Keeper Password Manager

Typical invite email from Keeper.

• Check your email for a message from Keeper Team <noreply@keepersecurity.com>.
• Click the “Set Up Your Account Now” link.
• After you’re directed to your Keeper vault, accept the credential transfer consent pop-up.

• Log in with your Luther email at keepersecurity.com/vault or in the Keeper App for your device
  
• You’ll be directed through our Microsoft SSO process.
• If you’re signing in from a new device, you’ll need to accept the login from another device where you’ve used Keeper.

Pinning the Keeper extension in Chrome

• For day to day use on a computer, install the Keeper browser extension. Pin the extension where you can find it:
  • Chrome and Edge: Show your extensions by clicking on the puzzle piece icon to the right of the address bar—click the push-pin icon next to the Keeper icon.
  • Firefox: Nothing to do here! Firefox does this step for you.
  • Safari: Install the Keeper App first, then enable “KeeperFill” in the “Extensions” section of Safari’s Preferences (Command+,).
• To import passwords, you’ll need the Keeper App on at least one device. You can install the app on assigned Luther-owned workstations and on personally-owned devices, including mobile devices. If you’re only using the desktop app to import passwords, you can delete it after you’re done with the import

Importing from LastPass using the Keeper desktop app.

Note:If you’re importing into your personal, non-work Keeper account (i.e. your free Keeper Family License for Personal Use), clear out any work-related passwords from your original password manager before performing the import.

• In the Keeper App, from the drop down menu behind your username in the upper right, choose “Settings”.
• Find “Import” in the left sidebar of settings, and choose to import “From a password manager” (We don’t allow import from CSV and we discourage ever putting passwords in a CSV.).
• Choose to import from another password manager or browser. After you choose a service, you’ll often need to supply the username and password you use for your other password manager.
• After you’ve successfully authenticated, you’ll see a list of credentials that will be imported, but can’t change this list.

After transition, you’ll have some cleanup to do:

• Spot check your passwords to make sure your import was successful.
• If someone shared passwords with you through your previous password manager, ask them to re-share those records. Similarly, if you shared passwords with others, share them again, after they have created their Keeper account.
• De-duplicate shared records and folders that were created by the import process.
• Remove your old password manager from your devices (e.g. delete browser extension or clear passwords from your browser’s built-in password store).
• Visit Keeper’s “BreachWatch” and “Security Audit” sections. Change passwords for any service marked as at-risk, reused, or weak.

Using Keeper to fill passwords on a login page

• Sign in to the extension whenever you start working.

• On sites that Keeper has saved, Keeper will often log you in automatically or, if multiple records exist, ask you to pick which set of credentials to use.
• On sites that Keeper doesn’t know, Keeper will ask to save your credentials after you log in.
• If Keeper isn’t filling credentials for a site you know it has saved, you might need to click the Keeper extension or click the lock icon at the right of the username or password field.

Generating a password with Keeper.

• Visit the password reset page for the relevant service.
• The Keeper browser extension should offer to help you reset your password, using a strong password that the extension generates. 
• If Keeper doesn’t offer to help, you can generate a secure password directly from the extension icon. You can also use this method if you want to customize the random password, like by requiring capital letters, for example.
• Keeper will offer to “save changes to your vault” after your new password is accepted by the website. If it doesn’t, find the record in your vault and manually update the password.

Sharing from a Keeper record.

• To share a single record, open that record within your vault, and choose “Sharing” from the “Options” drop-down menu.
• Enter the email address of another Keeper user and choose their level of access to this single record.

• Choose “Shared Folder” from the “Create New” menu in your vault.
• Give your folder a name and decide where it should live within your own vault.
• Set the “User Permissions”, which defines whether the people you invite can change, add or remove records and other users. 
• Set the “Record Permissions”, which defines whether the records in the folder can be viewed, edited, or shared again by people with access to the folder.

You can use Keeper as your multi-factor authenticator for any site that allows an authenticator app—sometimes the site will call this option “TOTP”, “HOTP”, or “verification code”. You can’t use Keeper in place of other multi-factor methods like text message, phone call, email, security key, or biometric lock.

