In a world where data security is paramount, Martarna today will discuss an important development from Keeper Security, one of the leading password management tools. Keeper Security is transitioning from the traditional security question-and-answer recovery system to a more secure 24-word “recovery phrase” feature.
What is a Question and Answer Recovery?
This is a popular method of authenticating a user if they have forgotten their password. Users are asked to answer pre-defined security questions, such as their place of birth or mother’s maiden name. While it is encouraged to record an answer that doesn’t match the question. It is hard to have users follow this advice. Instead, users will record an answer they feel no one will know except for themselves. However, the answers can be guessed or easily found through social engineering techniques or through social media of the person or from family or friends.
What is a Recovery Phrase?
For those who may not be familiar with it, a recovery phrase serves as an emergency key to regain access to your Keeper Vault if you forget your master password. Keeper is using the same word list used by cryptocurrency wallets, offering a robust encryption mechanism with 256 bits of strength. The BIP39 list comprises 2,048 carefully selected words to generate this encryption key. Each word is chosen to optimise visibility and minimise errors during the recovery process.
What Does This Mean for Keeper Users?
If you’re using Keeper’s security questions for your vault, the tool will prompt you to switch your security answer to a 24-word recovery phrase. Keeper will generate this phrase, and it’s recommended you store it in a safe place, like a physical safe.
This new feature only replaces your security answer – not your master password, fingerprint, or Face ID. And while Keeper will generate this phrase for you upon login, you can choose to skip it. However, remember that without a recovery phrase, you won’t be able to recover your account if you forget your master password. If the vault is with an organisation, then discuss with your Keeper administrator for their assistance to recover the contents of your vault. This final recovery method is only available if you accepted the transfer policy when you initially set up your vault.
The 24-word recovery phrase generates a unique 256-bit AES key that encrypts a copy of your 256-bit AES data key. This data key decrypts each record key, which in turn decrypts each vault record. To recover the account and reset the master password, you must provide the recovery phrase and an email verification code. Users with Multi-Factor Authentication (MFA) enforced will also need to pass the MFA step.
Implications for Business and Enterprise Accounts
For Keeper administrators managing business and enterprise accounts, the new recovery feature can be disabled for users in the role enforcement policy section of the Keeper Admin Console. Account recovery can be used even with SSO-enabled accounts if it’s enforced by the Keeper administrator.
Final Thoughts
While this new feature enhances account recovery security, it’s crucial to remember that if you forget your master password and lose your recovery phrase, you won’t be able to access your Keeper Vault. Keeper’s zero-knowledge architecture ensures neither the Martarna nor Keeper teams can help recover a lost recovery phrase.
Martarna is thrilled to see this innovation from Keeper Security, which reinforces our shared commitment to providing the most secure and user-friendly password management solutions.
To learn more, click here.