Toggle Menu

Frequently Asked Questions about the Myki App

General

What is Myki?

Myki is a password manager & 2FA authenticator that enables you to securely stores and manages passwords and sensitive information such as credit cards, government IDs and secure notes. Myki does not store data in the cloud. Your data remains stored locally and is seamlessly synced P2P across devices that you have Myki installed on.

Where does Myki store passwords?

Myki stores your passwords and sensitive data locally, on devices you have Myki installed on. The Myki app acts as a vault that stores an encrypted copy of your passwords and sensitive data. Your passwords are not stored in the cloud. This makes it extremely difficult for hackers to gain access to your accounts.

What happens if I lose or change my phone?

Myki automatically maintains backups on any device you have the app installed on. This allows you to recover your data from any of these devices in case something happens to your phone. You can also create manual backups of Myki that you can store in any secure location and use if you ever need to restore your vault.

Signing up to a new device using the same phone number will cause the Myki app on the old device to wipe all stored data.

What is the advantage of using Myki over other password managers?

Myki has many advantages over existing password managers the biggest one being the way your data is stored and synced across devices. These are other differentiators:

  • Your sensitive data is not stored in the cloud.
  • Myki seamlessly syncs P2P with other devices that you use.
  • No master password to remember.
  • Myki can store and auto-fill 2FA tokens, other cloud-based password managers cannot (should not) because they would strip the 2FA part by putting your tokens in the cloud next to your passwords.

Who is Myki for?

Myki is for users who care about their online security and privacy and don’t want to trust anyone with their sensitive information. You should not have to trust a third party for storing and syncing your sensitive data across your devices. Myki offers the security of an offline vault that doesn't store data in the cloud and the convenience of automatically logging you in on other devices that you own. We are here to help you regain control of your digital identity.

Pairing With Computers

How can I use Myki on my computer?

There are two ways of using Myki on your computer:

On computers that you trust (i.e. personal devices, work devices that you can take at home etc..) we recommend that you install the Myki desktop application which is available on Mac, Windows and different flavors of Linux. Desktop apps offer the full experience of Myki.

On computers that your do not trust such as public computers, you can install the Myki browser extension and pair it to your smartphone app. This will keep the passwords stored on the smartphone and only send specific passwords when you need them by having you approve a login request sent to your phone. This protects you by not sending your entire password vault to the computer. When you disconnect from the extension, Myki tries to erase all traces of your presence on that device (metadata, authenticated cookies etc..)

Can i pair my smartphone with the browser extension without using the desktop app?

Yes, you can do so by scanning a QR code. When you pair your smartphone and the Myki extension, an encrypted P2P link is created between your phone and your computer browser. Whenever the Myki extension detects that you need to login to an account. It sends a secure request to your smartphone via push notification. When you approve the request on your phone (by using your fingerprint or a pin code), the data is encrypted and immediately relayed to the extension that decrypts it and injects it in the login page.

Security and Privacy

How does Myki ensure my privacy?

Myki does not store any sensitive information on our servers. Instead it relies on the Myki apps on your smartphone and computer to act as a private cloud that only your devices can access. Sensitive data is stored on the Myki apps with secure backups being continuously made on all Myki-enabled devices. Our servers act as relay servers between your different devices. The data being relayed is encrypted in a way that prevents our servers from knowing what information is being transmitted.

What happens if the Myki servers get hacked?

The Myki servers do not hold any sensitive information. They act as a relay service between your different Myki-enabled devices. In case our servers get compromised, hackers cannot gain access to your passwords as they are not stored there. The different attacks that a hacker would be able to conduct are the following:

  • Denial of service attacks: A DoS attack would prevent your phone from connecting to the browser extension on the computer. Redundancies set in place will prevent total disconnection.
  • Man-in-the-middle attacks: A hacker would try to intercept the communication between the phone and the browser. With true end to end encryption, any data intercepted is undecipherable, and therefore useless to the attacker.

What happens if Myki receives a government request for my data?

Knowing that Myki servers do not hold any sensitive data, we cannot comply with any government requests for your sensitive information. You can get more information regarding the way we deal with government requests by reading our Law Enforcement Notice.

Offline Storage of passwords

Where does Myki store my passwords?

