Monday, November 19, 2018

RoboForm vs Keeper vs KeyReel

Before we invented KeyReel, we certainly used our share of password apps, but couldn’t find the right combination of features, security, and ease of use. So what does KeyReel offer users that differentiate it from RoboForm and Keeper?


RoboForm is a cloud-based form filler and password manager that supports multiple platforms and browsers. Users can save passwords, financial and other personal data to automatically fill forms online.

Due to its cloud server, RoboForm can sync data across devices. It also provides offline access to data, and its desktop version offers a local storage option. Users can share files or folders securely and log into local desktop applications automatically, too.

Why Isn’t It Enough?

RoboForm is simple and easy to use, without an overload of features, and some useful extras, too. However, as we’ve mentioned in previous posts, we were looking for a solution that would allow us to avoid storing passwords on the cloud. Cloud storage can be secure but has inherent vulnerabilities because it is accessed via a network connection. But we still wanted to be able to log in as conveniently as cloud-based password apps allow.

Users tend to think of the ability to sync between devices as a convenience, but it can actually be a weakness. The more devices you have on one account, the less control you have over the data on all those devices. Think about changing the data on a phone and having it sync to a desktop and laptop, not realizing the laptop has been compromised--and now all your latest passwords are available to a hacker.

Overall, although Roboform is convenient for password auto-fill, it’s mainly a form-filler designed to save time, not a password manager designed to make logins transparent and secure.


Keeper supports multiple platforms and browsers. Its cloud-based vault allows for many convenient features such as the ability to sync between devices and instant autofill. Besides that, users can save several types of files other than login data, send and receive files or message each other securely.

Users can log in using biometric verification (fingerprint) and dual-factor authentication to a smartwatch or other device.

As for localization, Keeper is integrated with hardware-based security devices like Yubikey. It also has several servers located in North America and Europe, so users can limit use and access to their accounts within the geographical area of a particular server.

Why Isn’t It Enough?

We appreciated the extra security measures that Keeper offers, but many of them stem from the vulnerabilities of the cloud. Large cloud servers are the targets of choice for hackers, who stand to gain information from millions of users. If there were a way to enjoy convenient features like these locally, we’d take it!


When we decided to solve the problems we noted in password managers like these, we knew the solution was likely simple. We wanted an experience that would provide the local security of a hardware-based security device--without having to locate it and plug it in every time we needed to browse the web. We also knew that the security of any login experience needed to be smooth in order to be worth using.

We discussed the concept of “keyless auto entry,” and kept it within sight as we tried several methods of transferring information securely to the web without using a network. Bluetooth was the best option because it could be securely linked to another intelligent device: the smartphone, which could act as the encrypted password vault, second-device authentication factor, and secure link to the computer. No need to pay $50 for Yubikey, and it works in an instant so that the login is barely registered before it’s completed.

Today, KeyReel isn’t only for storing, auto-filling, and generating strong passwords. It can also store notes in any set of credentials, and securely copy and paste passwords from your iPhone’s password vault into your application. It also offers two-factor authentication you can verify with a PIN or TouchID. But that’s just the beginning.

KeyReel is coming to Android soon and will continue its development into the ultimate login assistant for users everywhere who love the web but hate the hassle of logging in. Going premium soon, but for now, it’s still free! Try it! If you have a password manager and you’re curious, you can import your password data to your KeyReel account automatically.

Monday, November 12, 2018

Dashlane vs True Key vs KeyReel

This is the second in our series examining why we decided to build KeyReel even though there are so many popular password apps out there already. This time, let’s see how KeyReel stacks up to Dashlane and True Key.


Dashlane is a cloud-based password app that allows users to sync account data across multiple devices on all major platforms. It also has a few unique features that set it apart from other popular password managers.

Users can change the passwords for all their accounts at once, which is useful when hacking is suspected. It can also find forgotten online accounts, which is helpful for “cleaning up” accounts so users don’t have sensitive information on sites they no longer use.

It is touted to be easy to use on all platforms, and better at web parsing than most other popular password apps. Credit-monitoring, identity-theft services, and insurance, and dark-web monitoring are a few of its Premium and Premium Plus-level features.

