Toggle Menu

Frequently Asked Questions

General

What is Myki?

Myki is a mobile application that allows you to securely store and manage passwords and sensitive information such as credit cards, government IDs and secure notes. Myki does not stores data in the cloud. Your data remains stored in your possession.

Where does Myki store passwords?

Myki securely stores your passwords and sensitive data offline, on your smartphone. The Myki app acts as a vault that stores and encrypted copy of your passwords and sensitive data. Your passwords are not stored in the cloud which prevents hackers from gaining access to your accounts in case our servers get compromised.

What happens if I lose or change my phone?

Myki gives you the option to keep a secure backup of your accounts on any computer that you pair your Myki app with. This allows you to recover your data in case something happens to your phone. You can also create manual backups of Myki that will generate a ‘.myki' file that you can store in any location that you deem secure. We are also working on adding a ‘backup with a friend' feature that allows you to keep a secure backup of your passwords on a friend's Myki app very much like a spare key. The friend would not be able to access your Myki Vault unless you grant them access to it.

Signing up to a new device using the same phone number previously used will cause the Myki app on the old device to wipe all stored data.

What is the advantage of using Myki over other password managers?

Myki is for users who care about their online security and don’t want to trust anyone with their sensitive information. You should not have to trust a third party for storing and syncing your sensitive data across your devices. Myki offers the security of an offline vault that doesn’t store data in the cloud and the convenience of automatically logging you in on other devices that you own. Think of it like having the security of Keepass and the convenience of LastPass at the same time.

Who is Myki for?

Myki has many advantages over existing password managers the biggest one being the way your data is stored and synced across devices. These are other differentiators:

  • Your sensitive data is not stored in the cloud.
  • Myki can pair and log you into other devices that you own.
  • No master password to remember.
  • Myki can store and auto-fill 2FA tokens, other cloud based password managers cannot (should not) because they would strip the 2fa part by putting your tokens in the cloud next to your passwords.

Pairing With Computers

How does Myki pair with the browser extension?

The real power of Myki appears when you start pairing the app with your personal and work computers. This allows Myki to auto-fill your passwords in websites on your computer as you browse. Additionally Myki prompts you as soon as it detects a new password and gives you the option to store it in the Myki application. For specific technical information about how Myki creates and maintains a secure connection between your phone and your browser, checkout our white paper.

How does Myki communicate with the browser extension?

Myki creates an encrypted P2P link between your phone and your computer browser. Whenever the Myki extension detects that you need to login to an account. It sends a secure request to your smartphone via push notification. When you approve the request on your phone (by using your fingerprint or a pin code), the data is encrypted and immediately relayed to the extension that decrypts it and injects it in the login page.

Security and Privacy

How does Myki ensure my privacy?

Myki does not store any sensitive information on our servers. Instead it relies on the Myki app on your smartphone to act as a private cloud in your pocket. Sensitive data is stored on the Myki app with secure backups being continuously made to paired browser extensions. Our servers act as relay servers between your phone and your browser. The data being relayed is encrypted in a way that prevents our servers from even knowing what information is being transmitted.

What happens if the Myki servers get hacked?

The Myki servers do not hold any sensitive information. They act as a relay service between your phone and your browser. In case our servers get compromised, hackers cannot gain access to your passwords as they are not stored there. The different attacks that a hacker would be able to conduct are the following:

  • Denial of service attacks: A DoS attack would prevent your phone from connecting to the browser extension on the computer. Redundancies set in place will prevent total disconnection.
  • Man-in-the-middle attacks: A hacker would try to intercept the communication between the phone and the browser. With true end to end encryption, any data intercepted is undecipherable, and therefore useless to the attacker.

What happens if Myki receives a government request for my data?

Seeing that Myki servers do not hold any sensitive data, we cannot comply with any government requests for your sensitive information. You can get more information regarding the way we deal with government requests by looking at our law enforcement notice.

Offline Storage of passwords

Where does Myki store my passwords?

Myki stores your passwords securely on your smartphone. Your passwords are not stored in the cloud which makes it virtually impossible for hackers to steal your data from a remote location. This is a very important point that we believe other password managers do not address. When your passwords are stored in the cloud, a hacker can try to compromise that cloud in order to gain access to the entire database of encrypted user vaults. In the case of Myki, the backups are decentralized across users' smartphones which prevents hackers from gaining access to a large number of backups by hacking one cloud. Attackers would need to try to compromise one device at a time in order to gain access to the encrypted password list which is extremely difficult because the password vault remains in your possession at all times.

What happens if I lose or change my phone?

Myki gives you the option to keep a secure backup of your accounts on any computer that you pair your Myki app with. This allows you to recover your data in case something happens to your phone. You can also create manual backups of Myki that will generate a ‘.myki' file that you can store in any location that you deem secure. We are also working on adding a ‘backup with a friend' feature that allows you to keep a secure backup of your passwords on a friend's Myki app very much like a spare key. The friend would not be able to access your Myki Vault unless you grant them access to it.

