TrueKey sign-in with password re-prompt is _less_ secure than without re-prompt.
I have most of my TrueKey logins setup to not require password reentry. This means when I navigate to a site, my username/password is auto-filled into the site. For a few of my more sensitive accounts I have them setup in TrueKey to re-prompt for a password. The problem is that for those sites my username and password are _not_ auto-populated. This means I have to leave the site I'm on, search for it by name in the TrueKey app, copy the password (which requires password entry) and then paste it into the target site.
This is not particularly secure for a couple reasons:
My password ends up in my clipboard which can be read by malicious websites and applications on my computer.
It opens me up to phishing attacks. For auto-login sites, TrueKey will only populate the username/password for domains that are an _exact_ match, which protects me from someone phishing me with g0ogle.com. However, because I have to manually search, I am no longer protected from phishing attacks.
Mitigation suggestion is to handle this similar to LastPass and make it so I can click on the extension, right-click on the page, or click on the input form to autofill for me. If the account requires a password reprompt then do so in a separate window/tab and once complete auto-fill the page.
I believe LastPass handles this on a technical level by having password reprompts last for some number of minutes, which avoids the need to synchronize the different tabs. When I enter my password into LastPass, it unlocks all of my accounts for some short period of time and any tabs that are polling for login details will get through once I unlock my account. I find this to be quite reasonable, and sometimes even preferrable because LastPass also lets me choose to "not reprompt again for X minutes" which is useful when I am having to enter my password a few times for something.