Options

• Safe Login
• Register
• Administration
• SMS Subscription

About KYPS

• Security
• Ease of use
• Comparison of technologies

How it works

• Technical Overview
• Cookie and Link Encryption

News

Mac spyware infiltrates popular download sites [Jun 1st, 2010]

Hacker sells 1.5m stolen Facebook username/passwords [Apr 25th, 2010]

Qakbot Steals 2GB of Confidential Data per Week [Apr 22nd, 2010]

Botnet used to steal credentials of over 800K users [Mar 3rd, 2010]

Stealing passwords advertised as major feature of new crimeware toolkit [Feb 10th, 2010]

German cops bust cybercrime forum [Mar 4rd, 2009]

Firefox plug-in Trojan harvests logins [Dec 8th, 2008]

frequently asked questions

This page lists some frequently asked questions about KYPS and its operation. If you are using KYPS and you experience difficulties, also see "troubleshooting". If you have a question that is not answered on this site, please do not hesitate to contact us.

---

Who should use KYPS?

KYPS was developed for people who are worried that the computer they use for logging into their web-based accounts might capture their password in an unauthorised manner. If you belong to this category of people, we encourage you to use KYPS.

---

Why KYPS?

It is difficult if not impossible to log into a password-based account without disclosing the password to the used computer in one way or another; all known methods either do not hide your password, or they are very difficult to use. The KYPS service is the first and only service that is both easy to use, and hides the password against all types of spyware. See this comparison for more information.

---

Do I have to follow any rules when using KYPS?

Yes. You have to read, understand, and explicitly confirm that you agree to be bound by the KYPS terms of service and the KYPS privacy policy.

---

Can I use KYPS to log into any website I like?

Yes, as long as (a) the website uses a username and a password as a means for authentication, (b) it uses a standard HTML web form in order to solicit this information, and (c) the KYPS service can automatically detect this form. For the vast majority of websites, all these conditions are met.

---

Will I be safe if I use KYPS to log into my account from an untrusted computer?

This depends on many things, including on what you are doing on that computer. KYPS helps you to keep your password hidden from an untrusted computer that is inspecting your input in order to capture it in an unauthorized manner. KYPS does not protect you against a computer that is trying to compromise your security in any other way. For example, KYPS does not protect you if you disclose your credit card number into the untrusted computer.

---

How are one-time codes generated?

See the overview.

---

How does KYPS log me into the website?

See the overview.

---

Why does KYPS ask for my password?

You do not have to disclose your password to the KYPS server in order to obtain one-time codes. However, as explained in the overview, the KYPS server needs to be able to reconstruct your password at login time in order to log you into the website.

---

How does KYPS check my password?

KYPS does not check the password you provide. If you provide an invalid password, the one-time codes returned to you will be useless. That is, at login time, they will cause KYPS to reconstruct the invalid password you provided, and this will obviously result in a failed login at the website.

---

Can I use KYPS in order to log into someone else's account?

No. You can use KYPS to log only into those accounts for which you know both the username and the password.

---

I have changed my password. Are my codes still valid?

No. You have to obtain new codes. If the password is registered, you should first register the new password with KYPS. Both these actions can be done on the administration interface.

---

I lost my codes. What should I do?

You should get new codes using the administration interface. Getting new codes for an account automatically invalidates all previous codes for that account.

---

What happens if I lose my administration code?

Then you no longer have access to the administration interface and you have to create a new KYPS account. Your old KYPS account will expire and will be automatically deleted after a certain period of inactivity. If you have a paid subscription, you can contact us and we will try to transfer any remaining funds to you new KYPS account.

---

How do I know that KYPS is not leaking my password?

See this page.

---

Why should I trust KYPS with my password? (and variants of this question)

See this page.

---

Is KYPS open-source?

No. However, the predecessor of KYPS, a project called "Impostor", is open-source and freely available. Everyone is welcome to contribute to that project. However, there are significant differences between Impostor and KYPS, one being that, unlike Impostor, KYPS does not remember the user's password.

---

Trusting KYPS would be easier if it was open-source. Why don't you make it open-source?

Publishing the source code of KYPS does not automatically mean that the KYPS server executes the published code, too; it could execute some other code whose operation deviates from the published one. Therefore, publishing the source code of KYPS does not make it easier to establish trust in the service.

Publishing the source code, would, however, enable others to install and operate their own "password protection proxy". For this, the predecessor of KYPS, an open-source project called "Impostor" is freely available and everyone is welcome to contribute. KYPS is meant for people who do not have the resources or the willingness to operate their own "password protection proxy".

---

Who is the provider of the KYPS service?

See contact.

---

Does KYPS keep any log files?

Yes. The KYPS server generates a log file of important events that occur during the operation of the service. The log file does not contain passwords of any sort and will be used in accordance with the KYPS privacy policy.

---

What personal data does KYPS collect?

See this page.

---

Is it not against the rules to disclose my password to KYPS?

We do not know the rules that you have agreed to; you should. If you do not, we recommend that you consult the terms of service that you have agreed to in the past. Remember that you have to agree to the KYPS terms of service and its privacy policy in order to use it.

---

Are there alternatives to KYPS?

Of course there are, but, as explained in this comparison, they have serious downsides.