The 24-word recovery phrase, the newest feature from Keeper Security, the top provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, privileged access, secrets, and remote connections, has just gone live. The goal of this updated and safer method of account recovery is to offer Keeper users the highest level of defence against new dangers.
The current user-customizable security question and answer recovery procedure is replaced by the 24-word recovery phrase. In the event that a user forgets their master password, it functions as a break-glass method of recovering a Keeper Vault. A copy of the user’s 256-bit AES data key is encrypted until the recovery phrase generates a special 256-bit AES key that decrypts it. Each unique record key is then decrypted by the data key, which in turn
The same BIP39 word list that is used to protect cryptocurrency wallets has been used by Keeper to implement recovery phrases. The 2,048 words in the BIP39 word list are used to create an encryption key with 256 bits of entropy. This recovery technique is frequently applied in well-known bitcoin and cryptocurrency wallets. Each word in the BIP39 list was chosen with care to increase visibility and reduce the likelihood of mistakes during the recovery process.
Darren Guccione, CEO and co-founder of Keeper Security, said, “We are thrilled to introduce this revolutionary new feature to our users. “At Keeper, we’re dedicated to offering the most cutting-edge, secure password management solutions to our customers. The 24-word recovery phrase is merely one illustration of our ongoing commitment to investing in more advanced technologies to thwart new cyber threats.
Users whose vaults have enabled security questions will be asked to replace their security response with a reliable 24-word recovery phrase. Users should keep this recovery phrase off of their computer, phone, or other electronic device and instead keep it in a secure location like a physical safe. Users need to have the recovery phrase and supply an email verification code in order to recover the account and change the master password. Users who have 2FA enforced must also successfully complete the two-factor authentication step.
Account recovery for users may be disabled by Keeper administrators for business and enterprise accounts in the role enforcement policy section of the Keeper Admin Console. If required by the Keeper administrator, account recovery can be used with SSO-enabled accounts.
The user will not be able to access their Keeper vault if they forget their master password and misplace their recovery phrase, it is very important to note. The Keeper team is unable to assist in the recovery of a misplaced recovery phrase due to the zero-knowledge architecture of Keeper.
Users are urged to update all of their Keeper applications in order to take advantage of this new feature.