How much does Keeper really cost with add-ons?

Keeper's base individual plan costs $35/year, but key features are sold as add-ons: BreachWatch (dark web monitoring) is $20/year and secure file storage is $10/year. With both add-ons, the total is $65/year -- making Keeper more expensive than 1Password ($35.88/year) and Dashlane ($60/year), both of which include these features in the base price.

Is Keeper a good password manager?

Keeper is a capable, secure password manager with SOC 2 Type 2 certification, AES-256 encryption, and strong enterprise features. It excels in compliance-focused environments and offers excellent role-based access controls. The main drawbacks are its modular pricing model and the fact that it is not open source.

Is Keeper better than 1Password?

It depends on your needs. Keeper offers SOC 2 compliance, secure file storage, and enterprise-grade role-based access that appeals to business users. 1Password offers better consumer polish, Travel Mode, and the Secret Key security layer. For individual consumers, 1Password is generally the better choice. For compliance-focused organizations, Keeper may be preferred.

Does Keeper have a free plan?

Keeper offers a limited free trial but no permanent free tier for desktop or web use. There is a free mobile-only version with basic features, but it does not include sync or browser extensions. For a fully functional free password manager, Bitwarden is the standard recommendation.

What is Keeper BreachWatch?

BreachWatch is Keeper's dark web monitoring service that scans your stored credentials against databases of known breaches. It alerts you when any of your passwords appear in breach data and recommends changing the affected credentials. BreachWatch costs $20/year as an add-on to the base Keeper plan -- unlike 1Password and Dashlane, which include similar monitoring in their base price.

Password Managers

Keeper Review (2026)

10 min read Updated Mar 8, 2026

Complete Keeper review for 2026. Pricing, SOC 2 compliance, modular add-ons, security features, pros and cons, and who this enterprise-grade manager suits best.

Table of Contents

Keeper occupies a distinctive space in the password manager market. While competitors like 1Password and Dashlane optimize for consumer appeal and Bitwarden optimizes for value, Keeper optimizes for compliance, enterprise features, and security certifications. It is the password manager most likely to appear in a corporate procurement evaluation alongside names like CyberArk and Thales, yet it also offers individual and family plans that compete directly with consumer-focused alternatives. For the full landscape of options, see our password managers guide.

This dual identity – enterprise-grade security for individual users – is either Keeper’s strongest selling point or its most confusing one. This review examines what Keeper offers, what its modular pricing actually costs in practice, and who benefits most from its compliance-first approach.

Pricing

Keeper’s pricing model is distinct from its competitors in one important way: core features that other managers include in the base price are sold as separate add-ons. Understanding the true cost requires looking beyond the headline number.

Base Plans

Plan	Annual Cost	Monthly Equivalent	Users	Key Inclusions
Individual	$35/yr	$2.92/mo	1	Unlimited passwords, all platforms, password generator, autofill, secure sharing
Family	$75/yr	$6.25/mo	Up to 5	All Individual features, private vaults per user, shared folders, 10 GB file storage
Business Starter	$24/user/yr	$2/user/mo	Up to 10	Admin console, team management, basic policies
Business	$60/user/yr	$5/user/mo	Unlimited	SSO, SCIM, advanced policies, event logging, compliance reports
Enterprise	Custom	Custom	Unlimited	All Business features plus dedicated support, custom integrations

Add-Ons

Add-On	Annual Cost	What It Adds
BreachWatch	$20/yr	Dark web monitoring for compromised credentials
Secure File Storage (10 GB)	$10/yr	Encrypted cloud storage for documents and files
Concierge Service	$100+/yr	Dedicated setup and migration assistance

The base Individual plan at $35/year appears competitive – roughly matching 1Password at $35.88/year. But 1Password includes breach monitoring (Watchtower) and 1 GB of document storage in the base price. With Keeper, adding BreachWatch ($20/year) and secure file storage ($10/year) brings the total to $65/year – making Keeper the most expensive option once you factor in comparable features.

The Family plan at $75/year for five users is also more expensive than competitors: 1Password’s family plan is $59.88/year for five users, Bitwarden’s is $40/year for six users, and LastPass’s is $48/year for six users. However, Keeper’s family plan includes 10 GB of shared file storage, which others do not match.

For the complete pricing landscape, see our pricing comparison guide.

Security Architecture

Keeper’s security is built around compliance certifications and enterprise-grade practices that go beyond what most consumer password managers pursue.

AES-256 Encryption

Keeper encrypts all vault data using AES-256, the industry standard. Encryption and decryption occur locally on your device, with only encrypted data transmitted to Keeper’s servers.