Myki only stores your passwords on smartphones and computers that you install Myki on and seamlessly syncs the data P2P between these devices. Your passwords are not stored in the cloud which makes it virtually impossible for hackers to steal your data from a remote location without having to compromise the entire device first.

What happens if I lose or change my phone?

Myki automatically maintains backups on any device you have the app installed on. This allows you to recover your data from any of these devices in case something happens to your phone. You can also create manual backups of Myki that you can store in any location that you deem secure.

Signing up to a new device using the same phone number will cause the Myki app on the old device to wipe all stored data.

How does Myki communicate with my computer?

There are two ways to interact with a computer:

You can install the Myki desktop app in your computer. It is available on Mac, Windows and Linux. The desktop app offers the full Myki experience.

In case you do not trust the computer, you can install the Myki browser extension and pair it with the Myki app on your smartphone. This keeps your encrypted vault stored on the smartphone and only sends requested passwords to the computer when you need to login to a specific website.

How can I add my passwords to Myki?

There are three ways for you to add your passwords to Myki. The first one is through the Myki app. You can click on the '+' sign and manually type in your username and your password for the selected website. The second method is via the Myki browser extension while you browse. Whenever you log into a website on your computer that has a paired Myki browser extension, Myki will ask you to save the account into your Myki app. Clicking the save button will add the account to Myki which will allow Myki to auto-fill it from that point onwards. The third method is to import your accounts from your browser or from another password manager via the Myki browser extension by following the steps in our guide (Import Your Existing Passwords To Myki).

How are my passwords encrypted while being sent to the computer?

Every device as an RSA2048 private/public Key Pair. When a Myki app wants to emit a sync event to another device, the data is encrypted using an AES256 key which in turn is encrypted using the public key of the recipient. The now encrypted message is then digitally signed by the sender and relayed to the recipient. The recipient can verify the digital signature of the sender before decrypting the encrypted sync event. This allows every device to make its own assessment as to whether a message that they receive is legitimate.

Approving Logins From The App

How can Myki log me into accounts on my computer?

Myki pairs with your computer either via the Myki desktop app or via the Myki browser extension that is installed in your web browser of choice. You connect the app with the desktop app or extension by scanning a QR code with your smartphone camera (Pairing The Myki App). This creates a P2P encrypted link between the Myki app and the desktop app or Myki browser extension which allows your phone and computer to securely exchange passwords and other sensitive data. Scanning a QR code is an optical way of transferring information between your phone and your computer which ensures that the encryption key is never exchanged over the Internet. Any intruder trying to intercept your network communication would not be able to decrypt the data being transmitted. Whenever the Myki extension detects that you need to login to an account in your browser (when you visit https://gmail.com for example and you are logged out), it sends a login request to your smartphone via push notification. You can grant access from your phone by hard pressing on the notification and authenticate yourself with your fingerprint, a pin code or even faceID. This will encrypt your Gmail password and securely send it to your computer. The extension will then decrypt this password and fill the login form online logging you in successfully.

Can Myki log me into apps and websites on my phone?

On iOS and Android Myki can log you into both apps and websites.

Is the connection between Myki and my browser extension secure?

Myki uses the AES256-CBC encryption algorithm which is regarded as one of the most secure encryption standards. This ensures that your data is safe while being transmitted. The AES encryption key is shared between the phone and the extension via a QR code that you scan with the Myki app using your smartphone camera which means that the encryption key is never sent across the internet. The key is generated by the browser extension and optically shared with the Myki app. This is regarded as one of the most secure ways of exchanging an AES encryption key.

What happens if I lose or change my phone?

Myki gives you the option to keep a secure backup of your accounts on any computer that you pair your Myki app with. This allows you to recover your data in case something happens to your phone. You can also create manual backups of Myki that will generate a ‘.myki' file that you can store in any location that you deem secure. We are also working on adding a ‘backup with a friend' feature that allows you to keep a secure backup of your passwords on a friend's Myki app very much like a spare key. The friend would not be able to access your Myki Vault unless you grant them access to it.

Signing up to a new device using the same phone number previously used will cause the Myki app on the old device to wipe all stored data.

Password Sharing

How does password sharing work?

