Myki Review

Myki is a closed source password manager app that has been downloaded over 100,000 times from the Google Play Store. It is a software solution that permits consumers to protect multiple accounts with robust passwords; without the hassle of needing to remember them. Myki appears to have a great reputation with consumers, receiving a 4.4 score on the Play Store and a 4.6 on Apple app store. So, is this password manager all it is cracked up to be? And is it worth spending your money on?

Our Score
4 / 5
Free option
Available
Visit Myki

Pricing

As is the case with other password managers, Myki provides consumers with the ability to protect an unlimited number of passwords within a centrally encrypted repository. This allows users to remember just one master pin (or use biometrics) to log into any number of online services and accounts. 

Myki is available across all platforms, which is great. And it even provides handy extensions for Chrome, Firefox, Safari, Edge, and Opera. Linux apps are also a unique selling point for this particular password manager.

Myki homepage

Where price is concerned, users can enjoy this password manager for free. However, users can upgrade to premium by paying a one-off fee of $9.95. Those extra features are: 

  • Custom tags for organizing passwords, cards, IDs, etc.
  • Custom account images for accounts using photos from your gallery
  • Custom profiles for making a separate work and personal profile, for example
  • Custom fields for applying to your items.

Only teams need to pay in order to have access to the password manager across their workforce. And, it has to be said that at a cost of $3.99 per month and $35.88 per year (the equivalent of $2.99 per month) this is not a massively expensive password manager for organizations that need one. 

Myki pricing

Setup

Getting Myki setup is easy, the app can be accessed for either desktops or mobile devices on its website. Mobile users also have the option to download it from their regular app store. We downloaded the most recent versions for Windows, Android, and iOS. 

During the desktop installation, users must agree to the terms of service. Users can elect to install the software to work for all Windows PC users - or only their specific login (mypc).  

choose installation

Once Myki has installed, it will run automatically. Installing the app on mobile devices involves providing a number of permissions for the service to work.

Ease of Use

Myki is a password manager that is extremely easy to get used to, it is the definition of polished functionality. The password manager is friendly on the eyes, and finding each setting is not complicated or tricky (as it can be on other password managers). What is unique about this password manager is that it is primarily designed to work from a mobile device to a browser extension (rather than from a desktop to a mobile device - which is the norm elsewhere). 

When installing the mobile version, users are asked to enter a pin. This ensures that the app can lock up and withdraw access to the passwords (if you happen to leave your phone unattended, for example). Users can also elect to use their device’s fingerprint scanner to unlock the app. This is an easy and effective way to increase the security of passwords, which means that even if a hacker installs a trojan they will not be able to get into your passwords remotely (whereas using the PIN a trojan with a keylogger for mobiles could theoretically get your code). 

Once the mobile app is installed, it will prompt you with the Myki logo each and every time a login page is detected. Once a password has been successfully entered into the local device’s storage space, auto-login will enable you to enter services without needing to remember or enter your password. In order to use this feature, you will need to enable overlay and enable accessibility.

Importing passwords from a previous password manager can be handled using a CSV, XLS, or XLSX file. It is also possible to import them directly from Chrome, Dashlane, LastPass, and various other providers. We found the process easy using any of those methods.  

import passwords to Myki 

If you do have any trouble, the firm supplies guides to help you out. If you want to import to a mobile from a password manager or Chrome, you will need to do it via the extension in Firefox or Chrome; this is the only way to get them over to your mobile. 

Once you have imported your files from your previous password manager, you are ready to sync across devices. Again, this is provided for within the apps, and syncing is extremely easy from any mobile device to the extension or desktop app. However, it does require you to have the mobile app already set up, which is unusual.

We tried the Chrome and Firefox extensions, and both are a doddle to set up and use. After launching them, you are asked to scan the QR code with your mobile device which allows them to automatically sync. 

Use Myki on mobile

This process passes your password across and also allows your mobile device to start automatically backing up your encrypted passwords to your computer (which means that if you lose your phone; you will be able to get them onto your next device; as long as it has the same phone number). 

Having scanned the code in the extension with your phone, the app will register your extension on the screen with a bug green shield symbol To disconnect the two apps at any point; simply tap the extension in the mobile device and click the big red disconnect button.

Of course, you can just add passwords as you go along if you have never used a password manager before. 

A password generator function is available in all the apps and extensions, this allows you to produce robust passwords for protecting your accounts. These can be set to be up to 200 characters long and can include numbers and special characters. 

create passwords on Myki

Both the Windows version and its mobile counterparts provide some nice extra functions too;  such as being able to save payment information and card details, a secure notes feature for creating encrypted notes, an ID cards feature for saving things like passport or driving license information, and an identities feature for saving your name, gender, address, and other personally identifiable information. These features can be used to autofill forms as you go about using the internet. 

 The service is fully equipped with the ability to auto-fill passwords, and it is able to automatically detect password forms. This allows it to learn your passwords as and when you enter them. This makes Myki a breeze to use, and it can definitely be considered good for newbies - who are only just getting into the world of password managers. However, Myki will not autofill longer forms with data such as your ID info - so these do have to be manually copied across.

