Keeper deploys Kyber to shield passwords from quantum

Keeper Security has rolled out quantum-resistant encryption across parts of its password management and privileged access management products, as security vendors prepare for a future in which large-scale quantum computers could undermine widely used public key cryptography.

It has integrated the Kyber key encapsulation mechanism into its platform. Kyber is a post-quantum cryptography algorithm selected and standardised by the US National Institute of Standards and Technology (NIST).

Most internet security still depends on public key methods such as RSA and elliptic curve cryptography. Those algorithms remain widely trusted against today's attackers, but researchers have long warned that sufficiently capable quantum machines could solve some of the hard mathematical problems that make these systems secure.

Quantum risk

That threat has driven interest in post-quantum cryptography, which aims to resist both classical and quantum attacks. NIST has urged organisations to begin planning for migration, after finalising Kyber in 2024 as one of its first post-quantum standards.

Security teams have also highlighted the danger of "harvest now, decrypt later" attacks. In that scenario, adversaries collect encrypted traffic today and store it for later decryption once quantum computing matures. Data with long confidentiality lifetimes, including financial records, health information and intellectual property, is often cited as being most exposed.

Keeper's Kyber deployment focuses on client-server communications, using a hybrid approach that combines elliptic curve cryptography with Kyber.

"Public key cryptography, including RSA and ECC, still provides strong defense against modern threats, but quantum computing changes the rules," said Dr. Adam Everspaugh, Cryptography Advisor, Keeper Security. "Keeper's hybrid approach combines battle-hardened, elliptic curve primitives with Kyber's lattice-based cryptography. This layered defense ensures customers remain protected against today's attackers while also guarding their data from adversaries armed with quantum capabilities in the future."

Phased rollout

Kyber-based protection is now live in its backend APIs and in Keeper Commander, which is used for administration and automation tasks. Mobile platforms will follow, with a phased expansion across the wider product range.

The implementation is "crypto-agile", meaning it is designed for rapid cryptographic updates as standards evolve. It also maintains backward compatibility through software upgrades.

The updated encryption secures the authentication handshake between client and server and protects encrypted tunnels for data in transit. Customers receive the quantum-resistant cryptography automatically when they upgrade, with no configuration changes required.

The move places Keeper alongside a growing list of technology groups that have introduced post-quantum defences for certain use cases. Apple iMessage, Signal, Google Chrome and Cloudflare have deployed similar protections, with initial rollouts beginning in 2024.

Product context

Keeper sells password management and privileged access management tools. These products sit at the centre of how organisations control administrator accounts, manage shared secrets and approve access to sensitive systems. The sector has drawn heightened scrutiny as attackers increasingly target identity systems and administrative pathways rather than exploiting perimeter controls alone.

Privileged access management products can also limit lateral movement after an initial breach by restricting standing privileges and reducing the time window in which a compromised account can cause harm.

Keeper says its platform follows zero-trust and zero-knowledge principles. In practical terms, vendors use these approaches to reduce implicit trust within networks and to limit what service providers can see in customer vaults.

Darren Guccione, CEO and co-founder, described the Kyber rollout as an early move rather than a response to an immediate break in existing cryptography.

"Cybersecurity cannot be reactive. Waiting for quantum computers to arrive before acting would leave organizations dangerously exposed," said Darren Guccione, CEO and Co-founder, Keeper Security. "Keeper's deployment of Kyber is about foresight - helping our customers build resilience that spans both the threats they face today and the seismic changes on the horizon. We are ensuring that sensitive systems, credentials and secrets remain secure for decades to come."

Keeper also pointed to a range of security and compliance credentials it holds across its business, including SOC 2 Type II and ISO 27001, as well as FedRAMP High Authorisation, GovRAMP High Authorisation and FIPS 140-3 validation.

The Kyber-based deployment is live in key parts of its stack and will expand to additional components, with mobile support and broader platform coverage planned as the rollout progresses.