You say you’ve got put in a password supervisor and changed all of your lame and duplicate passwords with sturdy ones that no one may guess? Congratulations! Now you should take into consideration what protects that treasure trove of saved logins. A lone grasp password will not be sufficient. For actual safety, you want extra authentication elements. True Key locations extra emphasis on multi-factor authentication than any competitor, and it really works throughout Home windows, macOS, Android, and iOS. Be aware that that is now a McAfee product; the “by Intel Safety” branding is slated to be eliminated.
You’ll be able to set up True Key and use it for gratis—for those who need not retailer greater than 15 passwords. When you hit that restrict, you have to pay $19.99 per 12 months, which is not dangerous. Sticky Password Premium prices $29.99 per 12 months; Dashlane and LogMeOnce go for $39.99 per 12 months. Even LastPass has lately gone as much as $24 per 12 months.
Anyone can go to the True Key web site, obtain the product, and begin utilizing it instantly. As a part of the setup course of, you create a grasp password of at the very least eight characters. Usually I might advocate one thing longer, however as you will see, the grasp password is only one means that True Key protects your secret information. You are inspired, however not compelled, to both use all 4 character varieties (uppercase letters, lowercase letters, digits, and symbols) or create a prolonged passphrase, with areas permitted.
On Home windows or macOS, True Key installs as a browser extension for Chrome, Firefox, and Microsoft Edge. There is not any longer a separate True Key app on these desktop platforms. I’m considerably shocked that there is not any assist for Web Explorer on Home windows or Safari on Mac.
True Key installs as an app on iOS, with its personal inside browser. Like LastPass, Dashlane, Development Micro Password Supervisor, and others, it may fill passwords for Safari, Chrome, and supporting purposes utilizing an extension accessed by the share field icon.
On Android, True Key additionally installs as an app with an inside browser. It straight helps Chrome, Opera, and a number of other different Android browsers. When you open Accessibility Companies and allow True Key’s instantaneous login, it may additionally log in to most Android apps.
True Key works onerous to ease you into password administration. It begins by displaying a listing of over two dozen common web sites and inspiring you so as to add one as a login. Once you click on an merchandise, it opens that web page within the browser, explaining that every one you want do is log in as ordinary. It additionally walks you thru the method of clicking a saved merchandise to mechanically revisit the positioning and log in.
As soon as you’ve got used the product a bit, it suggests that you just add one other authentication issue. On the Nexus 9 that I used for testing, it recommended including face authentication. Later, once I turned on face authentication on an iPhone, it used the present face information from the Android gadget. Good! Extending face recognition to the Mac required obtain of a helper program, however after that it labored wonderful.
Fundamental Password Administration
True Key does all the essential password administration duties you’d anticipate. It captures your credentials if you log in to safe websites, performs them again for those who revisit such websites, and allows you to go to and log in to a website with one click on. For those who’re creating a brand new account, it notices, and affords to generate (and save) a safe password. By default, it creates 16-character passwords utilizing all character varieties. That is higher than many competing merchandise. Kaspersky Password Supervisorand Development Micro default to eight characters, for instance. On the harder finish, Password Boss and KeePass default to 20-character passwords.
This utility would not simply assume that each login was a hit. If its algorithm calculates that the login labored, it saves the credentials and notifies you, together with an choice to by no means save this website, or to skip saving it this time. But when it is unsure, it as an alternative asks you whether or not to avoid wasting credentials. It is a delicate contact, and a pleasant one.
Most safe web sites observe the identical requirements for the login web page, which makes the job of a password supervisor simpler. Some, although, go wildly off-standard. LastPass four.zero Premium and Sticky Password deal with bizarre logins by letting you enter all the information after which seize each discipline on the web page. LogMeOnce works from a catalog of over four,00zero identified web sites.
True Key handles oddball logins in its personal means. If it may’t correctly seize login credentials, it sends a report back to its masters for evaluation. They purpose to replace True Key to deal with that website (each for you and for all different customers) inside 24 hours. Nevertheless, I did not see this occur in my testing. On a Thursday morning, I discovered two common websites that True Key didn’t seize. Monday morning, it nonetheless could not seize them.
You too can import passwords saved insecurely in your browsers. For those who select to take action, True Key clears them from the browser and turns off the browser’s password seize facility. There’s additionally an choice to import from LastPass, Dashlane, or (oddly) the ThinkVantage Toolbox preinstalled on some Lenovo computer systems.
There aren’t quite a lot of settings to fret about, however there’s one each consumer ought to replace. Like Zoho Vault, RoboForm eight All over the place, and most different password managers, True Key logs you out after a interval of inactivity. However in contrast to most others, the default for this era is a full week! I strongly advocate setting it to not more than 30 minutes. It is a per-device setting, not international to your account, which is sensible—you may want a unique timeout in your smartphone than in your desktop laptop.
It can save you any variety of free-form color-coded safe notes. There’s additionally a Pockets characteristic that allows you to save handle, bank card, driver’s license, membership, passport, and social safety quantity information, with acceptable information fields for every kind. For bank cards, True Key permits you to import particulars by snapping a photograph. You’ll be able to create as many private information information as you need, and color-code them. Nevertheless, you may’t use them to fill in Internet types the best way you may with LastPass, Password Boss Premium, and most for-pay password managers.
