image
VendorMcAfee, LLC

True Key is a secure password manager developed by McAfee. It is straightforward to use and available as a Windows and Mac application, Chrome and Firefox extension, and a mobile app for iOS and Android.

How and where are passwords stored?

True Key uses the AES-256 encryption algorithm to protect passwords. This algorithm has never been broken and is used by governments, banks, and major tech companies to protect their data. Only the user can decrypt the data with the factors chosen during configuration.

Passwords are stored locally on the user’s device and synchronized to their profile using strong encryption.

How does it work?

When an application is run or a website is visited, True Key automatically fills in the passwords and logs in the user.

It also automatically saves credentials while the user logs in into a website.

Access to Information

The login process is simple. If using a personal device already verified as trustworthy, the user just have to enter the master password that was set. For logging in from an unknown device, the master password and a second factor of authentication are required.

True Key syncs with all the user’s devices, so access to their data is available on any device, anytime.

Privacy

McAfee states that only the user can access the information, and it does not share or sell user data. This is known as zero-knowledge architecture, meaning that only the user (and not even McAfee) can access the stored information.

Logins/Launchpad

This is the main feature where user credentials are stored.

Adding Login

The process of adding new logins is very simple and can be done based on some templates, or by clicking on New Login. When New Login is clicked, a window opens allowing the selection of how to add the new login, providing three options:

  • Import from other password managers or browsers;
  • Normally navigate to the site you want to register. Once you log in, True Key automatically records the login;
  • Add manually.
The available options to add new logins
The available options to add new logins

Users can add any login, but a set of major services are available to simplify the addition process, including LinkedIn, PayPal, Facebook, Credit Karma, Google, Dropbox, Spotify, eBay, X, Walmart, Chase, Costco, American Express, GitHub and Roblox.

The available templates to add new logins
The available templates to add new logins

Note that in my tests, the automatic addition worked well with some items (e.g., Spotify) and not with others (e.g., Twitter/X).

A disappointment is the inability to create Vaults. There is only one default Vault. If the user has many logins and wants to organize them in different Vaults, this is not possible. For me, regardless of other features, this limitation alone would be a decisive factor not to use this product.

Options for Each Record

Each item has options to:

  • Add to favorites;
  • Edit;
  • Copy the password;
  • Delete.

Password Generator

The password generator is easy to use and allows generating passwords between 8 and 30 characters, as well as selecting the type of characters it should contain, including:

  • Letters;
  • Numbers;
  • Special characters;
  • Uppercase letters.
The Password Generator window
The Password Generator window

I was expecting to be able to generate bigger passwords, as I already use passwords with more characters than True Key is able.

Show Generator in Forms

This generator can be opened from the Logins screen and supposedly should also be available when creating new accounts. However, in the Chrome extension (the option chosen for our exhaustive tests), it was not available even with the option active to automatically show the generator in forms.

History and Deletion

Generated passwords are kept in history and can be viewed. It also allows their deletion.

Login Search

This feature allows searching for logins, making the process much simpler for those with many stored credentials.

Users can also search on Bing. This search will enable finding any service where one wants to log in, but for which the credentials are not yet stored. As previously discussed, upon making that first login, the credentials will be automatically stored.

View and Sorting

It is possible to view Logins in a list or in a grid format, as well as sort them:

  • Alphabetically;
  • By the most recent;
  • By the most used.

Secure Notes

The Secure Notes feature allows adding any type of note in text format. This function can be used to store PINs, licensing codes, or, as True Key suggests, secret recipes!

I am not pleased that the secure notes are visible in the list. I think they should be hidden and only become visible when the user clicks to view them.

The Safe Notes window
The Safe Notes window

Adding Notes

In the add form, the user can add a title, the note itself, and select a color for the note.

The add Safe Note window
The add Safe Note window

Note Search

Just like in Logins, there is a note search feature that allows finding notes by title or the text of the note itself. Unlike the search in the Logins section, there is no Bing search button here.

View and Sorting

Note sorting is available:

  • Alphabetically;
  • By creation date.

I think it lacks sorting by color. That is, if the user assigns colors based on some logic, it might be useful to sort by that logic.

Additionally, the presentation is strange. Each item seems to be categorized by the date it is added, but for example, I added three items on the same day, and they are positioned vertically in a row, when they could be horizontally displayed, with the day appearing only once (it is the same day!).

Unlike the Logins screen, this section does not contain a list view.

Wallet

This section allows adding data for quick use when filling out forms.

The Wallet window
The Wallet window

Adding Items

Templates are available for:

  • Address Book
  • Bank Cards
  • Driver’s License
  • Subscriptions
  • Passport;
  • Social Security Numbers.
The available Wallet templates
The available Wallet templates

Each template has its own fields and allows the same color categorization as the Notes.

Search

There is also a search feature that allows searching for any type of item, making it easier to locate items when there are many.

View and Sorting

This section does not offer view or sorting options. Perhaps it’s not critical, but I was expecting more consistency in navigation, i.e., more similarity between the three sections of Logins, Safe Notes, and Wallet. However, it seems that each section functions differently regarding view and sorting.