Every Myki user has a unique RSA2048 private/public Encryption key pair. The public key can be shared with any user online without any risk to the owner and is used by the sender to encrypt the password being shared. In other terms, whenever you want to share a password with a Myki user, you start by selecting the user from your contacts list on your phone, this requests the recipient's public key. Whenever your Myki app receives the recipients public key it encrypts the password that you want to share using it and sends it to his smartphone via a P2P encrypted connection. The user receives the encrypted password and uses his private key to decrypt it. All of this happens in the background. As a user all you need to do is click on an account in the Myki app then select share and select the contact from your contact list.

Can the recipient see the shared password?

By default, the recipient cannot see the shared password. It is hidden from him in the Myki app and is also hidden from him in the Myki extension. The recipient can use the Myki app to approve a login request on his computer in order to login to the shared account. Due to the nature of how passwords work in general, the Myki extension must inject the password into the page which means that a tech savvy user can still try to interrupt the JS execution of the page and inspect the code in order to look for the password. We are currently working on a way that allows you to share access to an account without sharing the password. This message will be updated as soon as the feature goes live.

Can I stop sharing access with someone?

You can revoke access to a shared account at any point in time. This will delete the password from the user's Myki app in real time (or as soon as it connects to the internet) and log him out of the account on any paired browser extension that the user used to login to your shared account.

Two Factor Authentication (2FA)

What is Two-Factor Authentication (2FA)?

"Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication.
A good example from everyday life is the withdrawing of money from a cash machine; only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out." (Wikipedia)

Online, 2FA is an additional time-sensitive one time code that you input alongside your username and your password in order to login. This prevents an attacker from accessing your account in case your password is compromised as the attacker would need to also have knowledge of this changing code.

The traditional way of receiving these 2FA codes is either via SMS which is slow and insecure or via an authenticator app such as Google Authenticator. The latter is more secure than the former but is extremely inconvenient due to the fact that you are required to unlock your phone, open the authenticator app and type the 6 digit 2FA code into your browser every time you want to login.

Myki simplifies this process by holding these 2FA tokens for you and by inputting them alongside your username and password whenever you grant access to an account from your smartphone.

Which websites support 2FA and how can I enable it?

There are different procedures for enabling 2FA, but it generally involves going into the settings page of the website and enabling it from there. This website (twofactorauth.org) contains a list of all services that support 2FA with a link to the setup steps. In order to add your 2FA secrets into Myki, select the authenticator app option on the website and, in the Myki app, click on the account you would like to add 2FA to —> Settings —> Setup 2FA the scan the QR code displayed on the website.

How can Myki manage my 2FA secrets, isn't it against the point of 2FA?

Myki has a unique architecture that trades cloud storage and a master password for a decentralized P2P model, which means that passwords are stored on your Myki-ennabled devices and backups are continuously made to these devices. It is because of this unique architecture that Myki can securely store your 2FA secrets alongside your passwords without compromising your security. Myki conveniently auto-fills your 2FA tokens when logging in which encourages users to enable 2FA on all their supporting accounts.

How does Myki auto-fill my 2FA tokens?

When logging into an app or website on your phone Myki will automatically fill the 2FA token when it can detect the field for it, if it can't it will display a local notification on your phone with your 2FA token.

When logging in to an account on your computer, Myki will send the 2FA token alongside the username and the password when you approve the login request sent via push notification to your smartphone or desktop application.

Digital Wallet

Can Myki auto-fill my credit card information into websites?

Yes, Myki can autofill all the credit card information in your browser via the Myki browser extension the same way that it auto-fills your usernames and passwords. When you see a credit card form with the Myki Owl icon, click on it and select the credit card that you would like to auto-fill. This will send a login request to your phone and as soon as you approve it, Myki will auto-fill the data.

Can I share access to my credit cards using Myki?

Yes, you can share your credit card data with any Myki user by clicking on the card in the Myki app and by selecting your contact from the sharing tab. The recipient will not be shown the CVV in the app but whenever he uses the card online, it will be displayed to him in the form when being filled by Myki.

How secure is it to store my credit card information in Myki?

Myki does not store your data in the cloud, your credit card data is only stored on your Myki-enabled device in an encrypted manner and secure backups can be made to all of your Myki apps. This makes it extremely difficult if not impossible for hackers to gain access to your data by remotely attacking you.