How Myki Works
What information does Myki store?
Myki saves usernames and passwords
- Your browsing data is not recorded
- Your keystrokes and mouse movements are not logged
- Metadata is created and stored in our servers
Where does Myki store the information?
Myki only stores passwords on your phone.
- Passwords are only stored on your phone. Myki does not hold a copy in the cloud
- Myki stores metadata in the cloud in order to synchronise accounts lists across devices
How does Myki secure data in motion?
Myki encrypts the traffic between your phone and our servers and between your phone and the browser extension.
- All traffic goes through HTTPS
- AES-256 encrypts passwords that are sent between the phone and the browser extension in both directions.
- The Key exchange happens when the extension QR code is scanned.
- Shared Passwords are AES-256 encrypted with a random key which is encrypted using RSA-2048
How does Myki authenticate its users?
Myki uses public key cryptography to authenticate users.
- A Key/Pair is generated on signup
- The Public Key is shared with the server
- On authentication, the server sends a challenge which is signed by the phone
- The phone's authenticator (fingerprint sensor, pin code) unlocks the private key used to sign the challenge
- The server verifies the signature and gives the user a session
Why should I trust Myki?
Myki only stores passwords on your phone
We don't use the cloud to store your passwords. In the eventuality that our servers are compromised, your critical information remains safe.