Why does Keeper ask for a Security Question if you are Zero Knowledge?
Keeper's Security Question is used for our 'Account Recovery' feature. Keeper is a zero-knowledge platform, and we do not have access to your master password.
During account signup, you are asked to select a Security Question and Answer. Also during signup, Keeper generates a 'data key' which is used to encrypt and decrypt the 'record keys' stored with each of your vault records. Your 'data key' is encrypted with your master password, and each record key is encrypted with the 'data key'. Each record has a unique 'record key'.
The way account recovery works is by storing a second copy of your data key that is encrypted with your Security Question and Answer. To complete a vault recovery, you are required to enter an email verification code, and also your Two-Factor Authentication code (if enabled on your account). We recommend creating a strong security question and answer, as well as turning on Keeper's Two-Factor Authentication feature from the 'Settings' screen.