What’s New With Keeper | May 2024

Passkey Support Now Available Across KeeperFill and Mobile

Keeper Security is excited to announce that we now support passkeys on Android and iOS mobile apps. This update extends passkey management functionality in the Keeper Vault beyond the Keeper browser extension support for Chrome, Firefox, Edge, Brave and Safari that we announced last year. Passkeys are a new type of credential that can entirely replace passwords or be used for multi-factor authentication. With Keeper’s mobile app, users can quickly and easily create, store and share passkeys for any supported website or app. 

Introducing Time-Limited Access for Temporary Record Sharing 

As an enhancement to Keeper’s secure sharing capabilities, Time-Limited Access allows you to securely share credentials or secrets with other Keeper users on a temporary basis and automatically revoke access at a specified time. Time-Limited Access prevents long-standing privileges and ensures that information is removed from the recipient’s vault when they no longer need it, greatly reducing the risk of unauthorized access.

Take Your One-Time Shares to the Next Level With Self-Destructing Records

Self-Destructing Records utilize Keeper’s existing One-Time Share technology, which allows time-limited, secure sharing of a record to anyone, even if they don’t have a Keeper account. Self-Destructing Records take our One-Time Share feature even further by automatically deleting the record from your vault once the share link is disabled and revoking the recipient’s access. By limiting the amount of time users have access to records, organizations simplify compliance, and users can rest easy knowing their records are shared securely.

Keeper Simplifies Logins With a Passphrase Generator

Keeper is pleased to announce a new passphrase generator integrated directly in the Keeper Vault. Passphrases provide a highly secure yet easy-to-remember approach to logins for all users and can be both generated and stored with Keeper. Like Keeper’s existing password generator, you can easily utilize Keeper’s passphrase generator in a record with a simple click of the dice. Administrators have the option to enforce or disable the passphrase generator within their organization. 

Role Enforcement Policies for Precise Control Over Passphrases, Passwords and Sharing Within Nodes

Included in a substantial update to Keeper’s ever-growing list of Role Enforcement Policies is the ability for Administrators to restrict sharing outside of isolated nodes. Additionally, within the “Record Passwords” policies, you will find new complexity settings for Keeper’s password and passphrase generators, a special character selector and domain-specific generator settings. 

Restore Shared Folder Contents

Users now have the ability to restore records and subfolders that were deleted from shared folders. This new functionality is available to all users with “can manage records” permissions in a shared folder. This streamlines the process of locating deleted items from a shared folder, regardless of who owns the record. Users can now restore previously shared folder contents from the “Deleted Items” section of their vaults. Restoring folder contents will restore all items and permissions to the original shared folder location. 

Keeper Remote Browser Isolation for Secure Remote Access

Keeper Connection Manager is a secure, reliable and scalable way to remotely connect to machines, databases and websites. Keeper’s Remote Browser Isolation function provides secure remote access to internal and external websites via a web browser. When using Remote Browser Isolation, all data remains isolated from any malicious websites or software accessed through the browser, all within a secure and lightning-fast connection architecture – with no VPN required.

Enforce the Principle of Least Privilege and Simplify Compliance With Granular Sharing Enforcements

Keeper Security is excited to announce the launch of Granular Sharing Enforcements. This feature, an extension of Keeper’s robust sharing policies, enables administrators to apply detailed restrictions for record creation and sharing to user roles. Administrators can configure their preferred sharing enforcements from their role enforcements policy settings.

Security Key as the Only Two-Factor Method

While support for hardware security keys for 2FA is not new to Keeper, historically, users were required to have a backup method in addition to a security key. Keeper Administrators now have the ability to enforce the use of a hardware-based security key as the only approved two-factor method via a role enforcement policy setting. Additionally, administrators can require a PIN to be entered in conjunction with the key for FIDO2 user verification, further strengthening security. Administrators can configure their preferred 2FA enforcements from their role enforcements policy settings.

Enhance One-Time Share Invites With Your Company Branding 

Administrators can now add their company logo to Keeper’s One-Time Share invites. Customizing One-Time Shares helps recipients quickly identify a share’s authenticity and sender information, encouraging a seamless sharing experience with users outside of your organization.

POI Session Recordings for Keeper Connection Manager

Keeper Connection Manager (KCM) session recordings now display a histogram that shows the relative levels of activity within different parts of the recordings, including screen changes and keyboard interactions.

PAM Automated Keeper Gateway

Configure your Keeper Gateway installation to automatically check for updates, ensuring it stays up-to-date with the latest version. Keeper recommends enabling the Auto Updater to ensure you receive the most recent security and functionality enhancements. 

Support for Retrieving Multiple Fields From KSM in a Single Ansible Step

The Keeper Secrets Manager (KSM) plugin keeper_get_record will retrieve all the fields in the record and return them in a dictionary. The keys of the dictionary are the normalized field labels or types. The keys will contain alphanumeric and underscore characters, and if there are duplicate keys, a number will be appended to the end of the key.

Simplify Deployment With Azure Container App

All Keeper Automator settings can now be configured as environment variables. This makes configuration easier when installing Automator in Azure containers or other Docker-like containers where access to the settings file can be difficult. In Docker, Azure Containers or other environments that use the “docker-compose.yml” file, you can set environment variables in the docker compose file.

Keeper Joins the AWS Partner Network

Keeper has proudly joined the Amazon Web Services (AWS) Partner Network (APN). As an APN member, Keeper joins a global network of 130,000 partners from more than 200 countries working with AWS to provide innovative solutions, solve technical challenges and deliver value to customers. Keeper’s presence addresses the growing demand for robust account security and enhances the digital protections available to businesses around the world faced with the growing threat of cyberattacks.

Various improvements to the Commander CLI

Keeper Commander is constantly evolving. With the latest set of improvements, you can:

• find-ownerless – find all the records in your vault that currently do not have an owner
• enterprise-role – support granular sharing enforcement policies
• whoami – display enterprise license information for enterprise users 
• export – support storing .kdbx files as attachment on a record with switch –store-in-vault
• scim push – support for pagination
• mkdir, ls – support for folder colors
• share-folder – allow record-level share permissions to be updated for sharing folders containing an arbitrarily large number of records
• automator create – generate a warning if automator has already been created for a node; this prevents having multiple automators per a single node

For a full list of Commander improvements, visit our Release Notes.