Well, I don’t know if you missed my content but I have been really busy lately with other things (majorly, redesigning this website, then almost goofing it up, then finally done!). Anyway, without wasting your next 2-5 minutes that you will be here, let me just start!
Yep! I use a password manager
I’ve heard many times about these things that you shouldn’t be using one, as the app-makers are anyway watching you in spite of their so many declarations that they don’t, you should instead write them in some book or paper and keep it super-secure and indeed try to remember the most secure and confidential ones and noting them down anywhere!
My only answer to the above guidance is “I can’t be any of those persons ‘absolutely’, hence I choose the mid-way” (gray areas as they say in so many management books). Here is my approach to passwords:
- I remember password which I frequently use and which I consider to be the most secure
- I am too lazy to write down passwords on paper and even keep it safe and referring them back everytime when needed for websites I seldom / not so frequently visit.
- Also, I am too paranoid to use a cloud-based password manager.
When I came across MYKI (which was only a few months back), I was really pleased to realise as to how my void of those requirements was fulfilled!
Yes, even this app too claims it doesn’t store any data (except the mobile no. which is used “to allow you to restore your data to a new device, to be able to send you notifications and to enable credential sharing between users.” – These are MYKI’s words and not mine and for that ‘sharing’ part you have a feature in-app to do so). The difference here is that MYKI shows it right on your face that no data is saved on the cloud because this app does not have any web-based logins. The only limited ways you can use it is, by an app on your phone or your PC or through it’s browser extension.
The way how MYKI works is through locally installed apps only; you want to use it on another device simultaneously you need to authorize it through the one where you have this app installed on; which is what no app, as far as I know, offers. Hence, I have concluded to consider it as secure! Below are some screens to add a device:
Oh, 2FAs (TOTPs) too can be added here!
If you are the person who prefers the ‘all in one’ approach to things, then you can add your 2FA tokens too here. Well, I have an entire write up on 2FAs and an app that handles it well! I am not the person who will use 2FA with my password manager because I don’t want any single point of failures (never keep all fruits in one basket). So I always use authy for it!
Apart from passwords and 2FAs you can even add other things such as other form filling related details (eg: address), secure notes, ID cards and even payment cards (again I am not very much comfortable storing card information not only here but anywhere, infact!)
Autofill + Authorisation for logins
While Autofill is a given in any password manager these days, MYKI even offers authorised logins while using the app / extension on the PC.
Example: You want to login to Twitter on your PC and have saved the password in MYKI (& even have the browser extension)
- While logging in on twitter.com, you will get a popup to use autofill using MYKI. Tap it
- You will get a notification on your phone to authorize your sign in (if you use MYKI as a 2FA authenticator too then it will even auto-fill that for you!)
- The password will be auto-filled and I can now simply login
Backup prompts (annoying but good in a way)
Auto-backups happen only when MYKI is installed on your PC, not on your phone (which is a bummer and I will cover it again in the end along with some other things that bug me!); on your phone you will often (okay, each time you open the app) get backup prompts to backup your passwords on your phone (or your PC via QR code scanning).
Backup files are completely encrypted (open that file in a text editor and tell me if you understand anything there). Additionally below is my paranoid’y approach to backup:
- Back it up on my phone
- Create a zip file of that backup
- Password protect that zip file
- Saving a copy of that zip file on my local PC
- Doing the above activity everytime when I add any password to MYKI
While those prompts are really annoying, I have pretty much convinced myself to treat as useful reminders – exactly what it intends to be!
Enabling / Disabling screenshots
Pretty self-explanatory, but I am glad it’s there! (specially helped when writing this article!)
The people sharing their Netflix subscription with their family and friends will find this handy.
MYKI users can share passwords among themselves, so whenever the initiator changes the password, it gets shared with peers if enabled! (pretty neat!)
Shared passwords appear in the sharing center.
No password manager is complete without a password generator and MYKI has it. So are you too lazy to think of a new password you want to set? or are out of ideas or combinations to think of one? The password generator will generate a totally random password for you and you can even set criteria such as the length, conditions (uppercase, lowercase, characters, alphanumeric, etc.), etc and it will display you strings of characters in real-time. Once decided, you just need to copy it!
Pro features (trust me you can skip these!)
While MYKI is completely free to use it offers some additional features such as ‘Tags’, making profiles, custom images for each password. And even custom fields while setting passwords (such as security questions can be added). I am completely of the view that none of these are features one would even require. Seriously you can ignore the Pro bundle (by the way it costs ₹890 ($12)
The design is very straight forward – relevant bottom bars, snappy interface, reliable autofill (I’ve tried Lastpass’s autofill on android, it rarely worked ☹), etc. Also a pro-tip, Tap on the bottom bar in the passwords section again and again and you can cycle through the different tabs
However, there are few things which indeed bug me and they aren’t only the design:
- The settings section needs to be improved. Open it and there are no ‘settings’, only the device info! Okay, Scroll down till the end and you will find two options – Enabling/Disabling screenshots and Delete Account.
By nature, yes they need to be at the end, not easily accessible, but not that is when you even have other settings to offer. There are freaking only 2 of these options and IMO displaying Device Info under this section is by no means a good sign of ‘good usability’. If MYKI team anyway happens to read it, please reconsider tweaking it! 🙁
- Cross-platform inconsistencies: This is really a thing, I just don’t understand why there are noticeable UI differences between the android and the iOS counterpart?
Have a look for yourself – The iOS app has a bit modified bottom bar (with a very prominent ‘Add’ button in the middle). While the android app is very basic.
Also, the iOS app even offers showing recently used passwords for quick access and some other details too and there more section is more clean and even has a search option to search for settings (which are entirely missing in android)
- No light theme 🙁
The default dark theme is meant to be used in the nights.
- I am nitpicking now but I have even highlighted this on Twitter, while MYKI’s twitter account usually responds to user queries, they did not respond to it…
- I already mentioned it before, while there is an auto-backup functionality on app PC, the same is not offered on mobile devices for reasons unknown!
Finally! some tips from me…
While the app is secure, in order to develop a more secure environment for your passwords in general, here are things that I would suggest:
- You can open the app using your on-device biometrics and by even a custom PIN. I would really suggest avoiding biometrics because If someone happens to add his/her biometrics on your device then even that person will now be able to access the app compromising security. Hence, using a custom PIN will greatly avoid this single point of failure!
- Would suggest my approach to backup passwords
- Avoid adding (or even writing down) passwords which in your opinion are of the most confidential nature and even those which might cause a single point of failure (for example: a Google/Microsoft account password compromise can leave you out of your own emails, contacts, calendars, activity data, files, etc.)
- Wherever possible use 2-Factor Authentication (can refer my article on it here)
One last thing I would like to point out. All the Cyber Attacks that happen, all of them have only 1 single point of failure – Human Negligence & Lack of Awareness. So as RBI says, “Jaankaar Baniye, Satark Rahiye!” (Stay Informed, Stay Alert!)
Let me know down in the comments section, your thoughts on passwords management!