|
available languages: [english] [deutsch] [norsk] [ελληνικά] [فارسی] |
|
|
|
|
|
Keep Your Password Secretsafely login from internet cafés despite keyloggers and spyware |
home - how it works - faq - about us - support us - contact |
|
|
|
|
|
This page lists some frequently asked questions about KYPS and its operation. If you are using KYPS and you experience difficulties, also see "troubleshooting". If you have a question that is not answered on this site, please do not hesitate to contact us. Who should use KYPS? KYPS was developed for people who are worried that the computer they use for logging into their web-based accounts might capture their password in an unauthorised manner. If you belong to this category of people, we encourage you to use KYPS. If, however, you are not worried that the confidentiality of your password is at risk (for example because you log into your accounts only using machines that you fully control), then we strongly discourage you to use KYPS. Why KYPS? It is difficult if not impossible to log into a password-based account without disclosing the password to the used computer in one way or another; all known methods either do not hide your password, or they are very difficult to use. The KYPS service is the first and only service that is both easy to use, and hides the password against all types of spyware. See this comparison for more information. Do I have to follow any rules when using KYPS? Yes. You have to read, understand, and explicitly confirm that you agree to be bound by the KYPS terms of service and its KYPS privacy policy. Can I use KYPS to log into any website I like? Yes, as long as the website uses a username and a password as a means for authentication. Will I be safe if I use KYPS to log into my account from an untrusted computer? This depends on many things, including on what you are doing on that computer. KYPS helps you to keep your password hidden from an untrusted computer that is inspecting your input in order to capture it in an unauthorized manner. KYPS does not protect you against a computer that is trying to compromise your security in any other way. For example, KYPS does not protect you if you disclose your credit card number into the untrusted computer. How are one-time codes generated? See the overview. How does KYPS log me into the website? See the overview. Why does KYPS ask for my password? You do not have to disclose your password to the KYPS server when you register (see this page). However, as explained in the overview, the KYPS server needs to be able to reconstruct your password at login time in order to log you into the website. How does KYPS check my password? KYPS does not check the password you provide. If you provide an invalid password at registration time, the one-time codes returned to you will be useless. That is, at login time, they will cause KYPS to reconstruct the invalid password you provided, and this will obviously result in a failed login at the website. Can I use KYPS in order to log into someone else's account? No. You can use KYPS to log only into those accounts for which you know both the username and the password. I have changed my password. Are my codes still valid? No. You have to obtain new codes. To do this, first delete your current KYPS account and then create a new one. I lost my codes. What should I do? You should delete your KYPS account and, if you like, obtain a new list of codes. If you think that someone could have found your codes and could abuse them before you get a chance to delete your KYPS account, then you should change your password immediately. If necessary, you may also inform us so that we can disable your account for you. However, keep in mind that, in order for someone to be able to abuse your codes, he must also know your username at the website. Also keep in mind the KYPS terms of service to which you have to agree for using KYPS. How do I know that KYPS is not leaking my password? See this page. Why should I trust KYPS with my password? (and variants of this question) See this page. Is KYPS open-source? No. However, the predecessor of KYPS, a project called "Impostor", is open-source and freely available. Everyone is welcome to contribute to that project. However, there are significant differences between Impostor and KYPS, one being that, unlike Impostor, KYPS does not remember the user's password. Trusting KYPS would be easier if it was open-source. Why don't you make it open-source? Publishing the source code of KYPS does not automatically mean that the KYPS server executes the published code, too; it could execute some other code whose operation deviates from the published one. Therefore, publishing the source code of KYPS does not make it easier to establish trust in the service. Publishing the source code, would, however, enable others to install and operate their own "password protection proxy". For this, the predecessor of KYPS, an open-source project called "Impostor" is freely available and everyone is welcome to contribute. KYPS is meant for people who do not have the resources or the willingness to operate their own "password protection proxy". Is KYPS a phishing attempt? (unfortunately, this is a frequently asked question, perhaps because KYPS is not a big company) Absolutely not! Notable differences between KYPS and a typical phishing attempt include the following.
Who is the provider of the KYPS service? See about us. Does KYPS keep any log files? Yes. The KYPS server generates a log file of important events that occur during the operation of the service. The log file does not contain passwords of any sort and will be used in accordance with the KYPS privacy policy. What personal data does KYPS collect? In order to provide its service, KYPS asks you to provide your username for an account that you maintain at a third-party site. The KYPS server stores your username in its database in order to be able to recognise you at login time. Moreover, the server remembers the IP address of the computer you used at registration time by storing it in its database. When your KYPS account is deleted, the server deletes all information about you from its database. Note that KYPS does not share any personal data with anyone else, according to its privacy policy. Is it not against the rules to disclose my password to KYPS? We do not know the rules that you have agreed to; you should. If you do not, we recommend that you consult the terms of service that you have agreed to in the past. If you think that by disclosing your password to KYPS you are breaking any rules that you have agreed to, then we strongly discourage you to use KYPS. Remember that you have to agree to the KYPS terms of service and its privacy policy in order to use it. Is KYPS a commercial service? KYPS is not commercial. KYPS was developed during Andreas Pashalidis's spare time and is provided for free. However, we welcome your donations. Are there alternatives to KYPS? Of course there are, but, as explained in this comparison, they all have serious downsides. |
|
Copyright 2007-2008 by Andreas Pashalidis |