Cyber Security with Keeper Password Management and Digital Vault

MARTIN MCDERMOTT: I'm really happy to have you on the show today Darren. I was telling Arron Gessner, who you and I both know, that last year I got an email from my web service provider that I recently changed my password and I did nothing of the sort. So I called the company up and sure enough someone tried you know breaking into or hacking into our site. So I think everyone believes that having your website hacked and your private information stolen can happen to somebody else but that's not the case is it?

DARREN GUCCIONE: No, I mean it’s pretty common. I think you know specifically 3 out of every 4 websites out there will eventually be hacked and it's basically a cybersecurity war.

MARTIN MCDERMOTT: It was terrifying you know Darren happens because I'm connected all day, so I mean of course we found out about it right away but I said my God what if I was away on vacation or God only knows what would happen when I came back you know to the website. I mean your services are so important. Maybe we can start off with what is Keeper and how does that work?

DARREN GUCCIONE: Keeper is a password manager and digital vault. So just imagine having your own private secure ubiquitous vault for storing all of the passwords and information that sacred to you. So everything from log in credentials to all of your websites, secret codes, credit card information, bank information, routing numbers, images of your driver's license, passport, secret documents, secret photos, files, videos and everything that you want completely encrypted and private is kept in this very simple and straightforward vault that sinks and works with all of your devices. So it works on smartphones, tablets, computers, and also integrates with your web browser. You never really have to remember any passwords ever again; it's very easy to use.

MARTIN MCDERMOTT: Which is fantastic Darren because I mean if you think about it we have enough things to remember during the course that day right? I mean so instead of writing these things on little post-it notes it really frees up your brain doesn't it?

DARREN GUCCIONE: Yeah I mean it's essentially like a gigantic second brain and the beauty of the product is that it makes security and convenience one beautiful thing. It's really a unifying type of product from that perspective in traditionally you know when you hear about the security products out there you know most people think all this is going to be more difficult to use its a pain in the ****, I don't want to have to even think about it. With Keeper, we've really tried to just work on simplicity and security in one platform.

MARTIN MCDERMOTT: It was a great entrepreneurial story too. I mean when I was reading about you and your biography there and your business partner, I mean you pretty much were talking about this thing. Was it on the way to China or coming back from China? Is that how it the whole idea started?

DARREN GUCCIONE: It was on the way to China. We had a lot of flight time back in late 2008. We were in a different business. We were in the hardware business at that time and the iPhone had just come out and we were checking it out. We were like wow there's really no app out there to protect users on their smartphones. So we decided to create Keeper and the rest is history.

MARTIN MCDERMOTT: So you launched a business solution for Keeper in 2013 call Keeper for Groups. Can you tell us how businesses utilize it Darren?

DARREN GUCCIONE: Yes, so we have thousands of businesses that use Keeper for Groups to basically protect and secure their passwords and private files, photos and videos. Most often it's used for password management inside a company. So for example, if we looked at a franchise like Chipotle—Chipotle is one of our customers--their IT department uses Keeper to basically secure and protect you know their most sensitive and private information in the company such as passwords or secret files or whatever you have that you need to protect from hackers and it's a beautiful application in that if I was sharing it let's say you and I are in a project team together and you Darren I need the Federal Express record and share that login credentials with me, I just going into my Keeper vault, I click share and it'll sure the FedEx record with you and when you go into your vault all the FedEx records are there and all of the login activity, the website the way you launch it is the way you login is really one-button click. It's extremely secure because everything happens within the Keeper vault.

MARTIN MCDERMOTT: Many of the business preaches over the past few years have been due to weak employee passwords. What are some tips for helping businesses create stronger passwords for employees and protecting those passwords?

DARREN GUCCIONE: Well I think the key is use the password manager you know not just pitching Keeper but straight up use the password manager because what a password manager will do is generate high strength random passwords for you and typically a high strength password is anything over 8 characters. It includes letters, numbers and symbols and it's something that you know a hacker would have an extremely difficult time figuring out and the beauty of the password manager is that you don't have to remember that password it does it for you. It auto fills in that log in you know for you so when you go to like Amazon or any website it'll automatically fill in your username and that high strength password and log you into that site so you never have to remember the password again.

