Myki is a closed source password manager app that has been downloaded over 100,000 times from the Google Play Store. It is a software solution that permits consumers to protect multiple accounts with robust passwords; without the hassle of needing to remember them. Myki appears to have a great reputation with consumers, receiving a 4.4 score on the Play Store and a 4.6 on Apple app store. So, is this password manager all it is cracked up to be? And is it worth spending your money on?
As is the case with other password managers, Myki provides consumers with the ability to protect an unlimited number of passwords within a centrally encrypted repository. This allows users to remember just one master pin (or use biometrics) to log into any number of online services and accounts.
Myki is available across all platforms, which is great. And it even provides handy extensions for Chrome, Firefox, Safari, Edge, and Opera. Linux apps are also a unique selling point for this particular password manager.
Where price is concerned, users can enjoy this password manager for free. However, users can upgrade to premium by paying a one-off fee of $9.95. Those extra features are:
- Custom tags for organizing passwords, cards, IDs, etc.
- Custom account images for accounts using photos from your gallery
- Custom profiles for making a separate work and personal profile, for example
- Custom fields for applying to your items.
Only teams need to pay in order to have access to the password manager across their workforce. And, it has to be said that at a cost of $3.99 per month and $35.88 per year (the equivalent of $2.99 per month) this is not a massively expensive password manager for organizations that need one.
Getting Myki setup is easy, the app can be accessed for either desktops or mobile devices on its website. Mobile users also have the option to download it from their regular app store. We downloaded the most recent versions for Windows, Android, and iOS.
During the desktop installation, users must agree to the terms of service. Users can elect to install the software to work for all Windows PC users - or only their specific login (mypc).
Once Myki has installed, it will run automatically. Installing the app on mobile devices involves providing a number of permissions for the service to work.
Ease of Use
Myki is a password manager that is extremely easy to get used to, it is the definition of polished functionality. The password manager is friendly on the eyes, and finding each setting is not complicated or tricky (as it can be on other password managers). What is unique about this password manager is that it is primarily designed to work from a mobile device to a browser extension (rather than from a desktop to a mobile device - which is the norm elsewhere).
When installing the mobile version, users are asked to enter a pin. This ensures that the app can lock up and withdraw access to the passwords (if you happen to leave your phone unattended, for example). Users can also elect to use their device’s fingerprint scanner to unlock the app. This is an easy and effective way to increase the security of passwords, which means that even if a hacker installs a trojan they will not be able to get into your passwords remotely (whereas using the PIN a trojan with a keylogger for mobiles could theoretically get your code).
Once the mobile app is installed, it will prompt you with the Myki logo each and every time a login page is detected. Once a password has been successfully entered into the local device’s storage space, auto-login will enable you to enter services without needing to remember or enter your password. In order to use this feature, you will need to enable overlay and enable accessibility.
Importing passwords from a previous password manager can be handled using a CSV, XLS, or XLSX file. It is also possible to import them directly from Chrome, Dashlane, LastPass, and various other providers. We found the process easy using any of those methods.
If you do have any trouble, the firm supplies guides to help you out. If you want to import to a mobile from a password manager or Chrome, you will need to do it via the extension in Firefox or Chrome; this is the only way to get them over to your mobile.
Once you have imported your files from your previous password manager, you are ready to sync across devices. Again, this is provided for within the apps, and syncing is extremely easy from any mobile device to the extension or desktop app. However, it does require you to have the mobile app already set up, which is unusual.
We tried the Chrome and Firefox extensions, and both are a doddle to set up and use. After launching them, you are asked to scan the QR code with your mobile device which allows them to automatically sync.
This process passes your password across and also allows your mobile device to start automatically backing up your encrypted passwords to your computer (which means that if you lose your phone; you will be able to get them onto your next device; as long as it has the same phone number).
Having scanned the code in the extension with your phone, the app will register your extension on the screen with a bug green shield symbol To disconnect the two apps at any point; simply tap the extension in the mobile device and click the big red disconnect button.
Of course, you can just add passwords as you go along if you have never used a password manager before.
A password generator function is available in all the apps and extensions, this allows you to produce robust passwords for protecting your accounts. These can be set to be up to 200 characters long and can include numbers and special characters.
Both the Windows version and its mobile counterparts provide some nice extra functions too; such as being able to save payment information and card details, a secure notes feature for creating encrypted notes, an ID cards feature for saving things like passport or driving license information, and an identities feature for saving your name, gender, address, and other personally identifiable information. These features can be used to autofill forms as you go about using the internet.
The service is fully equipped with the ability to auto-fill passwords, and it is able to automatically detect password forms. This allows it to learn your passwords as and when you enter them. This makes Myki a breeze to use, and it can definitely be considered good for newbies - who are only just getting into the world of password managers. However, Myki will not autofill longer forms with data such as your ID info - so these do have to be manually copied across.
It has to be said that one of the nicest things about Myki, is that it is almost identical on all devices, and in the extension. This means you gain familiarity with how it works no matter which version you happen to be on.
Also worth a mention: syncing your account from a mobile to a PC can create an encrypted backup of your passwords. This can be accessed if you lose your mobile device. If your Myki Mobile App is paired to your Myki Browser Extension, you will be able to create these backups - which are stored in a folder called "Myki Backup Files" within your "Downloads" folder.