PBKDF2 Key Derivation

Keeper uses PBKDF2-HMAC-SHA256 for deriving the encryption key from your master password. The iteration count is configurable and set to a high default. While PBKDF2 is not as GPU-resistant as Argon2 (used by Dashlane), it is well-established and adequate at high iteration counts, especially when combined with a strong master password.

Zero-Knowledge Architecture

Keeper operates on a strict zero-knowledge model. Your master password and encryption keys are never transmitted to Keeper’s servers. The company cannot access your vault contents under any circumstances, including legal compulsion. All encryption and decryption happens on your device.

SOC 2 Type 2 Certification

This is Keeper’s most distinctive security credential. SOC 2 Type 2 certification is an independent audit standard that evaluates an organization’s security controls over an extended period (typically 6-12 months), covering:

Security: Protection against unauthorized access
Availability: System uptime and operational reliability
Processing integrity: Accurate and complete data processing
Confidentiality: Protection of confidential information
Privacy: Proper handling of personal information

SOC 2 Type 2 is not a marketing badge. It requires extensive documentation, ongoing compliance monitoring, and regular re-certification by independent auditors. In enterprise procurement, SOC 2 compliance is frequently a mandatory requirement, and Keeper’s certification gives it a significant advantage in those evaluations.

Additional Security Credentials

ISO 27001 certified: International standard for information security management
Annual penetration testing: Regular third-party security assessments
FedRAMP authorized: Approved for U.S. federal government use
HIPAA and GDPR compliant: Meets healthcare and European data protection requirements
Bug bounty program: Active program for responsible vulnerability disclosure

For more on how password managers protect your data, see are password managers safe.

Key Features

Keeper’s feature set reflects its enterprise heritage, with capabilities that translate from corporate environments to individual use.

BreachWatch (Add-On)

BreachWatch is Keeper’s dark web monitoring tool. It continuously scans your stored credentials against databases of known breaches, compromised credentials, and dark web marketplaces. When a match is found, you receive an alert with specific guidance on which credentials to change.

BreachWatch is functionally similar to 1Password’s Watchtower and Dashlane’s dark web monitoring. The difference is that 1Password and Dashlane include this in the base price, while Keeper charges $20/year for it. This add-on pricing is Keeper’s most commonly criticized business decision.

Secure File Storage (Add-On)

Keeper offers encrypted cloud storage for documents, photos, and other sensitive files. The Individual plan includes no file storage by default – the 10 GB add-on costs $10/year. The Family plan includes 10 GB by default.

This feature is useful for storing scans of identity documents, insurance cards, tax forms, and other sensitive files alongside related credentials. The encryption is the same AES-256 used for passwords, and files are zero-knowledge encrypted before upload.

Role-Based Access Controls

Keeper’s permission system is the most granular among consumer-facing password managers. You can create shared folders with specific access levels, define who can view, edit, share, or manage records within those folders, and set up enforced policies for password complexity, sharing restrictions, and vault organization.

For families and small teams, this translates to clean separation between personal and shared credentials with clear rules about who can access what. For enterprises, it scales to complex organizational structures with department-level policies and delegated administration.

Keeper Commander (CLI)

Keeper Commander is a command-line interface and SDK that enables scripting, automation, and integration with DevOps workflows. You can automate password rotation, integrate Keeper with CI/CD pipelines, manage secrets programmatically, and generate reports. This is an enterprise feature that trickles down to technical individual users who appreciate automation capabilities.

Keeper supports one-time sharing links (which expire after the recipient views them or after a set time), ongoing shared folders with granular permissions, and record-level sharing with view-only or edit access. The sharing is encrypted end-to-end, and you can revoke access at any time.

Emergency Access

Keeper includes an emergency access feature that allows you to designate trusted contacts who can request access to your vault. You set a waiting period, and if you do not respond within that period, the trusted contact gains access. This feature is important for estate planning and emergency preparedness, and it is included in the base plan without requiring an add-on.

Cross-Platform Support

Keeper supports Windows, macOS, Linux, iOS, Android, and all major browsers. The apps are well-maintained and consistent across platforms. There is also a web vault accessible from any browser. Autofill reliability is generally good, with dedicated browser extensions handling most login scenarios.

Additional Features

Other features include a password generator, secure notes, credit card and identity autofill, two-factor authentication (TOTP, SMS, hardware keys), biometric login on mobile devices, vault record history, and a trash/recovery system for accidentally deleted items.

