The Myki Password Manager & Authenticator is designed in a way that prevents hackers as well as governments from accessing your accounts. https://myki.co
In our opinion, cloud storage of passwords, keys and certificates is convenient but constitutes a big security issue. Hackers shouldn't be able to compromise a publicly accessible server and as a result gain access to users credentials.
Myki follows a different approach by creating a private cloud in your pocket. All of your passwords and keys are securely encrypted on your smartphone (secure backups are automatically made on other devices that you own in an ad-hoc manner).
You can pair the Myki app with your computer browser by scanning a symmetrical encryption key (AES256 PBKDF2) generated by the browser extension.
This create an encrypted P2P connection between your phone and your browser.
When you need to login to an account on your computer, you receive a push notification to your smartphone. You can grant access from your mobile lock screen by using your fingerprint or a pin code.
The passwords are then encrypted with the shared key (generated by the browser) and sent to the browser extension that decrypts them and injects them in the website.
As a result of our architecture:
- Our servers are only used as relay servers (they don't hold any sensitive information, we can't get subpoenaed, if our servers are compromised they don't hold sensitive users' data)
- No master password needed (another password to secure all other passwords? Really?!)
- Myki can pair and log you in on an unlimited number of computers.
- Myki stores and auto-fills two-factor authentication tokens.
- Myki can remotely log you out of any account on your computer from the myki app on your phone
For more information about how myki works, visit: https://myki.co/privacy
You can get the app on iPhone and Android from https://myki.co/download