There can be no doubt that Myki has created a well-rounded password manager with strong User Experience at its core. It is feature-rich, and, considering that it is free it is a superb option for non-techy users who do not have a severe threat model. Other notable features include being able to securely share passwords securely with other Myki users. Handy if you do want to pass someone a password without writing it out in plain text online.
Finally, Myki does provide an in-depth reporting feature, that allows team users to check analytical data to find out how many users there are, who logged in last, the most and least used logins, and even account and browser usage. This kind of data can be extremely useful for admin purposes and tracking the use of passwords across a business or organization.
Privacy and security
Myki ensures that your traffic is always encrypted between your devices and its servers. It also encrypts your passwords when it passes them from the client to the browser extension. All traffic to Myki servers is protected with SSL/TLS (HTTPS). We checked the service using Qualys SSL Labs and were happy to find that it scored an A+, this means that data is secure while it is in transit.
Passwords sent between the client and the browser extension are also protected with strong AES 256 encryption. This ensures that nobody can intercept those passwords as they are sent to your browser to fill forms. Shared passwords are encrypted using military-grade AES-256 with RSA-2048.
For privacy reasons, Myki says it will never store your passwords on its servers. Passwords are always stored locally either on your computer or mobile device. Users retain complete control over their encryption key and master PIN, and if your PIN is lost, you will not be able to access your passwords anymore. Myki can never recover your account PIN, so you must take great care to ensure it is memorable.
One thing to note is that devices sync using a proprietary algorithm that the firm developed itself. We pushed its customer support for more details, but they could only tell us that they couldn’t say more because it is proprietary. They did assure me that data is always secured using end-to-end encryption between devices, and that the Myki server only ever acts as a “zero-knowledge relay that transports the encrypted data between devices”.
As it is proprietary, however, it is impossible to verify whether the encryption is fully robust. The same is true of the clients. Myki is closed source, which means that you do have to take the firm at its word when it describes the security and privacy provided by across its platforms. As is always the case with proprietary software, it is impossible to verify those claims because nobody can audit the software. Depending on your threat model this may be enough to put you off the service.
Signing up to the mobile version of Myki requires you to hand over a phone number. According to the firm they “need to verify your phone number to recover your account in case something happens to your phone”. At first this appears to make little sense (considering that the passwords are only ever stored locally and the firm can not recover your account if you lose your master PIN).
Having to supply a phone number is extremely off-putting, and maybe enough to make you want to look elsewhere. For the sake of trying the mobile clients, we decided to hand over our phone number as requested. We also went ahead and contacted support to find out exactly why they need our phone number, they told us:
“Backups are created using a randomly generated key which is stored on our servers in a way that allows you to prove your ownership of the phone number that you signed up with alongside the existence of this specific backup file whenever you need to restore.
“When you want to restore, your app needs two things: 1) the private key associated with your phone number and 2) the encrypted backup file with the associated backup ID. This ensures that having a backup file without the phone number associated private key is not enough and having access to the phone number without the physical backup file is not enough.”
Considering that other firms provide password management across devices without a phone number, this seems unnecessary. To decode the above; you register with your phone number and then make a backup of your data encrypted on PC. From that point on, if you lose your phone you can login and register from a new phone that has the same number as before.
The backup is then wiped from your old phone for security purposes, and you can restore your data using your new device from the PC backup you previously made. Of course, this could all be handled with a master password just as easily, without the need for them to poach your phone number. And, we can’t fully fathom why you would need to recover from this backup rather than just re-sync your data from the Windows, Mac, or iOS version of Myki with the QR code (if you use it on multiple devices) which is a feature you are allowed to use anyway.
One of the nice things about Myki is that it has live chat support available on its website. We tested the agents and found them to be extremely knowledgeable and helpful. Thus, this is a hugely helpful resource that is even available to non-subscribers. What’s more, it is available 24/7 which is truly superb.
In fact, we have never reviewed a password manager with better customer support than Myki, it is truly in a league of its own. We asked a number of random questions and were always forwarded to useful guides and information that satisfied our needs. In addition, they remained extremely calm and rational when challenged on specifics. We cannot rate this customer service team highly enough.
Where guides are concerned, Myki has plenty and they are all of an excellent quality. This is great for any beginners struggling to get to set up. In addition, the firm provides a blog and a FAQ section that permit you to find information quickly if and when you need it.
Myki is an interesting and unique free password manager that is easy to get used to - and that provides fantastic functionality across platforms. Setting it up and using the apps is a simple process, which makes this password manager excellent for beginners.
Local password storage means that passwords are never stored online, and full control over the master PIN means that only the user has control over accessing their passwords. Automated encrypted backups is a nice touch, and means that as long as you sync across devices, you will be able to use your phone number to authenticate and have your passwords restored to your new device.
On the other hand, this service is closed source and does require users to hand over a phone number. Myki is based in New York according to their rep Luna Chawa. This is not a particularly great place for privacy, because the firm could be served a gag order and warrant. The firm also has offices in Beirut, Lebanon. On the plus side, Myki's servers are in Ireland, which is known to have some of the best data protection laws available.
While some of these factors may put some people (with an elevated threat model) off the service, we think that for the vast majority of people this is a sound password manager that gets the job done admirably. If you want a password manager that is zero fuss, and that has 24/7 live chat manned by agents who truly care; this service is a great option. Best suited to mobile users who also have a PC or laptop.