Media & Entertainment

Myki rolls out a password manager that locks all your info away on your phone

Comment

Image Credits:

Everything is getting hacked to the point that it’s getting kind of ridiculous — and everyone needs to have secure passwords. The trouble, however, is making them tough to crack and also being able to remember them. That’s led to a blossoming ecosystem of password management services like OnePassword.

But if you ask Antoine Vincent Jebara and Priscilla Elora Sharuk, that’s not going far enough. Instead of locking those passwords away online and accessing them when you need to log in, their startup Myki looks to keep them locked away on your phone instead. Users can activate the Myki Chrome extension to log into various services through their phone, but the passwords are never kept on remote servers — and even administrators don’t know what they are once new passwords are issued. The company launched at TechCrunch Disrupt SF 2016.

“A big concern is the passwords are still in the cloud and people don’t want them to have access,” Jebara said. “Even when it comes to lawful access, in our case we don’t hold any sensitive info, which you can’t give away. We don’t want to have it, it’s your right to own and known where your proprietary data is.”

Here’s how it works: When a user decides to log into a service — it can be anything, really — they’ll choose to log in through Myki. They then authenticate that login on their phone through the Myki app, which is locked by fingerprint or PIN in addition to managed remotely, and the password and login is dropped into the browser.

Through an administrative panel, users can authorize a variety of services, whether traditional browser logins or complex enterprise software, for login through Myki. The company generates passwords for those services that are then passed over to the phone and kept there instead of online. The passwords and login signals relay back and forth from the phone in order to log into various services, and administrators can assign passwords to be reset on a regular basis.

Myki is also constantly reporting back information about the logins. The administrative panel logs physical addresses, phone status (even battery level), IP addresses, geographic area, times and other kinds of irregular behavior, aiming to keep as many tabs on your password usage as possible. If something gets breached (through user fault or just a general hack) administrators can instantly trigger a mass reset, issuing new passwords to every user. Users operate the app using their phone number rather than typical credentials in an attempt to ensure that everything revolves around owning and operating a phone.

myki“What interests us is that the user is the owner of the phone,” Jebara said. “If GitHub gets breached, you need to do a mass reset of passwords — this takes time in the enterprise, and you have to pray for [users] not to change the password with only a slight variation.”

The goal here is to ensure that passwords remain complex, difficult to crack and easily accessible. Users have the option of looking at the passwords within the app (though an administrator can actually disable this, even though they don’t actually have access to the password), but they are designed to be kept on the device and away from remote servers that could potentially be breached.

The device control can be extremely granular, all the way to allowing only certain IP addresses (such as in the case of different floors on buildings of larger companies) or even locking geographic regions. That’s important to keep the right apps only being used at the right time and making sure everything is used in a secure environment.

Here’s another cool one: Users can actually share their login credentials with one another on a highly regulated basis. So if I need to give one of my colleagues a login to Getty or Shutterstock, for example, I can authorize them to use my account on a limited basis, and revoke that access at any time. Again, they’ll never see the password — that’s just for the account owner.

Right now, the company isn’t built into various mobile device management providers, but that’s another welcome opportunity, Jebara said. “We like the idea of bundling with MDM providers because they do root detection. If you root your phone that’s where we draw the line. If you use an MDM provider and push the key, they do root the detection, and we do access management, and it becomes more powerful.”

There’s always a risk for sticking all your passwords in one place. If your phone is compromised for some reason, like stolen by someone who somehow manages to crack the core iOS security and Myki, they’ll have access to everything to which you’ve given Myki access. To get around that — obviously use all the existing security features — Myki users can quickly revoke access to the device.

Right now the company is targeting companies as primary providers, but there’s obviously a consumer hook to it, as well. If users start relying on it for their traditional work login, they may want to tie in their Gmail and Facebook passwords — and IT managers won’t have access to that information, Jebara said.

There’s a reason all these password managers are reaching popularity — and companies are actively encouraging them. Often, user password behavior is pretty bad. They’ll re-use the same password for multiple accounts, the passwords won’t be strong, and they aren’t changed that often. That’s prompted a lot of breaches in the past several years, with hundreds of millions of credentials hitting the web.

With Myki, Jebara is hoping to take that level of security one step further, and make it even easier to log in and out of services. Time will tell if having everything locked away on your phone will work out in their favor — but it’s certainly something that Apple is trying to do, keeping a lot of operations on the phone instead of the cloud. The fewer the touch points where individuals can capture sensitive information, the better, Jebara said.

More TechCrunch

OpenAI is removing one of the voices used by ChatGPT after users found that it sounded similar to Scarlett Johansson, the company announced on Monday. The voice, called Sky, is…

OpenAI is removing ChatGPT’s AI voice that sounds like Scarlett Johansson

Copilot, Microsoft’s brand of generative AI, will soon be far more deeply integrated into the Windows 11 experience.

