Intel Updates True Key App to Simplify Security
by Anton Shilov on March 10, 2016 12:00 PM EST
Intel Security, a wholly owned subsidiary of Intel (and previously known as McAfee) has updated its True Key password manager application to tackle one of the most notorious issues with password managers: inability to reset the forgotten master password. The new version of the app allows resetting the master password using other methods of authorization. The updated version will simplify managing of passwords and will further help Intel in its quest to “eliminate” passwords in general.
Since computing is getting increasingly mobile, security of personal devices is getting increasingly more important. As a major developer of PC platforms, Intel has created a number of sophisticated technologies that can improve security of computing devices. For example, Intel’s latest processors support AES-NI instructions that speed up encryption and decryption using the advanced encryption standard (AES). In addition, select Intel’s platforms also support TXT (trusted execution technology) and TPM (trusted platform module) cryptoprocessors for enhanced security. While strong passwords and AES 256-bit encryption can generally help to make mobile gadgets more or less secure, it is not easy to remember many strong passwords consisting of letters and numbers. Meanwhile, if you use only one password and it leaks, your security fails completely. It does not matter how sophisticated are encryption or security technologies, they get useless the moment when passwords are compromised.
To make platform security technologies less vulnerable to human factor, Intel and some other companies want to eliminate passwords and replace them with more robust methods of authentication, such as fingerprints, retina scan or facial recognition. In fact, thanks to technologies like Apple Touch ID and Microsoft Windows Biometric Framework, usage of biometric authentication mechanisms instead of passwords as well as password managers to store passwords for applications that do not support biometric authentication is increasing.
Companies like IBM/Lenovo have offered password management for years with their ThinkVantage software, a proprietary program that only worked on their PCs. By contrast, Intel Security’s True Key password management application can work on various platforms; it is compatible with a variety of apps and can use different methods of authentication, including fingerprints, face, master password, trusted device, email and so on. For example, the True Key can use Intel’s RealSense cameras to recognize a face for Windows logon as well as third-party fingerprint scanners (i.e., Apple’s Touch ID). The Intel True Key always uses at least two factors to identify a person, which generally enhances protection, AES 256-bit encryption as well as Intel identity protection technology (IPT) where available.
Since all biometric technologies are vulnerable to spoofing to some degree, True Key app allows biometric authentication only from the user’s own pre-selected trusted devices. Biometric templates for server-based facial recognition authentication (mathematical descriptions of biometric measurements) are stored on the True Key servers in encrypted form and are protected by a hardware security module (HSM). It should be noted that facial recognition is performed either completely in a server-based mode, or both on the user’s device and on the True Key servers.
Meanwhile, the master password is not stored on True Key servers or locally on any device. It is used to generate the so-called key encryption key (KEK) as well as the authentication token (AT) using a large number of rounds of PBKDF2 with HMAC-SHA512 key derivation function with random salt values. The KEK is used to encrypt users’ passwords and wallet assets. The AT is used is used as one of the factors required to authenticate the user on the True Key servers.
The multi-factor authentication and the rather sophisticated master password make it very hard for perpetrators to access the data (simply because it takes too lot of codes to crack using brute force — even if someone manages to get the master password or crack KEK and AT, they will also have to crack another method of authorization). Whenever the master password is changed, the True Key re-encrypts all data both locally and on servers. What is very important for many users is that Intel’s latest version of the True Key can reset even the master password by verifying other unique factors like owner’s face and/or fingerprint via a second device. So, even if you forget something, the application can relatively safely reset everything, which should simplify its usage for many people.
Intel’s True Key application supports Apple Mac OS X, Apple iOS, Google Android and Microsoft Windows operating systems as well as Google Chrome. Microsoft Internet Explorer and Mozilla Firefox browsers (support for Apple Safari and Microsoft Edge is coming soon). Free version of the program supports up to 15 passwords, premium version can store up to 2000 logins and passwords for $19.99 a year.
Source: Intel
Facebook
Twitter
RSS
22 Comments
View All Comments
Jalek - Saturday, March 12, 2016 - link
You could probably visit a federal office and have an agent unlock it for you with his biometrics.Don't they expect a master key for everything?
asmian - Thursday, March 10, 2016 - link
There's lots of talk of "servers" here. So are the authentication details being stored in Intel's "cloud"? From where they can handily leak them to the NSA any time they are asked... however secure the system may be against non-governmental hackers.Having such secure encryption access for Windows is farcical in any case when 10 is designed by default to mine personal info back to MS and any third parties they choose, never mind what other back doors they've built into it. There's no point putting Fort Knox's front door on a house with wide open windows (no pun intended, but... the name is rather apt now). Or Google Android, I'd imagine. Where's the Linux version for those that value a more secure operating system to partner this with?
Communism - Thursday, March 10, 2016 - link
It is illegal to bypass the NSA.That's why foreign governments have to build their own OS's (and hardware) from scratch.
If you don't have the resources of a state however, you are fucked.
Sttm - Thursday, March 10, 2016 - link
Well clearly Intel is targeting this product at the people who do not live in fear of Government surveillance, have mad conspiracy theories of Windows 10 spying on them, or illogical ideas like the OS with its entire code base open sourced being able to stand up to the NSA.That 99% of people who only need security to keep out the people they know and low level criminals targeting them with phishing schemes.
ddriver - Thursday, March 10, 2016 - link
You don't have to be a criminal to suffer from government espionage. It is applied en masse today, analyzing the general population to come up with better ways to turn people into subservient dummies ;)BrokenCrayons - Thursday, March 10, 2016 - link
People already are subservient dummies and they turn themselves into such creatures willingly without any government intervention.ddriver - Thursday, March 10, 2016 - link
No, this is not the default human state. This has been inflicted over the course of centuries, for a long time it was theism (religion), but that has been replaced by atheism/scientism which employs technology to bring things to the next level.As bad as the general population is today, it can get a whole lot worse, there is plenty of headroom and unharnessed potential for degradation.
ddriver - Thursday, March 10, 2016 - link
And actually it is not strictly only the government, most of the work is actually done by the big corporations, especially those with large user base stockpiling personal information - google, facebook, ms.Government as usual is struggling to catch up and the logical move is to request a tap into what the industry has mined so far. But whoever does it, it serves their common interests, the government is just as happy to milk silly chumps as the industry.
BrokenCrayons - Thursday, March 10, 2016 - link
This system is far too complicated due to the burden of trusted device management atop invasive biometrics. It doesn't address the underlying problem of each service provider continuing to rely on a UID and password combination or failing to secure passwords in things other than plaintext files that get stolen and leaked to the internet. So instead of making service access more secure it merely adds another layer of unnecessary pain. Thanks, but I'll pass.djc208 - Friday, March 11, 2016 - link
This is similar to Lastpass and OnePassword (though their prices are worse), except with this additional "recovery" capability which is available if you choose to set up the ability, which is not as complicated as it sounds.It does however address the issue you mentioned because the whole point of a password manager is that while you may have multiple accounts, using this service each one of those accounts can have a unique and very random password (and if you want user ID) generated by the program. You then only have to remember one password for your password account and the account software handles the rest. Should one of those plain text files get leaked only that service is compromised and you can easily just have another random password generated.
You can't control what the vendor at the other end of the service does with your passwords but you can control your passwords, these services just make it easier.