Signing up to a new device using the same phone number previously used will cause the Myki app on the old device to wipe all stored data.

How does Myki communicate with my computer?

Myki pairs with your computer through the Myki browser extension that is installed in your browser of choice. You connect the app with the Myki extension by scanning a QR code on your computer with the Myki app (see steps here). This creates a P2P encrypted link between the Myki app and the Myki browser extension which allows your phone and computer to securely exchange passwords and other sensitive data. Scanning a QR code is an optical way of transferring information between your phone and your browser which ensures that the encryption key is never exchanged over the Internet. Any intruder trying to intercept your network communication would not be able to decrypt the data being transmitted.

How can I add my passwords to Myki?

There are three ways for you to add your passwords to Myki. The first one is through the Myki app. You can click on the '+' sign and manually type in your username and your password for the selected website. The second method is via the chrome extension while you browse. Whenever you log into a website on your computer that has a paired Myki chrome extension, Myki will ask you to save the account into your Myki app. Clicking the save button will add the account to Myki which will allow Myki to auto-fill it from that point onwards. The third method is to import your accounts from Google Chrome or another password manager via the Myki chrome extension by following the steps in our guide (Import Your Existing Passwords To Myki).

How can I sync my passwords to my computer?

You can pair the Myki app with your computer browser via the Myki browser extension which allows you to securely exchange passwords and other sensitive data between your phone and your computer. The Myki app also allows you to store a secure backup of your accounts on your computer in order to recover your accounts in case something happens to your smartphone.

How are my passwords encrypted while being sent to the computer?

In order to pair the Myki app with your computer browser via the Myki browser extension, you scan a QR code that contains an AES256-CBC encryption key that is only ever seen by the Myki app and the Myki Browser Extension. Whenever you request a passwords or other sensitive data from the Myki app, the data is encrypted using this encryption key and sent over the Internet in a P2P encrypted manner to your computer. This ensures that the communication between the app and the computer is secure at all times. Whenever you disconnect, the Myki app from your computer by either pressing the disconnect button on the app or in the extension, the key is deleted from both ends and the extension removes any sensitive data that it holds including any session data that it generated. Whenever you disconnect the Myki app from a computer, you get logged out from all the accounts that Myki logged you into which is useful in different use cases.

Approving Logins From The App

How can Myki logs me into accounts on my computer?

Myki pairs with your computer via the Myki browser extension that is installed in your web browser of choice. You connect the app with the extension by scanning a QR code with your smartphone camera (Pairing The Myki App). This creates a P2P encrypted link between the Myki app and the Myki browser extension which allows your phone and computer to securely exchange passwords and other sensitive data. Scanning a QR code is an optical way of transferring information between your phone and your browser which ensures that the encryption key is never exchanged over the Internet. Any intruder trying to intercept your network communication would not be able to decrypt the data being transmitted. Whenever the Myki extension detects that you need to login to an account in your browser (when you visit https://gmail.com for example and you are logged out), it sends a login request to your smartphone via push notification. You can grant access from your phone by hard pressing on the notification and authenticate yourself with your fingerprint, a pin code or even faceID. This will encrypt your Gmail password and securely send it to your computer. The extension will then decrypt this password and fill the login form online logging you in successfully.

Can Myki log me into apps and websites on my phone?

On Android Myki can log you into both apps and websites. All you need to do is enable the native login feature in the Myki app (find it in the profile tab).

On iOS Myki can log you into websites in Safari via the Myki safari extension. You can enable it by going to the profile tab in the Myki app. Myki can also log you into apps that support the feature. You will typically see a lock icon next to the password field on supported websites.

How can I connect the Myki app with my computer?

You can pair the Myki app with your computer browser via the Myki browser extension which allows you to securely exchange passwords and other sensitive data between your phone and your computer. The Myki app also allows you to store a secure backup of your accounts on your computer in order to recover your accounts in case something happens to your smartphone. In order to pair Myki with your computer, follow the steps outlined in this guide.

Is the connection between Myki and my computer secure?

Myki uses the AES256-CBC encryption algorithm which is regarded as one of the most secure encryption standards. This ensures that your data is safe while being transmitted. The AES encryption key is shared between the phone and the extension via a QR code that you scan with the Myki app using your smartphone camera which means that the encryption key is never sent across the internet. The key is generated by the browser extension and optically shared with the Myki app. This is regarded as one of the most secure ways of exchanging an AES encryption key.

What happens if I lose or change my phone?