It has to be said that one of the nicest things about Myki, is that it is almost identical on all devices, and in the extension. This means you gain familiarity with how it works no matter which version you happen to be on.

 Also worth a mention:  syncing your account from a mobile to a PC can create an encrypted backup of your passwords. This can be accessed if you lose your mobile device. If your Myki Mobile App is paired to your Myki Browser Extension, you will be able to create these backups - which are stored in a folder called "Myki Backup Files" within your "Downloads" folder.

 There can be no doubt that Myki has created a well-rounded password manager with strong User Experience at its core. It is feature-rich, and, considering that it is free it is a superb option for non-techy users who do not have a severe threat model. Other notable features include being able to securely share passwords securely with other Myki users. Handy if you do want to pass someone a password without writing it out in plain text online. 

 Finally, Myki does provide an in-depth reporting feature, that allows team users to check analytical data to find out how many users there are, who logged in last, the most and least used logins, and even account and browser usage. This kind of data can be extremely useful for admin purposes and tracking the use of passwords across a business or organization. 

Privacy and security

Myki ensures that your traffic is always encrypted between your devices and its servers. It also encrypts your passwords when it passes them from the client to the browser extension. All traffic to Myki servers is protected with SSL/TLS (HTTPS). We checked the service using Qualys SSL Labs and were happy to find that it scored an A+, this means that data is secure while it is in transit. 

Passwords sent between the client and the browser extension are also protected with strong AES 256 encryption. This ensures that nobody can intercept those passwords as they are sent to your browser to fill forms. Shared passwords are encrypted using military-grade AES-256 with RSA-2048.

For privacy reasons, Myki says it will never store your passwords on its servers. Passwords are always stored locally either on your computer or mobile device. Users retain complete control over their encryption key and master PIN, and if your PIN is lost, you will not be able to access your passwords anymore. Myki can never recover your account PIN, so you must take great care to ensure it is memorable. 

One thing to note is that devices sync using a proprietary algorithm that the firm developed itself. We pushed its customer support for more details, but they could only tell us that they couldn’t say more because it is proprietary. They did assure me that data is always secured using end-to-end encryption between devices, and that the Myki server only ever acts as a “zero-knowledge relay that transports the encrypted data between devices”. 

As it is proprietary, however, it is impossible to verify whether the encryption is fully robust. The same is true of the clients. Myki is closed source, which means that you do have to take the firm at its word when it describes the security and privacy provided by across its platforms. As is always the case with proprietary software, it is impossible to verify those claims because nobody can audit the software. Depending on your threat model this may be enough to put you off the service. 

Signing up to the mobile version of Myki requires you to hand over a phone number. According to the firm they “need to verify your phone number to recover your account in case something happens to your phone”. At first this appears to make little sense (considering that the passwords are only ever stored locally and the firm can not recover your account if you lose your master PIN). 

Having to supply a phone number is extremely off-putting, and maybe enough to make you want to look elsewhere. For the sake of trying the mobile clients, we decided to hand over our phone number as requested. We also went ahead and contacted support to find out exactly why they need our phone number, they told us:

“Backups are created using a randomly generated key which is stored on our servers in a way that allows you to prove your ownership of the phone number that you signed up with alongside the existence of this specific backup file whenever you need to restore. 

“When you want to restore, your app needs two things: 1) the private key associated with your phone number and 2) the encrypted backup file with the associated backup ID. This ensures that having a backup file without the phone number associated private key is not enough and having access to the phone number without the physical backup file is not enough.” 

Considering that other firms provide password management across devices without a phone number, this seems unnecessary. To decode the above; you register with your phone number and then make a backup of your data encrypted on PC. From that point on, if you lose your phone you can login and register from a new phone that has the same number as before. 

The backup is then wiped from your old phone for security purposes, and you can restore your data using your new device from the PC backup you previously made. Of course, this could all be handled with a master password just as easily, without the need for them to poach your phone number. And, we can’t fully fathom why you would need to recover from this backup rather than just re-sync your data from the Windows, Mac, or iOS version of Myki with the QR code (if you use it on multiple devices) which is a feature you are allowed to use anyway.

Finally, the firm does admit that it stores metadata. We delved into the privacy policy to find out exactly what it collects. While the policy does appear to be GDPR compliant, it does not disclose exactly what metadata is being collected. However, we presume that it is collecting user IP addresses. We were also able to ascertain that the firm collects your device version, device type, and local WiFi SSID (by looking in settings within the mobile app). 

Customer support 

One of the nice things about Myki is that it has live chat support available on its website. We tested the agents and found them to be extremely knowledgeable and helpful. Thus, this is a hugely helpful resource that is even available to non-subscribers. What’s more, it is available 24/7 which is truly superb. 

In fact, we have never reviewed a password manager with better customer support than Myki, it is truly in a league of its own. We asked a number of random questions and were always forwarded to useful guides and information that satisfied our needs. In addition, they remained extremely calm and rational when challenged on specifics. We cannot rate this customer service team highly enough.