• Begin the multi-factor setup process on the website for which you want to add multi-factor authentication. You’ll usually find this in the “Security” section of your account settings.
• Pause when the site presents a QR code or a long text code made of letters and numbers—This is what we’re going to put into our Keeper record.
• Go to your Keeper Vault, edit the matching site record, and choose “Add Two-Factor Code”. You’ll begin a series of setup pop-up windows.
• Choose “Manual Entry” on the next screen.
• Paste your website’s long text MFA setup key into the “Secret Key” field and click “Add”. If your website is only showing a QR code, look for an option like “can’t scan code” to expose the text version of that code.
• Now we just need to confirm Keeper’s rotating code with our original website. On the original website, proceed until it prompts you for a verification code, then enter the new rotating code from your Keeper record.
• Optional: Your original website will likely ask you to setup a second MFA method so that you don’t get locked out. If you have the option, we recommend choose a backup code/one-time code option and storing those inside your Keeper record.

Employees can sign up for a free Keeper Family License for Personal Use, and should use that account for personal credentials. Plans include 5 seats and can store up to 10gb. After their employment ends, former employees retain access to the personal Keeper account, but it becomes a paid service after 30 days.

• In your vault, from the drop down menu behind your username in the upper right, choose “Account”.
• In the “Subscription” section, enter your personal email address. Don’t put an @luther.edu address here.
• Accept the verification email that was sent to your personal email address.

Norse Keys present some unique challenges because they are used across so many sites and used to log into Keeper itself.

First, your Norse Key is the one password you’ll need to be able to remember and type—it’s what logs you into Keeper. We recommend using the passphrase method to generate strong, memorable Norse Keys.

Furthermore, when you change your Norse Key, you’ll be kicked out of Keeper and it won’t save your updated password. Immediately after your password reset, you should log back in to Keeper and update your Norse Key record.

Because multiple sites use your Norse Key, you also might end up with multiple Norse Key records—we recommend picking one of them, clearly renaming it “Norse Key”, and deleting the rest.

You should also tell Keeper to use your Norse Key record on multiple sites, specifically “luther.edu”, “microsoftonline.com”, and “google.com”. From within your Vault, open your primary Norse Key record and choose to add new “URL” fields, one for each of these sites.

Find another device where you’ve logged in in the past and bring up your Keeper Vault on that device. On the second device where you’re trying to sign in, choose “try another way” and then choose to send the push notification again.

Importing is a blunt tool and you’ll need to do some cleanup afterwards. Think of it as an opportunity to audit your passwords!

Uninstall other password manager apps and browser extensions on your device and ask your browser not to offer to save passwords from the browser’s settings. We automatically disable any built-in browser password managers on Luther-owned workstations assigned to you when you are given an institutional license.

First make sure you have the extension installed and that you’re signed into it, then try refreshing the page. If Keeper still doesn’t recognize the site, manually fill in the credentials from the browser extension or your vault. Even when you’ve done everything right, Keeper might not work well with some sites—common causes are that the site might be miscoded, might deliberately disallow autofill, or might separate the username and password fields onto separate pages.

You’re signed into a different Microsoft account in the same browser session—This could be another Luther account or an account from a different institution. Clear your cookies from microsoftonline.com and try again. If this is a recurring issue, we recommend creating separate browser profiles for each of your personal and work identities.

You should store all your Luther-related credentials in Keeper, including your Norse Key. Keeper can also help with multi-factor logins like Google, either replacing or supplementing some of your current methods—for example, you might store your backup codes here or use Keeper to generate randomized verification codes, just like a dedicated authenticator app.

You should not use your work Keeper account to store personal credentials—use the free Keeper Family license for that.

You should use Keeper for work-related passwords. In your personal life, you’re welcome to use the free Keeper Family license available through Luther.

We use a password manager because most of us have more passwords than we can safely store or remember. The passwords you store in Keeper are encrypted and can’t be exposed to other people without your consent, including ITS at Luther, Keeper employees, the government, or hackers. Your passwords get even stronger when you let Keeper generate them for you, and that’s one less password you have to remember, too.

Keeper is one of the oldest, most trusted password managers, has a strong security record, and meets stringent government standards.

Keeper uses the same single sign-on process that some of our other sites use, like Norse Hub and KATIE. If you’ve already signed into one of those other services recently, you were already signed in to Keeper.

Departing employees will lose access to their account when their employment ends. After their employment ends, employees retain access to the their Keeper Family account, but it becomes a paid service after 30 days.