Keeper Encrypts at the Record-Level
Keeper is built with a proprietary zero-knowledge security architecture, meaning all encryption and decryption is done locally on the user’s device. Each record is encrypted using AES-256 with a different and unique key that is randomly generated, client-side.
1Password is also zero-knowledge, but they only encrypt data at the vault level and do not encrypt at the individual record and folder level.
Keeper Makes Sharing Easier Than 1Password
Keeper provides shareable folders and individual records within a single vault to allow for easy and effective access, sharing and management.
Shared records between Keeper users works by encrypting the record key with the public key of the recipient.
A record share in Keeper is kept fully in sync with the source data so the shared record is always up-to-date. Keeper's sharing also supports bi-directional edits.
Keeper supports One-Time Share links to non-Keeper users, but even that method keeps the data perfectly in sync between the users.
1Password requires a user to create separate vaults for sharing different sets of passwords. 1Password uses tags and nested tags to organize data between different vaults.
1Password doesn't have record-level encryption, so their sharing system creates a copy of the record contents and then uses a hyperlink to share with the recipient. The information in the shared data is not in sync with the original source.
Keeper Provides Market-Leading Security Infrastructure and Policies
Keeper has the longest-standing SOC 2 Type 2, ISO 27001 and TRUSTe certification in the industry. Keeper’s ISMS will ensure that strict security controls are in place to protect customer data and ensure secure operation of products and services.
Keeper is also FedRAMP Authorized and StateRAMP Authorized – proving our commitment to maintain the highest standard of cybersecurity.
Keeper is ITAR compliant, with all development and engineering comprised of US-based employees that are U.S. Persons.
Keeper does not outsource any software development.
1Password has not exhibited the same rigor for security practices. It obtained SOC 2 Type 2 certification more than four years after Keeper, and it has still yet to obtain ISO 27001 certification.
1Password is not FedRAMP Authorized or in progress of achieving authorization.
1Password is based out of Canada, and software developers are located throughout the world.
Seamless SSO integration with No Master Password
Keeper integrates with all SAML 2.0 identity providers including Azure AD, AD FS, Okta, PingFederate, PingOne, Google Workspace, Duo, JumpCloud, OneLogin, Centrify and hundreds of others. Our SSO integration has been in production for over 5 years with thousands of successful deployments.
When using Keeper with SSO, there's no Master Password and encryption is performed using 256-bit Elliptic Curve keys.
Keeper holds multiple issued US utility patents on zero-knowledge SSO integration and other technology.
Keeper integrates with popular Passwordless providers like HYPR, Secret Double Octopus, Trusona, TraitWare and many others.
Keeper's SCIM integration supports seamless provisioning and lifecycle management that is fully cloud-based.
1Password recently launched an integration with Okta, but it's using OIDC, not SAML. It also requires customers to host an on-prem "SCIM Bridge" software product to provision users.
1Password does not integrate with Azure for seamless authentication.
1Password does not hold any issued US utility patents.
1Password does not integrate with passwordless providers.
Dark Web Monitoring
Keeper's BreachWatch® keeps everything in our infrastructure and protects hashes with hardware security modules.
BreachWatch backend architecture was built to prevent the correlation of a breached password to an actual password in the user's vault, no matter the size of the data breach. The hashing used in the breached password detection utilizes a physical Hardware Security Module to ensure that hashing can only be performed online - to prevent any threat of brute force attack on the BreachWatch data.
1Password sends customer-hashed passwords to 3rd party services such as "Have I Been Pwned,” putting full trust into a single person operation in Australia.
Keeper Provides Isolated Hosting in More Regions
Keeper offers hosting in the following regions:
- United States
United States Government Cloud
1Password only offers US, CA and EU hosting.
Keeper's Secrets Manager is a Superior Technology
Keeper provides 6 API languages and more than 20 integrations with popular CI/CD and developer tools. Management of secrets is fully integrated into the Keeper vault and the Commander CLI. Keeper's secrets manager platform provides record-level and folder-level access.
Keeper Secrets Manager (KSM) is fully cloud-based and does not require any on-prem components. KSM was built from the ground up to be fully integrated into Keeper's platform.
Keeper integrates with DevOps tools such as GitHub, Azure, AWS, GCP, Terraform, Docker, Kubernetes, GitLab, XSOAR and more.
Keeper Commander CLI provides hundreds of features which include vault management, user management, team management, advanced event reporting, compliance reporting, import/export and custom actions.
Keeper's Event Reporting API provides reporting on over 200 different event types broken down into 10 categories. Advanced queries with SQL-like syntax can be performed.
Compliance data is available through the API for admins with privileged access.
1Password's secrets automation platform offers only 3 languages and 4 integrations. 1Password only offers vault-level access to the secrets automation platform, not record or folder-level.
1Password requires an on-prem Connect Server. The Connect Server is deployed through Docker, and by default, does not include any encryption (hosted on http port 8080).
1Password's CLI provides basic vault and user/team management.
1Password's event reporting API only reports on Item usage and SignIn attempts.
Compliance data is not available.
Other Critical Differentiators
Keeper offers a multi-tenant MSP solution.
Keeper's node architecture allows different identity providers to be used within the same tenant.
Keeper Connection Manager provides privileged sessions and secure remote access.
Keeper Compliance Reports provides on-demand visibility to access permissions on records and credentials in your enterprise, without exposing secrets.
Keeper supports importing vaults from LastPass even if the users login with federated Okta/Azure/Google accounts.
1Password does not offer an MSP solution.
1Password does not offer node architecture or multiple identity providers.
1Password does not offer any kind of privileged session management software.
1Password does not provide compliance auditing tools.
LastPass folders become Vaults in 1Password. There's no concept of shared folders. Nested folders in LastPass will spin off more vaults in 1Password instead of creating subfolders.
1Password doesn't support importing federated LastPass vaults, which is critical for migration.