All these features make Dashlane a hefty app that comes with an online account--in other words. it’s one more thing - actually, several more things, if you get the extra services--to check.

The feature set also makes it nearly twice as expensive as most of its competition. Its free version is limited to 50 accounts per user, making the choice between Dashlane’s hefty feature set you appreciate but probably won’t use and a cheaper option like LastPass or 1Password clear.

Why wasn’t it enough?

We wanted everyone to have access to convenient, high security logins that had all the features we and our users wanted most. That meant it couldn’t be too expensive for most users to consider downloading on the spot.

Although the features Dashlane offers are useful, Dashlane does not solve the problem with giving a third party control over our data storage on the cloud. Large cloud servers are highly conspicuous targets for hackers. As software engineers and cybersecurity experts, we preferred to keep our passwords not only encrypted but out of reach.

True Key

True Key is a free browser extension for Firefox or Chrome. It logs users in using biometrics as well as a master password. True Key logs users in with a fingerprint, retina scan, or--in the case of Windows--facial recognition. It also has a password generator.

It automatically fills in the login data of every account accessed while the user is signed in to True Key. Passwords are stored encrypted, locally on a user’s device. It uses the cloud to allow account info to sync across devices, which True Key can recognize as the user’s.

With a True Key account, users can manage websites and financial information as well as passwords. Its free version has a 15-account limit, but it’s a good starter password manager in terms of simplicity and ease of use. It also has a password generator.

Why wasn’t it enough?

True Key has no native app for MacOS or support for the extension on Safari, which makes it inconvenient for Mac users. But the main issue that caused us to keep shopping is security related.

Although considered the future of security, biometric authentication is actually less secure than password authentication. Fingerprints, retinas, and faces--these are your passwords in plain sight. No matter how unique, once revealed, they can be copied.

Fingerprints can be transferred and printed, retinas can be hacked, and photographs or advanced 3D-models can be used without the knowledge or consent of the user. On top of that, none of these can be changed once compromised.


We built KeyReel to allow everyone to eliminate the ever-present danger of exchanging sensitive data over the internet. By making the iPhone the authentication key that stores passwords encrypted locally, KeyReel ensures your data cannot be accessed by any network and requires a special local connection to be accessed by your computer.

We believe passwords are the best way to keep accounts safe to date. However, KeyReel allows TouchID as a second authentication factor for certain sensitive sites (such as banking, medical, and other personal accounts).

This is because the first factor is a locally transferred request from one recognized user device to another. In order to unlock the account, the user must be in possession of both devices to verify using TouchID. But if you prefer, you can use a PIN code as your second authentication factor for specific sites instead.

However, transferring sensitive data locally can be done using KeyReel’s clipboard sharing feature. Use it to copy passwords and other data from your phone and transfer it directly into a desktop application’s login screen.

Above all, KeyReel’s focus is on the smoothness of the login experience. We want to make sure our feature set never gets in the way of our goal to make KeyReel the ultimate login experience, not another thing to “check.”

We’re going to be launching its premium version soon, so try KeyReel now! You can even import your passwords from Dashlane or True Key to make it easier to get started. Remember, all your data stays on your device, and syncs only locally. Ready?

Download KeyReel Now!

Sunday, November 4, 2018

LastPass vs 1Password vs KeyReel

The most popular paid password managers out there have strengths that make them the first choice of millions of users. So why did we build KeyReel? Well, let’s see how KeyReel stacks up compared to LastPass and 1Password.


LastPass is one of the most popular password apps because it’s among the least expensive and it’s simple to use. It’s built on a cloud server that stores all your passwords and allows you to access them from any device on any platform.

You only need one password to log in to the vault that will instantly fill in the login details for any account stored in it, so it’s easy to make one that’s long and strong. The paid version allows you to require a second authentication factor.

Why isn’t it enough?

