Intel Updates True Key App to Simplify Security

Intel Security, a wholly owned subsidiary of Intel (and previously known as McAfee) has updated its True Key password manager application to tackle one of the most notorious issues with password managers: inability to reset the forgotten master password. The new version of the app allows resetting the master password using other methods of authorization. The updated version will simplify managing of passwords and will further help Intel in its quest to “eliminate” passwords in general.

Since computing is getting increasingly mobile, security of personal devices is getting increasingly more important. As a major developer of PC platforms, Intel has created a number of sophisticated technologies that can improve security of computing devices. For example, Intel’s latest processors support AES-NI instructions that speed up encryption and decryption using the advanced encryption standard (AES). In addition, select Intel’s platforms also support TXT (trusted execution technology) and TPM (trusted platform module) cryptoprocessors for enhanced security. While strong passwords and AES 256-bit encryption can generally help to make mobile gadgets more or less secure, it is not easy to remember many strong passwords consisting of letters and numbers. Meanwhile, if you use only one password and it leaks, your security fails completely. It does not matter how sophisticated are encryption or security technologies, they get useless the moment when passwords are compromised.

To make platform security technologies less vulnerable to human factor, Intel and some other companies want to eliminate passwords and replace them with more robust methods of authentication, such as fingerprints, retina scan or facial recognition. In fact, thanks to technologies like Apple Touch ID and Microsoft Windows Biometric Framework, usage of biometric authentication mechanisms instead of passwords as well as password managers to store passwords for applications that do not support biometric authentication is increasing.

Companies like IBM/Lenovo have offered password management for years with their ThinkVantage software, a proprietary program that only worked on their PCs. By contrast, Intel Security’s True Key password management application can work on various platforms; it is compatible with a variety of apps and can use different methods of authentication, including fingerprints, face, master password, trusted device, email and so on. For example, the True Key can use Intel’s RealSense cameras to recognize a face for Windows logon as well as third-party fingerprint scanners (i.e., Apple’s Touch ID). The Intel True Key always uses at least two factors to identify a person, which generally enhances protection, AES 256-bit encryption as well as Intel identity protection technology (IPT) where available.

Since all biometric technologies are vulnerable to spoofing to some degree, True Key app allows biometric authentication only from the user’s own pre-selected trusted devices. Biometric templates for server-based facial recognition authentication (mathematical descriptions of biometric measurements) are stored on the True Key servers in encrypted form and are protected by a hardware security module (HSM). It should be noted that facial recognition is performed either completely in a server-based mode, or both on the user’s device and on the True Key servers.

Meanwhile, the master password is not stored on True Key servers or locally on any device. It is used to generate the so-called key encryption key (KEK) as well as the authentication token (AT) using a large number of rounds of PBKDF2 with HMAC-SHA512 key derivation function with random salt values. The KEK is used to encrypt users’ passwords and wallet assets. The AT is used is used as one of the factors required to authenticate the user on the True Key servers.

The multi-factor authentication and the rather sophisticated master password make it very hard for perpetrators to access the data (simply because it takes too lot of codes to crack using brute force — even if someone manages to get the master password or crack KEK and AT, they will also have to crack another method of authorization). Whenever the master password is changed, the True Key re-encrypts all data both locally and on servers. What is very important for many users is that Intel’s latest version of the True Key can reset even the master password by verifying other unique factors like owner’s face and/or fingerprint via a second device. So, even if you forget something, the application can relatively safely reset everything, which should simplify its usage for many people.

Intel’s True Key application supports Apple Mac OS X, Apple iOS, Google Android and Microsoft Windows operating systems as well as Google Chrome. Microsoft Internet Explorer and Mozilla Firefox browsers (support for Apple Safari and Microsoft Edge is coming soon). Free version of the program supports up to 15 passwords, premium version can store up to 2000 logins and passwords for $19.99 a year.