Encryption, Security Program Controls/Technologies

Keeper Security Releases 24-Word Password Recovery Phrase Solution

single sign on (SSO) to login other webpage with one username and password vector

In “24 words”… Keeper Security has debuted a more secure method of account recovery to provide customers with a higher level of protection against emerging cyber threats.

Keeper Security’s 24-word recovery phrase replaces the current security question-and-answer recovery method, the company announced in a prepared statement. It serves as a break-glass method of recovering a Keeper Vault in the event that a user forgets their master password.

The recovery phrase generates a unique 256-bit AES key that decrypts a copy of the user's 256-bit AES data key. The data key then decrypts each individual record key that, in turn, decrypts each vault record.

Password Protection Advances

Keeper Security is a provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, privileged access, secrets and remote connections. Commenting on the 24-word recovery phase capability, Keeper Security co-founder and CEO Darren Guccione, said:

"We are thrilled to introduce this revolutionary new feature to our users. At Keeper, we are committed to providing our customers with the most advanced and secure password management solutions available. The 24-word recovery phrase is just one example of our ongoing investment in new and more robust technologies to counter emerging cyber threats."

Users who have security questions enabled on their vaults will be prompted to replace their security answer with a strong 24-word recovery phrase, Keeper Security explained. The company emphasized the importance for users to store this recovery phrase in a safe place such as a physical safe, and not on a computer, phone or other device.

If someone forgets their master password and loses their recovery phrase, they will not be able to access their Keeper vault, the company noted. Due to Keeper's zero-knowledge architecture, the Keeper team cannot regain a lost recovery phrase. To deploy this new capability, users are encouraged to ensure that all of their Keeper applications are up to date.

Keeper Adds Platform Enhancements, Builds MSP Partner Network

In September 2022, Keeper Security added capabilities to its KeeperMSP platform to help MSPs manage security and compliance for their customers, MSSP Alert reported.

The new capabilities empower Keeper Security’s MSP partners with the ability to support a zero-trust security model for maximum protection. In doing so, they provide partners with new revenue growth opportunities and help them further distinguish themselves from competitors in the managed security services market, the company said.

Additionally, Keeper Security brought to market the One-Time Share feature for its cybersecurity platform last year. One-Time Share lets end-users share secure links over email or text message without the risk of exposing sensitive information, Keeper Security said. It provides users with time-limited, secure sharing of a password, document or other confidential information to a recipient who does not have a Keeper account. Accordingly, One-Time Share promotes secure information-sharing.

MSPs can join the Keeper Partner Network to integrate the company’s password and secrets management capabilities into their offerings.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.