True Key is a password manager from antivirus giant McAfee. Although impressive for its price and usability, it doesn’t hold up when compared to other best password managers. Its limited feature set and strange pricing model set it back more than a few steps. That said, it’s worth a shot as part of an antivirus package.
In this McAfee True Key review, we’re going to detail our experience after taking the tool out for a spin. From signing up for an account to enabling multi-factor authentication (MFA), we’ll cover every aspect of True Key so you can find out if it’s the right password manager for you.
For most people, there will be better options. Although it’s a competent password manager tool, the lackluster feature set isn’t great, even considering the price. That said, bundled in with an antivirus, it’s better than storing passwords in your browser.
Strengths & Weaknesses
- Free plan available
- Bundled with antivirus
- Excellent MFA options
- Easy to use
- No options for multiple users
- Lacking features
Alternatives for McAfee True Key
True Key, like many antivirus-bundled password managers, is light on features. Although it’s more robust than NordPass, it is still lacking in multiple areas. In particular, password sharing is out of the question, as is space for multiple users. True Key is a simple password manager, which is great for usability, though bad for features.
Before getting into what’s not included, let’s talk about what you can store. Your vault is broken up into three sections: “logins,” “safe notes” and “wallet.” The first two explain themselves, and although the third seems to, as well, there’s a lot more going on there.
In addition to credit cards, your wallet can store your social security number, driver’s license, password, address and any memberships you may have. Each of these entries serves as a “card,” which you can color-code and add notes to for better organization. The digital wallet is True Key’s greatest asset.
What You Don’t Get
It’s disappointing that there are more talking points about what’s not included rather than what is. Things like Dashlane’s password changer or Zoho Vault’s user management features are out of the question. However, True Key brushes past even the basics. Most notably, there isn’t any password sharing.
Although sharing can pose security issues, it’s a necessary feature for any modern password manager. McAfee could get around the problem by offering a plan geared toward multiple users, but it doesn’t. If you’re looking to secure a small business or family, you’re better off with something like 1Password (read our Dashlane vs. 1Password comparison).
Furthermore, True Key doesn’t offer breach notifications or any sort of security analysis. When adding a new password, you’re given a very generous password-strength rating. Otherwise, though, you can’t see any reused, weak or vulnerable passwords like you can with other tools.
What redeems it from these omissions is its multi-factor authentication for your True Key login. The extension offers a lot of options for locking down your account from brute force attacks, which you can read more about in the “security” section below.
McAfee True Key Features Overview
|Backup and recovery|
True Key is an inexpensive password manager, offering unlimited storage and multi-device sync for only $20 per year. There’s a free plan available, too, though it’s barely worth a download considering how limited it is. That said, True Key looks most impressive as part of a full antivirus package, rather than on its own.
The subscription price is fine, with True Key clocking in slightly less than RoboForm (read our RoboForm review). You’re billed $19.99 annually for up to 10,000 entries, which is a decent rate. However, given how sparse the features are, you can get a lot more functionality with other password managers for a little more coin.
Even with how inexpensive the tool is, the price isn’t worth it alone, especially with Kaspersky Password Manager costing $5 less.
However, bundled in with an antivirus package, True Key is more impressive. You can get an individual cybersecurity package, which includes the password manager, safe web browsing, a file shredder, encrypted storage and the antivirus for only $15 more than a regular True Key subscription.
Granted, the antivirus isn’t among the best, as you can read in our McAfee Total Protection review, but from a numbers standpoint, the price shakes out in favor of the antivirus. That’s only if you’re looking for an antivirus, though. As a password manager in isolation, there are better options than True Key for not much more.
Breaking Down True Key Free
It’s clear McAfee wants you to use True Key Free, as you can’t actually buy a subscription on the True Key website. Instead, you have to download the free version no matter what. Despite this attention, True Key Free still falls short of our best free password manager, LastPass (read our LastPass review).
In terms of functionality, Free is the same as Premium. However, you’re limited to 15 entries, which is embarrassing. Calling it a “free password manager” is a slap in the face to actually free options, such as Dashlane. At only 15 passwords, True Key Free is a trial, not a service provided out of good will. Read our Dashlane vs. LastPass piece to see how the two compare.
As mentioned, McAfee directs you toward downloading True Key Free. The website is a single-page design, going over features — what little there are — pricing and platform support. It’s immediately apparent how to get set up, with a large “download” button displayed front and center on the site.
It’s important to note that you must have a supported browser. Because True Key is an extension-exclusive experience, there isn’t a local app for Windows or macOS. Testing on Opera, we were redirected to download Chrome, Firefox or Microsoft Edge, which is strange, considering that Opera is a Chromium-based browser.
