Keeper Review (2025): Enterprise-Level Password Management for Everyone

Anything stored in your Keeper vault is called a record. There are several different record types, including logins, credit cards, identities, secure notes, and software licenses, but you can also create a general record with any fields you want, as well as add custom fields and attach files to other record types. Rather than tags or categories, Keeper lets you create folders and nest folders within each other.

You can share at the recording or folder level. Record sharing speaks for itself, but folder sharing is interesting. Rather than sharing an entire vault, as you have to do with a service like Proton Pass, you can create a shared folder with a permission structure similar to Google Drive. You can set your records to be view only, grant shared users edit access, and even allow users to add and manage other users.

These sharing settings are not strictly global. You can configure a shared folder to be read-only, but give certain users the ability to manage users and/or records, and you can change permissions on individual records in that folder. Some records can be viewed only, while others can be unlocked for editing.

You can share individual recordings in several ways. You can share them in perpetuity, but you can also create unique sharing links for non-Keeper users. Access is limited to a single device via this link. If you need something even more temporary, you can create a self-destruct recording, which will be shared and then deleted shortly after the recording is opened.

Guardian Safety

Keeper uses a zero-knowledge, zero-trust security architecture. Each recording you store in Keeper is individually encrypted with its own AES-256 key. These keys are then wrapped in another AES-256 key, derived from your master password. Even if someone broke your AES-256 key (unlikely), it wouldn’t unlock your individual recordings.

All encryption happens locally, so Keeper never sees the data in your vault and doesn’t have the keys to decrypt it (read our access key explanation to learn more about public key encryption and how zero-knowledge models work). This gives you full end-to-end encryption, and to ensure nothing happens during transport, Keeper generates an additional AES-256 transmission key to protect data against man-in-the-middle attacks.

A zero-knowledge security architecture and multiple layers of encryption are expected from a password manager, but what stands out about Keeper is the transparency of its security architecture. Probably because of its enterprise focus, Keeper maintains extensive documentation of how it works and the protections in place.

Keeper has many tools for operational security. In the browser extension, for example, there is a clipboard expiration setting that defaults to 30 seconds. Anything you copy will be automatically erased. There is also a warning that will automatically display if you attempt to autofill an HTTP address, preventing your credentials from traveling over an insecure network.

Keeper’s business focus works surprisingly well for personal use. The security architecture is top-notch, the apps are feature-rich, and the sharing capabilities are second to none. Where Keeper loses is price. Although its price is in line with the rest of the market for a single user, it is a little high for a family plan. And features that come standard with other password managers, such as Dark Web monitoring, are paid add-ons.