How secure is Keeper Password Manager for storing organizational credentials?
Keeper uses a zero-knowledge security model, which means all data is encrypted and decrypted locally on the user’s device. Keeper employs AES-256-bit encryption and PBKDF2 key stretching, ensuring passwords, files and credentials remain protected from unauthorized access—even by Keeper or MOREnet.
Can anyone recover access if vault access is lost?
No, only MOREnet super admins can transfer a vault. If a vault custodian becomes incapacitated, passes away or departs unexpectedly, MOREnet follows a formal Protocol for Vault Recovery, ensuring vault access is recovered securely and with documented verification of organizational ownership and authorization. The original owner will be notified by email, and transfer is recorded in the logs.
Who is authorized to initiate a vault transfer under this protocol?
Only MOREnet Security personnel with super admin roles in the Keeper Admin Console are permitted to initiate vault transfers. Such transfers are only processed on a verified request from an authorized organizational representative or if the Keeper service is formally discontinued.
How does the vault transfer process work?
The transfer follows a structured, auditable procedure:
An authorized representative submits a written request from an official organizational email detailing the reason for transfer.
MOREnet opens a secure case ticket and verifies the request with a second authorized Institutional Representative (IR) from the same domain.
A live video call is conducted with both representatives to confirm identities using government-issued IDs.
Upon verification, vault ownership is securely transferred to a designated account within the same organization, and the prior user license is deleted.
The requester confirms successful vault access, and the completed documentation is attached to the case before closure.
How does this process ensure security and compliance?
Each step—identity verification, case documentation and video confirmation—is auditable and designed to uphold cybersecurity best practices and ethical standards for data custody. No plaintext credentials are ever exposed during the process, and all transfers are securely logged for accountability.
