How does password sharing work?

Every MYKI user has a unique RSA2048 private/public Encryption key pair. The public key can be shared with any user online without any risk to the owner and is used by the sender to encrypt the password being shared. In other terms, whenever you want to share a password with a MYKI user, you start by selecting the user from your contacts list on your phone, this requests the recipient's public key. Whenever your MYKI app receives the recipients public key it encrypts the password that you want to share using it and sends it to his device in an end-to-end encrypted manner. The user receives the encrypted password and uses his private key to decrypt it. All of this happens in the background. As a user all you need to do is click on an account in the MYKI app then select share and select the contact from your contact list.

Can the recipient see the shared password?

By default, the recipient cannot see the shared password. It is hidden from him in the MYKI app and is also hidden from him in the MYKI extension. But the recipient can still use the MYKI app to approve a login request on his computer in order to login to the shared account. But due to the nature of how passwords work in general, the MYKI extension must inject the password into the page which means that a tech savvy user can still try to interrupt the JS execution of the page and inspect the code in order to look for the password.

Can I stop sharing access with someone?

You can revoke access to a shared account at any point in time. This will delete the password from the user's MYKI app in real time (or as soon as it connects to the internet) and log him out of the account on any paired browser extension that the user used to login to your shared account.