When you need to log in, it may be convenient to only need to remember one password, but it’s also a hassle to use it every time. Users will check the “keep me signed in” box on accounts they use frequently just to avoid having to enter any password at all. This is a dangerous habit that literally leaves accounts open to hackers 24/7, even while the computer isn’t in use by the user. LastPass doesn’t solve it by replacing many passwords with one. This makes it virtually as insecure as storing your password in the browser itself--and the password managers in most popular browsers are not known for best security.

LastPass stores all user information on its own cloud server. It makes a favorite target of hackers: a gold mine full of the sensitive account information of so many users. In 2015, LastPass’s server actually succumbed to a raid.

We wanted to log in automatically and keep our data out of the crosshairs of hackers. And we noticed that LastPass was buggy. So it didn’t work well on many sites, and on others it simply didn’t work, requiring us to create entries manually.

And although convenient, a password manager that syncs data across multiple devices on a network makes the loss of just one device a threat to all user data.


Like LastPass, 1Password also stores your passwords on the cloud so you can access them using one “master password” from its cloud server. 1Password touts the fact that its components are standard and open source. 

User data is stored encrypted on the server, and can only be accessed by the master password, which only the user knows.

Each user gets a secret key that strengthens the master password by being generated locally.

You can store passwords and many other types of sensitive data, tag and sort it in the ways that are most convenient for you, and logs you in automatically. 

Why isn’t it enough?

1Password has some of the same drawbacks as LastPass, being a cloud server most likely to be targeted by hackers, as well as requiring a password for every single login. In fact, it was criticized for discontinuing its offline version. But all its myriad features and options also make 1Password a lot more app than we bargained for, with many more features than most users will need.

And just as with LastPass, we wanted a password app that allowed us to keep control of and manage our own data. We noticed that entering that master password over and over again throughout one browsing session got tedious. Tedium is dangerous when it comes to security because it tempts users to create simple, low-security master passwords. And that defeats the purpose of the app. 

Besides, a keylogger or spycam has a higher chance of compromising  master passwords that need to be entered multiple times a day--and may be entered in the wrong entry field due to user error, exposing all its characters on screen. 

1Password’s focus on managing passwords actually makes the organization of passwords another thing to worry about. We wanted something that allows passwords to work like a key does in a lock: keep your key safe until you need to use it, and don’t worry about it it until you need it again. To us, the safety and ease of the login experience counts most toward a smoother browsing experience. So we kept searching for a light, mostly invisible app, with only the features users love and use most.


So rather than focusing on the organization of secure passwords and files, KeyReel’s iPhone and MacOS apps sync with its browser extension to make login experience itself minimalist,  safe, and local. Passwords are stored in an encrypted vault on your iPhone and accessed by your Mac via secure, local Bluetooth connection. 

You don’t need ever to enter your master password (unless you recovering database from the backup). Whenever you browse on your computer with your iPhone within Bluetooth range, the requested information automatically appears in the login screen. When you pick up your phone and leave your computer behind, the encrypted Bluetooth link is broken, and your passwords stay with you on your phone. 

For more sensitive accounts that store banking, medical, and other personal data, you have the option to add a second authentication factor sent to your phone, which you can verify via PIN or TouchID. Because your passwords are stored locally and sent via local connection, the information never crosses the path of any hacker on any network. 

Although the local connection gave us peace of mind about its safety for data storage and transfer, we still wanted the speed and convenience of cloud apps. So we built lightweight iOS and MacOS apps, and a practically invisible web extension. As the three components run as one, it’s barely noticeable in operation.

Feedback from beta-testers and early adopters told us the most important features to them are data import/export and password generation capabilities. So we’ve added those as well as the ability to add notes to each account, but we’ve kept our focus on the login experience. Now KeyReel’s advanced web parsing is better at detecting login screens than both LastPass and 1Password.

If you want to try KeyReel, now’s the time! We’re going to be switching to a premium model soon as part of KeyReel’s growth into the ultimate login assistant. We would love to have you with us on the journey. Remember: all your data stays with you, you get access to all its features, and you don’t even need to set up a new account. Happy logins!