Where guides are concerned, Myki has plenty and they are all of an excellent quality. This is great for any beginners struggling to get to set up.  In addition, the firm provides a blog and a FAQ section that permit you to find information quickly if and when you need it.

Conclusion

Myki is an interesting and unique free password manager that is easy to get used to - and that provides fantastic functionality across platforms. Setting it up and using the apps is a simple process, which makes this password manager excellent for beginners. 

Local password storage means that passwords are never stored online, and full control over the master PIN means that only the user has control over accessing their passwords. Automated encrypted backups is a nice touch, and means that as long as you sync across devices, you will be able to use your phone number to authenticate and have your passwords restored to your new device.

On the other hand, this service is closed source and does require users to hand over a phone number. Myki is based in New York according to their rep Luna Chawa. This is not a particularly great place for privacy, because the firm could be served a gag order and warrant. The firm also has offices in Beirut, Lebanon. On the plus side, Myki's servers are in Ireland, which  is known to have some of the best data protection laws available. 

While some of these factors may put some people (with an elevated threat model) off the service, we think that for the vast majority of people this is a sound password manager that gets the job done admirably. If you want a password manager that is zero fuss, and that has 24/7 live chat manned by agents who truly care; this service is a great option. Best suited to mobile users who also have a PC or laptop.

0 User Reviews

Leave a Review

Your comment has been sent to the queue. It will appear shortly.

Thanks for your review!

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 

9 Comments

Mr Turtle
on August 12, 2021
I recently tried their Myki password offering and found it really nice with two exceptions, 1 - There is no extra field support, you cant store any extra details or create fields to store stuff about an account, you can however pay a one off fee to allow "Pro" features like this on the mobile version but this hasnt been added across to any of the other versions, ie, not on the desktop, mini or extension which some other password managers do for free and is very flexible. The PIN number is a concern for most people I talk to, 6 chrs is short especially as its only digits although they do have a brute force lock out that grows with each failure after the first 5 I think. 2 - You have to hand over your mobile number as is said in the review but for corporates this means anyones phone, personal or corporate then has access to your corporate passwords where ever they go and you have limited control over what other devices that user decides to sync it with, leaving you with a control nightmare as you could have to keep kicking users devices off the system each time they add any more than they should do. Until they make a truly corporate version or sign up by email, I dont see many companies going for this kind of loose control, especially if that user has the key to the kingdom.
F. D. Bryant III
on July 27, 2021
I love the idea behind this and have been considering hacking together something similar using KeePass and Syncthing but being closed-source is kind of a deal-breaker for me. I used Lastpass for years and only switched away to Bitwarden recently due to policy changes. One of the reasons I went with Bitwarden was because they are open source and regularly audited. Even though I can't verify the code myself and any risk is probably minimal (at least to me) I just can't see a reason for going with a closed-source password manager again. Shrugs, I love the idea of keeping my passwords (and other data) only on my devices. Maybe I'll revisit self-hosting Bitwarden or my KeePass/Synclthing idea.
Al Martinsen
on February 14, 2020
I discovered this app today thanks to the Firefox addons site and I have to say I'm impressed. I'm a Mac user and used 1Password for some years until they pushed their own cloud service with a prohibitive price (we are a family of two members and +50$ for just two users for simply storing passwords in a database is way too much to me). Then I tried Bitwarden during a year and it's: boring, slow and unstable. Today it was the icing on the cake when it froze several times trying to login on my iPhone. I begun testing this app and my jaw has dropped: it's fast, beautiful, simple, and powerful. And the fact that the database is stored on my devices is good enough for me, even if they collect my phone number (I better give away my phone number that my database). Also, there's an amazing feature I don't know why is not more excitement about: 2FA embedded on the same app: I changed my Evernote 2FA to use Myki instead of Authy (the one I'm using now) and again: After opening a tab with Evernote site, I just tapped on the owl, my user and password were pasted, then the 2FA field came and the one time code was generated and pasted on the fly, without me doing anything! That's a dream come true!! I just wanted to share my excitement :). Please, Myki, keep the good job and keep it stable. By the way, the only thing I don't like is the name and the logo: I like owls, but I find it difficult to link that name with that logo and with security ;)
me replied to Al Martinsen
on March 22, 2020
@Al Martinsen So you missed something. Bitwarden also has 2FA auth integrated
Lukas replied to me
on June 1, 2020
Please consider that 2FA functionality is free on Myki but not on bitwarden.
NeilC
on February 6, 2020
That 6 figure PIN is a concern. Seems to me that one of Myki's main selling points is its supposed improvement in security due to the data not being held on a public server, but rather your own devices. People I know using it will often have a copy on a phone, PC/server or whatever. If one of those computer's is hacked then the only thing between the hacker and the passwords is a 6 figure PIN. I've not seen any evidence of lockout or even rate limiting on the PIN entry which means attackers would be able to try all possible combinations - which is only a million - a trivially small number for an automated process.
Marnix replied to NeilC
on April 5, 2020
Untrue according to this forum post: https://www.reddit.com/r/MykiSecurity/comments/alb90y/more_detailed_information_on_security/

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: