-1

MyKi.co claims to be able to transfer your passwords securely from your iOS device to the macOS without having to relay through their own servers. But how is this possible?

"Your sensitive data is not stored in the cloud." -> https://myki.co/faq

It sounds like a spoof? It is not done through bluetooth or wifi apparently.

FooBar
  • 139
  • 5
  • 1
    it claims it's not _stored_ in the cloud, NOT that it never _visits_ the cloud. that said, they could use webRTC data channels to easily P2P the data after an initial cloudy handshake. – dandavis Sep 28 '17 at 20:55

1 Answers1

1

Your passwords are relayed through Myki servers but they are not stored there.

When you need to login on your computer:

  1. the extension sends a login request to your phone.
  2. When you approve the login request on your phone, your passwords are encrypted with an AES256-CBC key that is generated by the extension that you optically scan when you pair the phone with the browser
  3. the password is sent through our relay servers to the extension that decrypts it and injects it in the page.

So, your passwords are not stored on our servers. The servers act as a relay between your phone and your computer.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Antoine Vincent Jebara
  • 11
  • 2
  • 1
    Are you affiliated w/ that particular company? If so, as your text (“our servers”) suggests, please disclose that:) – Tobi Nary Oct 29 '17 at 14:15