Among the more shocking revelations in last year’s GAO audit of the Department of Defense’s weapons system cybersecurity was the following quote:
“Poor password management was a common problem in the test reports we reviewed. One test report indicated that the test team was able to guess an administrator password in nine seconds. Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the Internet…”
Yes, that’s right. It took a test team a whole nine seconds to guess the password to a major weapons system. Failing that, hackers could look up default passwords on the Web and proceed to launch nuclear cruise missiles at will. Okay, maybe that’s an exaggeration, but not by much. The story illustrates the importance of good password management. This is a problem that Keeper Security is trying to solve.
Keeper Security uses a “zero knowledge security architecture.” The app does not know your passwords. “We couldn’t decrypt your passwords even if we wanted to,” said Darren Guccione, CEO & Co-founder at Keeper Security, Inc. “The app encrypts your password before it enters the app. There’s a 256-bit record key that’s used on user sign-in, based on a 2FE key USB. There’s no shared vault, a common flaw in other password manager tools.”
The Keeper app can store credit cards, enabling the app user to assign permissions to a different user. This feature may become helpful for companies that need to comply with PSD2 credit card regulations in the EU. The new rules require a person making a credit card purchase to have the card holder’s unique PIN. This is problematic for situations where an assistant is making an airline reservation for an executive, for example. Keeper would solve this problem, making it possible for the assistant to use his boss’s credit card without having to know the cardholder’s PIN.
The company started in the consumer space, but is now aggressively pursuing the corporate market. Keeper now has about 7,000 SMB and enterprise accounts. The corporate version of the app creates high-strength, random passwords. It can also store files like photos and medical records.
An emergency mode allows trusted users like family members to gain access to passwords if the need arises. This feature includes a seven-day delay. “If you’re in the hospital and don’t respond for 7 days, we let your designated contacts access your account,” Guccione explained.
Moving into the B2B market has led Keeper to add a number of new functions and integrations. The app is now accompanied by an admin console for centralized management of multiple employee accounts. An alert system can inform admins if there is suspicious activity like multiple failed logins on a user account. Now equipped with an SDK, the toolset is also integrates with platforms like MySQL, Splunk and AWS.