Keeper Security’s dedication to protecting user data permeates everything we do. Keeper® holds the longest standing SOC 2 and ISO 27001 certifications in the industry. Keeper
Most password managers on the market require only the user’s master password to access their password vault. If the master password is compromised, a cybercriminal could use it to log in to the user’s account from any device. This would mean that the cybercriminal would have access to all of that user’s saved passwords.
In contrast, Keeper requires device-level approval. Even if a cybercriminal has your master password, they would first need to have physical access to one of your approved devices to log in. This adds an extra layer of security against cyber threats like password spraying or data breaches on the dark web.
Continue reading to learn how Keeper’s device-level approval feature makes it much harder for attackers to gain unauthorized access to your Keeper account.
What is device-level approval in Keeper?
In Keeper Password Manager, device-level approval means that each new device attempting to access a Keeper Vault must be explicitly approved before gaining access. This device approval process occurs before an attempt to use a master password. In Keeper’s security architecture, the backend system does not allow an attempt to log in without first approving a device. This means that the existence of an account is never confirmed or denied by the application until a user proves their identity. This also means that the attacker would not know if a master password is correct.
When a user attempts to access their Keeper Vault from a new device, that device needs to be approved by one of the following:
- The account owner
- An administrator (in enterprise environments)
- Through an existing trusted device
Each new device receives a unique device ID, preventing unauthorized devices from accessing a user’s vault even if the login credentials have been compromised. This provides an additional layer of security that goes beyond Two-Factor Authentication (2FA).
How device-level approval protects against password stuffing attacks
Device-level approval requires both the user’s password and an authorized device to access their vault. Even if a cybercriminal manages to steal a user’s master password, they still wouldn’t be able to access the vault, as the cybercriminal’s device is not approved. This prevents common password attacks, such as password stuffing and brute force attempts, from succeeding.
When data is in transit, Keeper’s encryption model also stops other types of cyber attacks, like Man-in-the-Middle (MITM) attacks, because each approved device is double-encrypting traffic on top of Transport Layer Security (TLS). Cybercriminals cannot simply intercept and decode traffic between your device and Keeper’s servers. Even if they capture the data, it’s useless without the device-specific keys.
The device approval system further helps protect against social engineering attacks. Even if someone convinces you to reveal your password through phishing, they won’t be able to use it because none of their devices are approved.
How Keeper differs from other password managers
Device authorization model
Unlike most other password managers that typically rely on 2FA without device-specific approval, Keeper uses strict device-level approval. This requires that each new device be explicitly authorized, making Keeper more secure against unauthorized device access.
Encryption architecture
Keeper uses a zero-knowledge security architecture with device-level keys. Each device has its own encryption key in addition to the master password. This differentiates Keeper from most competitors, which use only a single master password.
Enterprise controls
Keeper offers more granular device management for organizations with multiple users and multiple devices. Administrators can approve or reject specific devices and enforce device-type restrictions (e.g., only company-issued devices). Most password management competitors focus more on user-level rather than device-level controls.
Get peace of mind over your passwords with Keeper
Keeper’s unique security architecture, which uses device-level approval and zero-knowledge encryption, is superior to other password managers. By requiring both the correct password and explicit authorization for each new device, Keeper makes unauthorized access significantly more difficult. This helps protect against common cyber threats, such as password spraying, brute force attacks and social engineering.