True Key sticks to the fundamentals. It would not have the actionable password energy report or automated password altering capacity you discover in LastPass, Dashlane, and LogMeOnce Password Management Suite Ultimate. At the time of my previous review, the company told me that this feature was planned for the next edition, but it still hasn’t happened. You can’t categorize, group, or tag your saved logins. There’s no secure sharing of passwords, or password inheritance, either. But what it does do, True Key does well.
True Key’s real strength lies in its ability to use multiple factors for authentication. Right from the start, it requires both the master password and a trusted device. Any attempt to log in from a device that’s not yet trusted requires additional authentication. For example, when I installed it on an Apple iPhone 7, it sent a verification email that I had to click. When I went on to install on an Android device, it asked me to verify by swiping a notification on the now-trusted iPhone.
You can add other factors in settings. Your trusted email account is automatically available for verification. If you wish, you can enhance facial recognition so it requires you to turn your head from side to side. That’s so that nobody can log in using a photo of your face. And you can require authentication using a second device, typically a mobile device. The second device receives a request for authentication, and you simply respond by swiping, much like the Keeper DNA feature in Keeper Password Manager & Digital Vault.
At the default Basic security level, you choose from a subset of these possibilities. You can’t deselect Trusted Device; that’s a given. To that, you add either master password, face-based authentication, or fingerprint verification. Which of these are available depends on your device. If you raise the security level to Advanced, desktop installations add the option to authenticate using a second device. At this level, you must choose exactly two factors besides the trusted device. On the iPhone, for example, it offered three choices: Face & Master Password, Master Password & Touch ID, and Face & Touch ID. The Mac edition still exhibited slightly confusing behavior. If you select three additional factors instead of two, it disables the Activate button without explicitly saying why.
The security level and authentication choices are specific to the device you’re using. If you want to always use Advanced authentication, remember to change that setting on each new device.
If you’ve gone out without your second device, or if it’s too dark for face recognition, never fear. You can choose to use a different factor, such as email verification. As noted, on iOS devices, you can use Touch ID as a factor. Fingerprint verification is available for certain Android devices, but only those whose fingerprint readers meet Intel’s criteria for accuracy.
True Key can use a PC-installed fingerprint reader for authentication. It also supports Intel’s RealSense camera technology, and can protect its data using Intel’s SGX (Software Guard Extensions) on CPUs that support it. Having been part of Intel has clearly paid off for True Key.
When you use the Edge extension, you get another option for authentication, Windows Hello. This is the same feature that lets you log into your Windows account using face recognition, fingerprint authentication, or a PIN on a trusted device. Which of these are available depends on the capabilities of your PC. I have several Windows 10 computers, but only one has a camera, and the camera isn’t up to Windows Hello standards.
True Key doesn’t attempt to pull in every authentication factor in the world. Dashlane, LastPass, and Keeper support Google Authenticator. Keeper, LogMeOnce, and Zoho Vault can send a one-time password via SMS. LastPass, LogMeOnce, and Sticky Password can modify a USB drive so it serves as an authentication factor. But really, True Key’s choices for multi-factor authentication work well together.
Kill the Password!
LogMeOnce lets you create your account without ever defining a master password, using a variety of other factors instead. With oneID, you can’t create a master password even if you want to; it relies strictly on authentication using a trusted device.
True Key initially requires a master password, but you can go password-free quite easily. At the Basic security level, you can choose to authenticate using your face, not a master password. If you wisely choose Advanced, you can authenticate with multiple factors.
Password managers that do rely on a master password usually offer a warning that if you forget that password, they can’t help you. (That also means they can’t be compelled to unlock your account for the NSA, which is a plus.) McAfee can’t unlock your account, or tell you the master password you forgot, but if you’ve defined enough other factors, True Key lets you authenticate with those and thereby reset the master.
I tried the reset feature on the Android device. It required advanced face authentication, meaning I had to move my head from side to side. And it sent an authentication request to my iPhone. With that double authentication, it let me reset the master password.
If someone else tries to reset the master password, you get an email alert, with an option to lock password recovery for a day. Three failed tries triggers that lock automatically.
You’re not likely to lose a desktop computer, but it’s awfully easy to misplace a mobile device. If someone else gets hold of your device, the multi-factor authentication system should prevent them from accessing it. To make it even tougher for a thief, you can remotely remove the device from the trusted list.
Every successful modern password manager syncs passwords across all your devices. True Key goes a step further, involving those devices and your biometric data in the authentication process. It’s easy to set up, easy to use, and attractive. If only it also had the advanced features that grace its competitors, it would be even better.
LogMeOnce Password Management Suite Ultimate also offers many different authentication factors, but just two at a time. It’s even more feature-packed than long-time favorite LastPass Premium. With Dashlane, you get all your password management needs in a slick package that’s as attractive as True Key’s. And Sticky Password Premium combines advanced password management features with an extra-secure local-only syncing option. These four are our Editors’ Choice commercial password manager. But if your main concern is multi-factor authentication, True Key has them all beat.
If this review has piqued your interest in multi-factor authentication, you can read more about it in our feature, Two-Factor Authentication: Who Has It and How to Set it Up.