MARTIN MCDERMOTT: Usernames as well right Darren? I had trouble with usernames and don’t remember them as well. They are just as difficult as the password sometimes.

DARREN GUCCIONE: So for example if you look at like you know just how I use it, I have over 300 Keeper records in my involved and I have four Amazon account. One for my wife, one for me, one for my company so when I go to fill in my login credentials into Amazon, Keeper will give me the list different usernames because with each username as a separate password. It handles multiple usernames or accounts for websites with great ease and efficiency.

MARTIN MCDERMOTT: I heard you mention in some of your interviews zero knowledge architecture. Can you talk a little bit about that Darren?

DARREN GUCCIONE: So Keeper is designed and created on a zero knowledge security platform and what that means is that we never have access to our knowledge of the master password that you use or the encryption key that is used to encrypt and decrypt your information. So all of the encryption and decryption of your password as well as your records stored in the fall always occurs locally on your device and we always make sure that that resides with the user so that they are in full control of their records so that makes us a zero knowledge platform.

MARTIN MCDERMOTT: The majority of our listeners Darren we call them aspiring entrepreneurs and many of them want to get into buying a franchise. What sort of credentials/certifications should franchisees look for when seeking a third party cyber security provider?

DARREN GUCCIONE: I think number one is you know make sure that the providers is SOC certified and that stands for statement of controls. Okay so let's back to certification. SOC is really one of the highest certifications you can have which basically says that the security provider you know safeguards confidentiality, privacy and security safeguards for their users and that's really important. Our company is SOC certified by virtue of Keeper. You know we've had two SOC audits to date. We undergo extreme, high security, protocols, audits, testing and what have you. I would look for that. I would look for certifications like trustee for the security payment platform. McAfee is great. But there are several security protocols that you know you should look out for. If anyone wants a general background they can just go to Keepersecurity.com/security and read about the different cert’s that we have.

MARTIN MCDERMOTT: Maybe we can talk a little bit about when anti-fraud services are necessary Darren.

DARREN GUCCIONE: I think they're always necessary. You know any application that receives payments or goods or services or any type of value that is created or driven on a website or even locally at a franchise if it's a brick and mortar location or if it's a website the treatment of fraud protection needs to be pervasive and consistent. So I think it's absolutely critical.

MARTIN MCDERMOTT: Many businesses have a “bring your own device policy” at work. Do you have any tips about how to keep employees sensitive work information safe on their personal smart devices?

DARREN GUCCIONE: You know the Keeper for Groups product, as well as some of the other products out there, address BYOD and that's one of the reasons why we created Keeper for Groups is because it's just common place. You know all of us as consumers typically own a smartphone and all of us as consumers work somewhere. We're all typically employed either for ourselves or for a company, and we pose a threat and a concern for companies’ IT administrators right? They're trying to figure out how to provision and protect and control devices that they don't own and that's the biggest challenge you know is how do you handle a BYOD device? I don't own the device, I know the employee has their own device, and I know that we're using it for work. How do I secure and safeguard that device? That's why companies have really embraced our product is because we make that process inexpensive and very easy to use and of course as hyper secure.

MARTIN MCDERMOTT: I've heard you mention on interviews as well Darren and you've used the term “the internet of things” and how will it affect the business landscape over the next few years in terms of cyber security.

DARREN GUCCIONE: I think that the internet of things poses the largest single threat that we've probably seen in the last decade with respect to cyber security just through the proliferation of devices and how many connected objects and devices there will be over the next five years. It's going to be in the tens of billions in terms of the devices in circulation and if the proper security protocols and protection are in place on those devices then each one of those devices is in essence like a doorway for a hacker. So the greater number of doorways, the more potential entry points for a hacker to permeate a network and that’s really the biggest problem that I see in terms of risk.

MARTIN MCDERMOTT: So you are launching a new identity verification platform Darren. It’s called Keeper DNA. How does that work with the “internet of things”?

DARREN GUCCIONE: Keeper DNA we are really excited about it. It’s coming out pretty soon and the way that it works is that we felt that the devices you already own essentially define who you are as a person and I know that sounds crazy but if you think about it if I’ve got you know for example a smart thermostat, and a smart tv, a smart watch and I authenticate against those devices or with those devices on a daily basis then I can use those devices per se to create a Keeper DNA profile of me. So when I step into my house …..