LOADING

Stories

Lebanese startup Myki has developed an application to protect online accounts from hackers and eliminate the need to memorize passwords

News

Cybercrime is one of the biggest threats facing businesses today, causing nearly $400 million in losses every year according to British insurance firm Lloyds. With the global shift to the cloud, confidential data, payment card numbers and email accounts are at a greater risk of being stolen.

Even corporate giants such as Yahoo MailSony Pictures Entertainment and Etisalat were not immune from cybercrime incidents. Just this week, Berkley Middle East, an American training firm with a global network, said it had observed a security breach on its servers.  “We believe that the hacker has access to all email addresses of our valued customers. We notified our affected system immediately and are working on this breach of IT security,” the group wrote in a statement.

Making it easy for hackers

Websites aren’t always to blame for the hijacking. A large percentage of people rely on the same password to access multiple internet accounts, a practice that makes it easy for hackers to steal login credentials. “People in general tend to use the same password everywhere or weak variations of it. So if a hacker is able to steal one of your passwords, you lose access to all of your accounts,” says 24-year-old Antoine Jebara, who cofounded Myki in 2013 together with 28-year-old Priscilla Sharuk.

Myki is an identity management solution that bundles up features such as passwordless login, fingerprint authentication and remote logouts. It also saves users from the trouble of creating multiple passwords and having to remember them. “When you hear about all these breaches online, when they tell you that Twitter got hacked and 70 million accounts were compromised, that’s because people use the same passwords,” says Jebara.

How Myki works

To use Myki, a person first needs to add their accounts and associated login credentials to the mobile app and install a Google Chrome extension. If there are weak passwords, the software immediately detects that and suggests generating stronger alternatives. Beyond this initial set-up, whenever the user tries to log into a website or email, the app sends a request to their phone. Once the user validates it, either with fingerprint authentication or the provided pin and then the app automatically sends the username and password to that site. So let’s say for instance that you are logging in to your Gmail account, Myki would instantly detect this and send a notification to your phone. As soon as you confirm this sign-in attempt, the app directly sends your login credentials to Gmail, which means you would never have to remember them. The entire process takes seconds.

 

Making it difficult for hackers

“That’s why it becomes difficult for hackers, because every account [on Myki] has a different password and they are long and complex. You also don’t need to remember these passwords,” explains Jebara. Contrary to every identity management solution on the market, Myki stores data on mobile phones and never on the cloud. This means a hacker would need to get hold of the user’s phone, computer, and fingerprint in order to crack their password.

“There are three factors to be able to log into Myki. As opposed to today if it’s on the cloud, I could be in another country and hacking away,” says Sharuk. Research is increasingly showing the dangers of storing data on the cloud and businesses are gradually moving away from this double-edged sword.

According to Eric Chiu, president and co-founder of HyTrust, a cloud infrastructure control company, the cloud makes insider threats 10 times worse. Once an employee gives others access to their cloud, anyone can copy or steal the information on it, he explains.

Benefits for corporates

Unlike most new technologies which are usually introduced to consumers first, the Lebanese startup launched the other way round. The app was offered three years ago to businesses who were willing to test and help build the product, and 60 signed up. The plan is to launch the consumer version in the next six months.

Interestingly, last September when Jebara and Myki’s lead engineer Raja Rahbani discovered a vulnerability in Apple’s password management system, they received a great deal of media coverage that led to more than 15,000 sign-ups, many from global players.

The benefits are clearly significant for corporates as the app allows IT administrators to control the level of access an employee gets. In a standard privilege, for example, the user cannot see their password and their account access can be revoked anytime. “A big challenge in enterprises right now is when someone leaves a company and they have to revoke access to all of this person’s accounts. People tend to have several accounts often with sensitive data. What happens today is that the IT administrator goes into every single account to change the password for the user that left the company.”

With Myki on the other hand, access revocation is done with a single button. Moreover, geographic tracking enables the company to identify the source of a hacking attempt, while the other features can limit a user’s access to his workplace only.

Funding

Seeing the massive potential of Myki, the founders who bootstrapped for some time, secured funding from Dubai’s BECO Capital and Beirut’s B&Y Venture Partners. The institutional investors saw a cross-functional team that brought different skillsets to the table – Jebara’s razor-sharp technical vision along with Sharuk’s savvy business operation and marketing talents.

“I think it’s one of the rare investments that we’ve made, where we’ve found a phenomenal management team,” says Amir Farha, BECO’s cofounder and managing partner. “Amir and I co-invested in a very promising cybersecurity business that we think could potentially be a $100 to $200 million business,” says Abdallah Yafi, managing general partner at B&Y Venture Partners. The startup has plans to expand globally but for now, “we want to make sure that everything is working properly and we still have to get the security certification,” says Jebara. “Once we are ready, we will expand globally.”

Tags