Wednesday, October 10, 2018

KeyReel Understands Web Better Than Most Popular Password Apps

If you use KeyReel, you know we’re serious about making login safety truly safe and truly automatic. You already love its nearly invisible interface, seamless data transfer from your phone to your computer, and peace of mind that no one else has access to your passwords but you.

Now there are even more reasons to keep KeyReel on your online security detail. Our new release gives you more power over your passwords, makes the interface even more intuitive, and gives KeyReel super-smart auto-login power.

Sometimes you want to remember your passwords, but that means they need to be shorter, and a shorter password is usually weaker. KeyReel now has a new password generator available on both its Mac and iOS components. The simple interface and advanced algorithm analyzing password strength. You choose the length and character requirements, and KeyReel does the rest.
MacOS Password Generator

iOS Password Generator

Of course, passwords aren’t the only types of data you need to secure. The new notes field in iOS lets you add information like answers to security questions and other sensitive information.

After major improvements to our web extension’s performance, our web-parsing is now even better at login form recognition than LastPass, 1Password, Dashlane, and TrueKey (more on this later!). This means you can instantly log into even more sites with tricky authentication forms and workflows.

And nobody likes scrolling down a list, so once all your accounts are loaded into KeyReel’s vault, use the alphabet navigation on the right to jump quickly through the list. You can also access various accounts for same site with one touch.

This is only the beginning. Our dream is to make safe logins and complete, individual data control the norm for every user. That’s why we’re positioning KeyReel to be much more than a password manager.

Subscribe to find out what that will mean for the KeyReel app, interface, and experience in the coming months. And if you haven’t tried KeyReel yet, here’s the link to download KeyReel now. All your data goes directly into a high-security vault on your iPhone, so you’ve got nothing to lose but a lot of login hassle.

Tuesday, July 24, 2018

Try the new version of KeyReel and get a bonus! (ENDED)

We're really excited about KeyReel 1.0.7, which allows you to import passwords from Dashlane, 1Password, KeePass, LastPass, or TruKey.

The new version also has better website parsing to ensure more of the trickier login layouts are detected. If you are using a password manager solution currently, try our superior password saving and auto-fill on sites like,, or tricky sites like, or

We want to make KeyReel the best it can be for our users, so for the next 10 days we're offering a $10 gift card from Amazon or Starbucks (your choice) for up to the first 100 users who: 
  1. Get and install KeyReel app for Mac at
  2. Install KeyReel app on iPhone from the App Store
  3. Follow installation prompts and pair iPhone app with Mac
  4. Fill out the feedback form and choose the type of the gift card you would like to receive. Be sure to use the same email address you have used during registration. The feedback form will also request that you upload a screenshot as a proof of installation and pairing, for example (instructions for how to take a screenshot):

* Electronic gift card codes will be sent within 3 days after completed feedback is received.

Tuesday, July 17, 2018

What is a "Password Manager" and How They Differ

Security, particularly online, is a high priority for everybody. To be secure on the Internet, every user should employ a strong, unique password for each website. Consider—according to this blog, by 2020 the average number of accounts per Internet user will be 207!

While a computer user could keep all the passwords they need in some secret notebook, the best approach is to utilize a software solution. A password manager keeps passwords and other private data, such as credit card information, on a computer or mobile devices. These managers store data in encrypted form, requiring only a single secret key to decipher the database. Password managers maintain the login information of a user's various online accounts and, if desired, auto-enter data into login forms. By using a password manager, a user protects his online accounts with unique passwords for each in case a website with weak security is hacked. Password managers oversee a list of site credentials so a user won't need to remember multiple passwords.

Tuesday, June 26, 2018

How can I become more secure without entering master password each time?

Security, both online and offline, means everything to most of us. To attain a high level of security while on the web, users need to pay close attention to safeguarding passwords and keeping their login information private. This level of security can be accomplished by following...

Tuesday, June 12, 2018

How can I avoid being hacked?

All of us use the Internet; it is a vital necessity for life in the 21st century. But surfing the web exposes our lives to black hats who can harm us and steal our digital identity.

Whenever you access a website and enter personal information, you become a target for data criminals. Many of your accounts contain sensitive information such as credit card numbers, addresses and phone numbers, personal photos, etc. It's vital to safeguard all your online data.