Myki gives you the option to keep a secure backup of your accounts on any computer that you pair your Myki app with. This allows you to recover your data in case something happens to your phone. You can also create manual backups of Myki that will generate a ‘.myki' file that you can store in any location that you deem secure. We are also working on adding a ‘backup with a friend' feature that allows you to keep a secure backup of your passwords on a friend's Myki app very much like a spare key. The friend would not be able to access your Myki Vault unless you grant them access to it.

Signing up to a new device using the same phone number previously used will cause the Myki app on the old device to wipe all stored data.

Password Sharing

How does password sharing work?

Every Myki user has a unique RSA2048 private/public Encryption key pair. The public key can be shared with any user online without any risk to the owner and is used by the sender to encrypt the password being shared. In other terms, whenever you want to share a password with a Myki user, you start by selecting the user from your contacts list on your phone, this requests the recipient's public key. Whenever your Myki app receives the recipients public key it encrypt the password that you want to share using it and sends it to his smartphone via a P2P encrypted connection. The user receives the encrypted password and uses his private key to decrypt it. All of this happens in the background. As a user all you need to do is click on an account in the Myki app then select share and select the contact from your contact list.

Can the recipient see the shared password?

By default the recipient cannot see the shared password. It is hidden from him in the Myki app and is also hidden from him in the Myki extension. But the recipient can still use the Myki app to approve a login request on his computer in order to login to the shared account. But due to the nature of how passwords work in general, the Myki extension has to inject the password into the page which means that a tech savvy user can still try to interrupt the JS execution of the page and inspect the code in order to look for the password. We are currently working on a way that allows you to share access to an account without actually sharing the password. This message will be updated as soon as the feature goes live.

Can I stop sharing access with someone?

You can revoke access to a shared account at any point in time. This will delete the password from the user's Myki app in real time (or as soon as it connects to the internet) and log him out of the account on any paired browser extension that the user used to login to your shared account.

Two Factor Authentication (2FA)

What is Two-Factor Authentication (2FA)?

"Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication.
A good example from everyday life is the withdrawing of money from a cash machine; only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out." (Wikipedia)

Online, 2FA is an additional time-sensitive one time code that you input alongside your username and your password in order to login. This prevents an attacker from accessing your account in case your password is compromised as the attacker would need to also have knowledge of this changing code.

The traditional way of receiving these 2FA codes is either via SMS which is slow and insecure or via an authenticator app such as Google Authenticator. The latter is more secure than the former but is extremely inconvenient due to the fact that you are required to unlock your phone, open the authenticator app and type the 6 digit 2FA code into your browser every time you want to login.

Myki simplifies this process by holding these 2FA tokens for you and by inputting them alongside your username and password whenever you grant access to an account from your smartphone.

Which websites support 2FA and how can I enable it?

There are different procedure for enabling 2FA but it generally involves going into the settings page of the website and enabling it from there. This website (twofactorauth.org) contains a list of all services that support 2FA with a link to the setup steps. In order to add your 2FA secrets into Myki, select the authenticator app option on the website and, in the Myki app, click on the account you would like to add 2FA to —> Settings —> Setup 2FA the scan the QR code displayed on the website.

How can Myki manage my 2FA secrets, isn't it against the point of 2FA?

Myki has a unique architecture that trades cloud storage and a master password for a decentralized P2P encrypted model, which means that passwords are stored on your smartphone and backups are made to extensions you are paired to. It is because of this very architecture that Myki can securely store your 2FA secrets alongside your passwords without compromising your security. Myki conveniently auto-fills your 2FA tokens when logging in which encourages users to enable 2FA on all of their supporting accounts.

How does Myki auto-fill my 2FA tokens?

When logging into an app or website on your phone Myki will automatically fill the 2FA token when it can detect the field for it, if it can't it will display a local notification on your phone with your 2FA token.

When logging in to an account on your computer, Myki will send the 2FA token alongside the username and the password when you approve the login request sent via push notification to your smartphone.

Digital Wallet

Can Myki auto-fill my credit card information into websites?

Yes, Myki can autofill all the credit card information in your browser via the Myki browser extension the same way that it auto-fills your usernames and passwords. When you see a credit card form with the Myki Owl icon it it, click on it and select the credit card that you would like to auto-fill. This will send a login request to your phone and as soon as you approve it, Myki will auto-fill the data.

Can I share access to my credit cards using Myki?

Yes, you can share your credit card data with any Myki user by clicking on the card in the Myki app and by selecting your contact from the sharing tab. The recipient will not be shown the CVV in the app but whenever he uses the card online, it will be displayed to him in the form when being filled by Myki.

How secure is it to store my credit card information in Myki?

Myki does not store your data in the cloud, your credit card data is only stored on your smartphone in an encrypted manner and secure backups can be made to any computer that has the Myki extension. This makes it extremely difficult if not impossible for hackers to gain access to your data by remotely attacking you.