Profile

The profile is extremely simple and only shows the number of logins added relative to the maximum of the Freemium version, which is 15, as well as the configured factors.

A second factor of authentication is essential in protecting online accounts. It helps ensure that if the password, or in this case, the Master Password is compromised (i.e., somehow discovered by someone), the wrongdoers cannot successfully access the account, as access depends on a second factor. This second factor is typically a unique code generated in an app installed on the user’s smartphone, a request for authorization that appears in a smartphone notification, or a physical security key.

The factors available in True Key are:

Master Password

Active by default, it is the password to access the Vault. It is essential for decrypting information.

Trusted Email

It is the email address with which the user registered and becomes active once the user clicks a button in an email sent to this registration address.
However, when trying to activate this factor, I had some difficulties as it took a while to become active. In the end, I gave up and only later during the tests realized that it had become active.
Notifications are received at this address when, for example, logging in from a new device.

Trusted Device

These are the devices on which the user has already logged in. Being Trusted allows logging in with just the Master Password, simplifying the process. If the login is done on a device that is not Trusted, a second authentication factor is required, and a notification is sent to the Trusted Email.

2nd Device

By setting up a second device such as a smartphone, you can receive a notification with an authorization request whenever you log in from a new device. Only after approval is the login granted.

It is strange to me not to see as a second factor the options mentioned above, especially the possibility of setting up a security key. As someone with experience and training in cybersecurity, this would also be a deal-breaker for me if I were considering using True Key as a password manager.

Settings

The options are organized in Profile Preferences, App Settings, and Import.

Profile Preferences

Time for Automatic Sign out
In this section, we have an interesting option which is the selection of the period after which we want the automatic sign out to occur. The options available are:

  • 15 minutes
  • 30 minutes
  • 1 hour
  • 2 hours
  • 1 day
  • 7 days

This option is quite interesting because it ensures that if the user is using a shared computer and forgets to sign out, it will automatically occur after the selected time.

The Chrome extension also has an option to sign out whenever Chrome is closed, regardless of the configured time period.

Security Level

There is also an option for indicating the security level the user wants when signing in. The Basic level requires two authentication factors to access the account. The Advanced level, which allows selecting more factors, is only available in the Premium version.

Authentication Factors

It is also possible to select which factors we want to use when signing in, as well as indicate whether it is possible to reset the Master Password in the event we forget it.

App Settings

Language

Selection of the language in which we want the interface to be displayed.

Save Logins question reset

When we log in and True Key asks if we want to save the password and we say no, it stops asking for that site.

This button allows resetting and asking again for all sites.

I’m not sure when this question arises, as I couldn’t replicate it.

Instant Log In

An interesting feature of True Key is that it allows entering accounts without needing to click the Login button. That is, it fills the login form with the username/email and password and clicks the login for you. This option allows turning this feature on or off. If it is off, the user has to click manually.

Export

The data export feature should be used with some caution, as the data is exported in CSV format, meaning that all passwords, notes, and wallet information will be in plain text. This means that if someone accesses that file, these sensitive data will be exposed, and accounts could be compromised. Use with caution.

Anyway, it is another indispensable feature in any password manager, allowing the migration of data if the user wants to change solutions.

It would depend on other systems too, but it would be interesting to have an integration with other password managers, to securely export the user’s data with encryption in transit.

Import

It’s a bit strange that due to their similarity, the Import and Export functions are not together. Although both are in Settings, Export is within the App Settings section, and Import is a section by itself.

Anyway, this is the feature that allows doing precisely the opposite, i.e., those who want to switch from another solution to True Key can import their data here.

Regarding other password managers, the user can import from:

  • LastPass;
  • Dashlane;
  • True Key (another account).

If the user wants to migrate their credentials from a Browser, they can do so from:

  • Microsoft Edge;
  • Google Chrome;
  • Other Browsers, via CSV. Again, I caution about the necessary care if this option is used, as these files are not secure from a privacy standpoint, i.e., in this specific use, they allow anyone with access to them to view your credentials in plain text.

What caught my attention negatively about this feature is the limitation of other password managers from which we can import data.

Platforms and Browsers

True Key is available for Windows, Mac, iOS, and Android, as well as for the Chrome, Firefox, and Edge browsers.

In the case of mobile applications, additional permissions are required to activate Instant Login so that True Key can overlay other applications.

Plans and Pricing

True Key is available in a Freemium version with some limitations, the biggest being the limit of 15 credentials. Apparently, the Premium version used to be available as a standalone product, but it is no longer, and its use is only possible when purchasing McAfee Bundles.

Final Notes

Overall, True Key is a simple-to-use password manager. However, when compared to other password managers like 1Password or LastPass, it ends up being a less comprehensive and robust tool.

I don’t see any situation in which a user of more well-known password managers would switch to True Key, simply because they would lose many interesting features like the ability to create multiple Vaults, secure credential sharing, a security status monitor for credentials indicating whether the stored passwords are secure or should be more complex, Dark Web monitoring to know if their accounts have been exposed, etc.

I think it’s a solution that has potential to be developed and stand out one day, but given its current state, my recommendation goes to other password managers.

This review was conducted with the Chrome extension version 4.3.1.9339 and the Android app version 5.3.0.0.

image