. The data key decrypts each record key, which then decrypts each vault record. To recover the account and reset the master password, users must have the recovery phrase and provide an email verification code. Users with Multi-Factor Authentication (MFA) enforced must also pass the MFA step.
Keeper administrators for business and enterprise accounts can disable account recovery for their users in the role enforcement policy section of the Keeper Admin Console. If enforced by the Keeper administrator, account recovery can be used even with SSO-enabled accounts.
Important: If you forget your master password and lose your recovery phrase, you cannot access your Keeper Vault. Due to Keeper’s zero-knowledge architecture, the Keeper team cannot help recover a lost recovery phrase.
Please ensure that all of your Keeper applications are up to date to utilize this new capability.
If you have any questions regarding this new account recovery method, please don’t hesitate to contact our support team.
Craig Lurey is the CTO and Co-Founder of Keeper Security. Craig leads Keeper’s software development and technology infrastructure team. Craig and Darren have been active business partners in a series of successful ventures for over 20 years. Prior to building Keeper, Craig served at Motorola as a software engineer creating firmware for cellular base station infrastructure and founded Apollo Solutions, an online software platform for the computer reseller industry which was acquired by CNET Networks. Craig holds a bachelor’s degree in Electrical Engineering from Iowa State University.
Get the latest cybersecurity news and updates sent straight to your inbox
Share this blog
You May Also Like
Secure File Transfers With Keeper®
Organizations rely on Keeper Security to store more than just passwords, passkeys and other credentials. Keeper’s Secure File Storage solution enables users to securely store and share files, photos, documents and more. From the Keeper Admin...