Pros and Cons

Strengths

SOC 2 Type 2 compliance. The most rigorous compliance certification among consumer-facing password managers. This is a meaningful differentiator for users in regulated industries or organizations with compliance requirements.
Enterprise features for individuals. Role-based access, granular sharing, CLI automation, and compliance reporting are available to individual and family users, not just enterprise customers.
Secure file storage. Encrypted document storage alongside credentials is genuinely useful, even if the add-on pricing is frustrating.
Clean security record. Keeper has not experienced a publicly disclosed data breach.
FedRAMP authorization. U.S. government approval is a strong signal of security rigor.
Emergency access included. No add-on required for this important feature.

Weaknesses

Modular pricing adds up. The base price of $35/year is competitive, but adding BreachWatch ($20/year) and file storage ($10/year) pushes the total to $65/year – making it more expensive than competitors that include these features by default. This add-on model feels like nickel-and-diming.
Not open source. Keeper’s code is proprietary. Users cannot independently verify the security implementation.
No free tier. There is no permanent free plan comparable to Bitwarden’s. The limited free mobile-only version is not a viable long-term solution.
Family plan is expensive. $75/year for five users is pricier than every major competitor’s family offering.
PBKDF2 over Argon2. While functional at high iteration counts, PBKDF2 is less resistant to GPU-based attacks than Argon2, which Dashlane already uses.
Enterprise features can overwhelm. The depth of configuration options and enterprise-oriented terminology can feel excessive for users who just want to store and autofill passwords.

Who It’s Best For

Keeper is the right choice for:

Compliance-focused users and organizations that need SOC 2, ISO 27001, HIPAA, or FedRAMP compliance from their password manager. Keeper’s certifications are unmatched in the consumer space.
Small business owners who want enterprise-grade access controls, audit logging, and security policies without enterprise-grade complexity.
Users who need secure file storage alongside their password vault and want both under the same zero-knowledge encryption umbrella.
Technical users who value CLI access and want to integrate password management into automation workflows.
Users in regulated industries (healthcare, finance, government) where the password manager must meet specific compliance standards.

Who Should Look Elsewhere

Consider alternatives if:

You want the best value. Bitwarden offers comparable core password management for free or $10/year, and 1Password includes breach monitoring at $35.88/year without add-ons. Keeper’s all-in cost of $65/year is hard to justify for pure password management.
You want a free tier. Bitwarden is the clear winner for free password management. See our best free password managers guide.
You want open-source transparency. Bitwarden and KeePass-based managers provide source code access that Keeper does not.
Compliance is not a factor. If SOC 2 and FedRAMP certifications do not influence your decision, Keeper’s primary differentiator does not apply, and other managers offer better value.
You prefer simplicity. If Keeper’s enterprise-oriented features feel like unnecessary complexity, 1Password or Dashlane offer a more streamlined consumer experience.

How PanicVault Compares

Keeper and PanicVault appeal to different priorities but share a focus on strong security. Keeper targets compliance and enterprise needs; PanicVault targets Apple users who want simplicity, data ownership, and freedom from subscriptions.

PanicVault is a one-time purchase – no annual fees, no add-ons, no recurring charges that grow over time. Your vault is stored in the open KDBX (KeePass) format, supported by dozens of applications across every platform. You own your data completely: it lives on your device or in your choice of cloud storage, with no third-party server holding copies of your encrypted vault.

For Apple users who do not need SOC 2 compliance or enterprise-grade role-based access, PanicVault offers strong password management in a native macOS and iOS app without the ongoing cost. It is the kind of tool that does one thing well and charges you once for the privilege – a refreshing alternative to the add-on-heavy subscription model.

The Bottom Line

Keeper is a serious password manager built for serious security requirements. Its SOC 2 Type 2 certification, FedRAMP authorization, and enterprise-grade features set it apart in compliance-focused evaluations where other consumer managers cannot compete.

For individual users, the calculus is more nuanced. The base plan at $35/year is competitive, but the features you will likely want – dark web monitoring and file storage – push the real cost to $65/year. At that price, Keeper needs to offer something that competitors do not, and for most consumers, the compliance certifications are not a deciding factor.

If you work in a regulated industry, run a small business with compliance requirements, or simply value the peace of mind that comes with the most extensively audited password manager on the market, Keeper is a strong choice. If your needs are simpler and your budget is tighter, the market offers compelling alternatives at every price point.

Password Manager Pricing Comparison – see how Keeper’s true cost compares across the market
Are Password Managers Safe? – the security fundamentals that underpin every manager reviewed here
Zero-Knowledge Encryption Explained – how Keeper and its competitors protect your data
What Happens If a Password Manager Is Hacked? – understanding the breach scenarios Keeper’s architecture defends against
Free vs Premium Password Managers – evaluating whether Keeper’s premium features justify the cost

Protect Your Passwords with PanicVault

A secure, offline-first password manager using the open KeePass format. Your passwords, your file, your control.

Download on the App Store