But how do we protect ourselves online? How do we prevent hackers from stealing our private data? The Internet offers plenty of articles on this topic but for your convenience, we list here basic steps you can take to keep your personal information safe when you browse the Internet...

Friday, May 18, 2018

Why do I have to have separate passwords for each site?

In 2014, hackers stole nude photos from the private iCloud account of actress Jennifer Lawrence, posting them on the web for the world to see. In fact, over a hundred celebrities over the past six years have been the victims of cyberattacks, their reputations damaged by the leak of private and sensitive details and their financial data compromised. All too often, hackers gain access to celebrity accounts because the victims used the same password on multiple websites. And celebrities aren't the only targets of hackers. A study commissioned by the U.K.'s Office of Communications (Ofcom) found that 55% of online users employ the same password for all websites. The repeated use of the same password for every website a user visits leads to security vulnerabilities and makes the task of the hacker too easy.

Tuesday, May 1, 2018

Why Most People Don’t Use Password Managers… And How We’re Changing Their Minds

Why do we continue to reuse passwords, use short, easy-to-guess combinations, and save them on our desktops rather than use password managers? The answer lies in the nature of passwords themselves.

While they’re a necessary measure we take keep valuable information safe online, passwords also act as “speed bumps” disrupting the flow of the online experience. And the fact is, many of us would rather compromise on security than convenience...
As dangerous as that is, the alternative - entering a master password every time we log in using a high-security password manager - takes too great a toll on our online experience. The ease - and vulnerability - of weak and multiple-account passwords, insecure browser password managers, or cloud server-based password managers that have been hacked in the past becomes nearly impossible to resist.

So the passwords we create leave us vulnerable, our online experience is riddled with inconvenience, and the password managers that are easiest to use are vulnerable themselves.

As software engineers with cybersecurity expertise in Seattle, we understand that in order to be effective, password security needs to be both practical and trustworthy enough for users to actually stick with it. We aimed to build the best tool for the job when we developed KeyReel Security Assistant.

KeyReel provides the awesomeness of autologin, keeps credentials safely offline, and avoids the inconvenience of frequent master password entry... without the use of a cloud server. It’s high-security password management everyone actually enjoys, and we’re relaunching it publicly today.

Far more secure than the typical laptop, when a user installs KeyReel the phone, it becomes the perfect portable password notebook where all passwords are stored offline in a single encrypted vault. But the magic lies in its pairing with the Mac or PC via encrypted Bluetooth connection.

KeyReel senses when a user browses to a login screen and instantly transfers the appropriate AES-encrypted credentials from the phone directly to the browser. And when the user picks up the phone and leaves the computer behind, the Bluetooth connection breaks once out of range, but credentials stay offline with its owner. It’s the keyless entry experience of a luxury car, for the internet - but much safer.

We designed KeyReel so users will never have to enter a master password again. But for certain sites, two or more authentication factors are always better than one. Rather than SMS, the phone’s TouchID or PIN code can allow KeyReel to provide a further layer of protection when a user logs in to banking, e-commerce, and other sites where critical personal data is stored.

And no matter what happens to the phone, password data remains encrypted and inaccessible without a Bluetooth connection to the computer KeyReel is paired with. If a user sets up a backup password vault on their Mac or PC, KeyReel’s password data will be available to use on the new phone, too.

A strong, unique password can take today’s fastest machines years to decode. It’s the best defense we have against hackers, viruses, identity theft, and spying - even better than biometric authentication. Since we believe everyone should be able to easily marshall that defense and prevent nearly all attempts to get around it, KeyReel is also completely free.

Feedback from our beta users and early adopters has shaped KeyReel throughout its development, and with our relaunch, we welcome even more.

Anyone with a laptop and an phone can join the growing number of people who use KeyReel to enjoy the freedom of browsing in comfort and security right now - and spread the word. Now’s also the time to sign up to be the first to know when KeyReel for Android is released, which will be soon. Together, we’re going to change the world of personal password management for the better, the safer, and the simpler.