Options

• Safe Login
• Register
• Administration
• SMS Subscription

About KYPS

• Security
• Ease of use
• Comparison of technologies

How it works

• Technical Overview
• Cookie and Link Encryption

News

Mac spyware infiltrates popular download sites [Jun 1st, 2010]

Hacker sells 1.5m stolen Facebook username/passwords [Apr 25th, 2010]

Qakbot Steals 2GB of Confidential Data per Week [Apr 22nd, 2010]

Botnet used to steal credentials of over 800K users [Mar 3rd, 2010]

Stealing passwords advertised as major feature of new crimeware toolkit [Feb 10th, 2010]

German cops bust cybercrime forum [Mar 4rd, 2009]

Firefox plug-in Trojan harvests logins [Dec 8th, 2008]

can I trust KYPS?

Before using KYPS, you should ask yourself this question. This page explains a few facts about KYPS that are intended to help you find an answer. You are also encouraged to read the overview and the FAQ which contain additional information. Please do not hesitate to contact us if you still have questions.

fact 1*

The KYPS server does not store your password (unless you instruct it to). It doesn't need to. This means that, even if someone physically steals (or some government agency confiscates) the KYPS server, no information about your password will be found (apart from the fact that it must be between 3 and 18 characters of length, since KYPS does not support passwords outside this range).

fact 2*

You do not even have to tell KYPS your password in order to obtain one-time codes. You can obtain your one-time codes without giving your password to KYPS. The KYPS server needs to know your password only at the moment you are trying to log into your account, and reconstructs it using the one-time code you supply. Therefore, you can register with KYPS and obtain one-time codes, but only trust it with your password when it is absolutely necessary, i.e. when you are actually using an untrusted computer. Remember, as soon as your (reconstructed) password has been used to log you into the website, KYPS immediately deletes it from its memory, in accordance to FACT 1.

fact 3

The KYPS server is protected against unauthorised access. We do everything we can in order to ensure that the KYPS server, which is physically located on private premises, is free from unauthorised access; this includes - but is not limited to - appropriate firewall policies, strict input validation, and regular manual inspection for any irregularities. The only person that has administrative access to the KYPS server is Andreas Pashalidis.

fact 4

KYPS gives you the following choice: either trust the computer that you use for logging in, or trust KYPS. We think that trusting KYPS is a good choice in many cases. Why? Because even if the owner/operator of a public computer is honest, it may still be possible for anyone to install a keylogger or other spywares. In such cases, one does not only have to trust the owner/operator of the public/shared computer, but also every single person who used that computer before, and that could have installed some spyware without the owner's/operator's knowledge. By contrast, the KYPS server has been specifically designed to protect the confidentiality of the user's password, and is protected against unauthorised access.

*clarification

Facts 1,2,3, and 4 apply as long as you do not register the password of your account. Once you register it (thereby instructing KYPS to permanently store a copy of it), obviously only facts 3 and 4 apply.