Bitwarden versus Keeper

Some comparisons of Bitwarden versus Keeper arrive at the conclusion that Bitwarden is the best free password manager, while Keeper offers a better premium service. However, these comparisons fail to mention that Keeper offers an extremely limited free service nor that many of its add-on premium services are provided as standard in Bitwarden´s premium and business plans.

Furthermore, questions exist about the authenticity of Keeper´s claim it is a zero-knowledge solution. Genuine zero knowledge is an important factor when evaluating vault-based password managers because, if the provider´s servers are hacked or the provider has a malicious insider in its workforce, the data stored on the provider´s servers cannot be deciphered.

However, Keeper has never adequately explained how its Breachwatch feature is capable of proactively checking for compromised passwords nor how the password manager supports master password and account recovery under a zero knowledge model. This lack of transparency should be a concern to security-conscious individuals and businesses trusting Keeper with sensitive data.

Bitwarden´s Zero Knowledge Model

The Bitwarden password manager is built on open-source software which means its code is publicly available for anybody to review. In addition, Bitwarden runs a bug bounty program that rewards members of the open source community if they find a vulnerability in the code. Consequently, bugs are identified and fixed quickly whenever an update is released or a new threat emerges.

With regards to Bitwarden´s zero knowledge model, every bit of data is encrypted at device level when it is entered using an encryption key derived from the user´s email address and master password. Following the key-creation process (known as PBKDF2), Bitwarden salts and hashes the master password with the email address before transmission to its servers.

Once Bitwarden´s servers receive the hashed password, it is salted again with a cryptographically secure random value, hashed again, and stored. Because the hash functions are one-way hashes, they cannot be reverse engineered by a hacker or malicious insider, so no-one will ever be able to crack your master password and access the content of your vault.

Is Keeper Really Zero-Knowledge?

Two features of the Keeper password manager suggest it is not a zero knowledge solution. The first is its Breachwatch feature which – Keeper claims – “constantly scans vaults for passwords that have been exposed on the dark web”. While claiming the feature “maintains the company´s zero-knowledge commitment”, nobody has explained how Breachwatch accesses data in a locked vault.

By comparison, Bitwarden offers Vault Health Reports among its premium services. Vault Health Reports have to be run manually by a user or an administrator (for shared passwords only) when the user/administrator is logged into their vault and therefore the content of vaults is decrypted. In addition, Bitwarden´s Vault Health Reports identify more than just exposed passwords.

The second feature which suggests Keeper is not really a zero-knowledge solution is the account recovery feature. Most password managers do not have knowledge of users´ master password; and, if you forget your master password, you are forever locked out of your vault. However, Keeper´s account recovery feature suggests the hash functions used on users´ master passwords can be reverse engineered.

Other Differences between Bitwarden and Keeper

Bitwarden versus Keeper: Free, Personal, and Family Services

Bitwarden´s free service is rightly regarded as one of the best. It allows users to save an unlimited number of passwords across an unlimited number of devices with a selection of web access, browser extensions, desktop apps, and mobile apps. Bitwarden´s free service also includes automatic synchronization, a secure messaging feature and two step login. There is also a free two-person plan.

By comparison, you can only take advantage of Keeper´s free plan if you sign up for a free trial of its Unlimited plan and then opt out of paying for the service once the free trial has ended. Thereafter, you are allowed to use Keeper for free on one mobile device only, and then only to access stored passwords. The Keeper free service does not autofill web forms with login credentials, payment details, or other saved data.

Bitwarden´s premium service for personal and family users includes secure file sharing, secure file storage, advanced two factor authentication, and the previous mentioned Vault Health Reports. Keeper offers personal and family users two options – one comparable to Bitwarden´s premium service, and the second minus the file storage, advanced 2FA, and Breachwatch capabilities.

netsec.news Bitwarden versus Keeper personal Plans

Bitwarden versus Keeper: Business Services

Bitwarden and Keeper both offer two options for businesses. The first is equivalent to the premium /unlimited personal plans for any number of users with additional user management features and event logs (Bitwarden) or activity reports (Keeper). Keeper´s “Business Plan” also includes a policy engine for businesses to enforce password policies (an Enterprise feature in Bitwarden´s plans).

Thereafter, the two providers´ “Enterprise Plans” are very similar inasmuch as they support AD/LDAP integrations, email auto-provisioning, and Single Sign-On capabilities. However, not only does Keeper not advertise a price for its Enterprise Plan (because it varies according to the number of users) features such as Breachwatch, shared file storage, and security alerts are additional add-ons.

Netsec.news Bitwarden versus Keeper Business Plans

 

Conclusion: Bitwarden Represents better Value-for-Money

Our comparison of Bitwarden versus Keeper demonstrates that Bitwarden is more than a very good free password manager and compares favorably with a competitor that describes itself as “the top-rated personal and business password manager for protection from password-related data breaches and cyberthreats.”

Not only do concerns exists about Keeper´s zero knowledge claims, but all its subscription plans lack price-competitiveness when compared against Bitwarden´s equivalent plans. Indeed, once you include the additional add-ons, Keeper´s Enterprise Plan could cost more than twice Bitwarden´s Enterprise Plan for no extra protection from password-related data breaches and cyberthreats.

If you would like to conduct your own comparison of Bitwarden versus Keeper, both providers offer free trials of their business plans. Naturally, Bitwarden also invites users to check out its free individual and two-person plans before upgrading to a premium plan or family plan. If you take advantage of Keeper´s free “Unlimited” trial in order to access the free plan, be careful to cancel the trial before the first payment is due.

Bitwarden versus Keeper FAQs

What is the difference between basic two step login and advanced two step login?

With basic two step login, the second authentication step is usually a PIN-code sent to your device by email, SMS, or an authenticator app. With advanced two step login, the second authentication step is usually activated via a hardware authenticator such as YubiKey. The advanced option is considered the more secure because the possibility exists a user may lose the device which receives the PIN-code, while there is less chance of losing a hardware authenticator.

How does Bitwarden´s self-host option work?

Most vault-based password managers store data in servers deployed in the cloud. If you self-host, the data is stored on your PC (for individual and family plans) or on workplace servers (for business plans). While self-hosting can help overcome compliance issues in regulated industries, it should only be attempted if you have the technical skills required to support the additional administrative overhead.

Why can Bitwarden administrators only run Vault Health Reports on shared passwords?

When you subscribe to a Bitwarden business plan, each user´s vault can be used to secure personal login credentials, payment details, and other sensitive data. Business login credentials, payment details, and other sensitive data are shared with the user via “collections”, and administrators can only run Vault Health Reports on collections. All the personal information put in a vault by a user remains confidential and unseen by the administrator or any administrative tools.

If you create a complex master password, doesn´t that increase the chances of forgetting it?

When you create a master password, you should also keep a hard copy of it to ensure you can always access your password vault. However, sometimes you may need to access your password vault when you don´t have the hard copy with you. One solution is to create a memorable passphrase that is sufficiently complex to resist brute force attacks. This blog article provides some advice on how to create the perfect master password.

What´s the difference between Keeper´s account recovery and Bitwarden´s emergency access?

To activate Keeper´s account recovery process you need to enter a verification code, answer a security question (which you will have provided at the account creation stage), and enter a two factor authentication code. Bitwarden´s emergency access feature enables you to share a time-delayed secure message containing your master password with a trusted contact, who can either have full access to your vault or read-only access.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news