Microsoft Build 2024: All the AI and hardware products Microsoft announced

Hello and welcome back to TechCrunch Space. For those who haven’t heard, the first crewed launch of Boeing’s Starliner capsule has been pushed back yet again to no earlier than…

TechCrunch Space: Star(side)liner

When I attended Automate in Chicago a few weeks back, multiple people thanked me for TechCrunch’s semi-regular robotics job report. It’s always edifying to get that feedback in person. While…

These 81 robotics companies are hiring

The top vehicle safety regulator in the U.S. has launched a formal probe into an April crash involving the all-electric VinFast VF8 SUV that claimed the lives of a family…

VinFast crash that killed family of four now under federal investigation

When putting a video portal in a public park in the middle of New York City, some inappropriate behavior will likely occur. The Portal, the vision of Lithuanian artist and…

NYC-Dublin real-time video portal reopens with some fixes to prevent inappropriate behavior

Longtime New York-based seed investor, Contour Venture Partners, is making progress on its latest flagship fund after lowering its target. The firm closed on $42 million, raised from 64 backers,…

Contour Venture Partners, an early investor in Datadog and Movable Ink, lowers the target for its fifth fund

Meta’s Oversight Board has now extended its scope to include the company’s newest platform, Instagram Threads, and has begun hearing cases from Threads.

Meta’s Oversight Board takes its first Threads case

The company says it’s refocusing and prioritizing fewer initiatives that will have the biggest impact on customers and add value to the business.

SeekOut, a recruiting startup last valued at $1.2 billion, lays off 30% of its workforce

The U.K.’s self-proclaimed “world-leading” regulations for self-driving cars are now official, after the Automated Vehicles (AV) Act received royal assent — the final rubber stamp any legislation must go through…

UK’s autonomous vehicle legislation becomes law, paving the way for first driverless cars by 2026

ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm. What started as a tool to hyper-charge productivity through writing essays and code with short text prompts has evolved…

ChatGPT: Everything you need to know about the AI-powered chatbot

SoLo Funds CEO Travis Holoway: “Regulators seem driven by press releases when they should be motivated by true consumer protection and empowering equitable solutions.”

Fintech lender SoLo Funds is being sued again by the government over its lending practices

Hard tech startups generate a lot of buzz, but there’s a growing cohort of companies building digital tools squarely focused on making hard tech development faster, more efficient and —…

Rollup wants to be the hardware engineer’s workhorse

TechCrunch Disrupt 2024 is not just about groundbreaking innovations, insightful panels, and visionary speakers — it’s also about listening to YOU, the audience, and what you feel is top of…

Disrupt Audience Choice vote closes Friday

Google says the new SDK would help Google expand on its core mission of connecting the right audience to the right content at the right time.

Google is launching a new Android feature to drive users back into their installed apps

Jolla has taken the official wraps off the first version of its personal server-based AI assistant in the making. The reborn startup is building a privacy-focused AI device — aka…

Jolla debuts privacy-focused AI hardware

The ChatGPT mobile app’s net revenue first jumped 22% on the day of the GPT-4o launch and continued to grow in the following days.

ChatGPT’s mobile app revenue saw its biggest spike yet following GPT-4o launch

Dating app maker Bumble has acquired Geneva, an online platform built around forming real-world groups and clubs. The company said that the deal is designed to help it expand its…

Bumble buys community building app Geneva to expand further into friendships

CyberArk — one of the army of larger security companies founded out of Israel — is acquiring Venafi, a specialist in machine identity, for $1.54 billion. 

CyberArk snaps up Venafi for $1.54B to ramp up in machine-to-machine security

Founder-market fit is one of the most crucial factors in a startup’s success, and operators (someone involved in the day-to-day operations of a startup) turned founders have an almost unfair advantage…

OpenseedVC, which backs operators in Africa and Europe starting their companies, reaches first close of $10M fund

A Singapore High Court has effectively approved Pine Labs’ request to shift its operations to India.

Pine Labs gets Singapore court approval to shift base to India

The AI Safety Institute, a U.K. body that aims to assess and address risks in AI platforms, has said it will open a second location in San Francisco. 

UK opens office in San Francisco to tackle AI risk

Companies are always looking for an edge, and searching for ways to encourage their employees to innovate. One way to do that is by running an internal hackathon around a…

Why companies are turning to internal hackathons

Featured Article

I’m rooting for Melinda French Gates to fix tech’s broken ‘brilliant jerk’ culture

Women in tech still face a shocking level of mistreatment at work. Melinda French Gates is one of the few working to change that.

1 day ago
I’m rooting for Melinda French Gates to fix tech’s  broken ‘brilliant jerk’ culture

Blue Origin has successfully completed its NS-25 mission, resuming crewed flights for the first time in nearly two years. The mission brought six tourist crew members to the edge of…

Blue Origin successfully launches its first crewed mission since 2022

Creative Artists Agency (CAA), one of the top entertainment and sports talent agencies, is hoping to be at the forefront of AI protection services for celebrities in Hollywood. With many…

Hollywood agency CAA aims to help stars manage their own AI likenesses

Expedia says Rathi Murthy and Sreenivas Rachamadugu, respectively its CTO and senior vice president of core services product & engineering, are no longer employed at the travel booking company. In…

Expedia says two execs dismissed after ‘violation of company policy’

Welcome back to TechCrunch’s Week in Review. This week had two major events from OpenAI and Google. OpenAI’s spring update event saw the reveal of its new model, GPT-4o, which…

OpenAI and Google lay out their competing AI visions

When Jeffrey Wang posted to X asking if anyone wanted to go in on an order of fancy-but-affordable office nap pods, he didn’t expect the post to go viral.

With AI startups booming, nap pods and Silicon Valley hustle culture are back

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says