Once installed, you’ll create a True Key profile. You’ll need your email address, full name (for some reason) and master password, which you’ll have to confirm. After that, you’ll be prompted to add your first login and then take a brief tour of the browser UI. From a usability standpoint, everything is top-notch.
In practice, though, there’s one big issue. You aren’t prompted to import your passwords when you first sign up. The fact that the extension skips import is all the more confusing, considering it can find logins stored in other password managers and in most major browsers.
Extending Your Browser
True Key is a browser-based experience like LastPass. From a usability standpoint, everything is excellent. McAfee is quick to show a tooltip for any new functionality, and it automatically captures your logins as you browse new sites. When you open True Key, you can see your passwords in a tile-like fashion with a few quick-launch icons for commonly visited sites.
You can also organize your passwords in a list format, starring the ones that are your favorites and ordering them alphabetically or based on the entries most recently used. Everything is great when there are only a handful of entries. However, once you start piling on logins, things quickly go bad because True Key doesn’t offer any folder organization.
There’s another large issue when it comes to the browser extension. When you click on it, the browser UI opens, instead of a small extension popout. If you’re creating a new account, you can’t generate a password quickly. Instead, you have to open the browser UI in a new tab and navigate to the password generator.
Otherwise, the extension serves its purpose for autofill. True Key is easy to use throughout. However, there are a few mishaps that keep it from being among the best. In future versions, we’d like to see a prompt to import passwords when you first sign up, as well as a popout version of the extension.
There’s little information about True Key, in general, so it comes at little surprise that there isn’t much talk about security. From what we know, it has a similar structure to other password managers. Data is encrypted locally, your vault is secured with AES-256 and everything is wrapped up by your master password.
It’s also important to take into account that True Key is based in your browser. Although encryption happens “locally,” you’re actively online while the process finishes. We don’t have a technical whitepaper or access to True Key’s code to see if that poses any issues, though it won’t be shocking if it did.
You can read our description of encryption for why AES-256 is great, as well as our guide to zero-knowledge encryption to see why McAfee shouldn’t be able to see your passwords. Tried as the model is, it seems to work. The most interesting aspect of True Key, though, is its multi-factor authentication.
True Key’s Multi-Factor Authentication
Everything is based around having at least two factors to verify your identity. You can choose either “basic” or “advanced” security, the former using solely your master password and the latter using at least two authentication routes. You can add even more factors if you want, say, one of the best 2FA apps and an email code.
Because of the focus on multiple factors, True Key offers password reset so long as you have a second factor enabled. In short, you’re authenticated based on your second factor, which allows you to reset your master password and transfer your vault contents. Although great in theory, this could pose some issues in practice.
The setting is enabled by default, so if someone accessed your second factor, they could reset your master password. Thankfully, you can turn this “feature” off, which we recommend. You should be using randomly generated, strong passwords on your multi-factor devices, anyway, so it’s not too much of an ask to remember a master password.
McAfee has an established line of products, so there’s already a support system in place. However, you’ll need to climb over all of the resources dedicated to its mainline services to find answers directed at True Key. Although that can make self-help a little cumbersome, there are a lot of contact options.
Starting there, you can reach out to the support team around the clock over live chat or phone, waiting around two minutes for the former and 10 minutes for the latter, based on provided estimates. Testing these routes, we found the estimate for live chat a bit conversative and the one for phone a bit liberal, though only by a small margin.
You’ll have to jump through a tree of questions to see those contact options, though, which is similar to finding self-help. Out of McAfee’s dense knowledgebase, there are 33 entries dedicated to True Key. Most of the articles are dedicated to general clarifications about the service, though there are a handful of troubleshooting guides.
The problem, as it usually is with these bundled password managers, is finding relevant articles. Stepping over McAfee’s other products is annoying enough, but with how slow the support site loads, the process is made longer than it should be. Answers are there, should you need them, but in most cases, navigating the knowledgebase is more of a hassle than it’s worth.
True Key is easy to use and cheap, but those are just about its only good qualities. As a bundled password manager, it’s better than storing logins in your browser.
However, if you’re looking for a fully featured tool, there are other options that offer a lot more features. Even Kaspersky has a cheaper password manager, though it’s still as bare when it comes to functionality.
What do you think of True Key? Are you going to give the free plan a shot? Let us know in the comments below and, as always, thanks for reading.
McAfee True Key FAQ
- McAfee True Key is a password manager that offers unlimited password, credit card, note and address storage for Chrome, Firefox, Safari and Microsoft Edge. You can buy it on its own, but it’s also included in McAfee’s antivirus packages.
- True Key encrypts your passwords with AES-256 based on a master password. This master password is never seen nor stored, making the security model secure. However, since authentication happens in your browser, there could be some vulnerabilities.
- Yes. To uninstall McAFee True Key, all you need to do is right-click the extension in Chrome (or your browser of choice) and click “remove extension.”