Data Safety and Integrity

What happens if I lose my login credentials?

Your login credentials consist of a Merlin password and one or more Persona passwords and, optionally, sets of unique 'click-points' in login images. The passwords and image click-points can be the same or different on each device in which you install Merlin. You alone know what these are – if you lose them we cannot help you. 

Make absolutely certain you select passwords or phrases that are easy for you to remember but hard for anyone else to guess. If you want to use login images, you can select from a number of standard images or add your own (recommended). 

Our research shows that even after a prolonged period of disuse, people more easily remember unique points on a personally meaningful image (a family picture in which you chose the tip of each person's nose, for example) than a complex password or pass-phrase.

What happens if I lose my encryption keys?

Your personal encryption keys are an inseparable part of the Merlin installation on your device. Merlin manages all the keys for you; you don't have to do anything with them manually. So the only way you could lose the keys is to lose the device on which Merlin is installed, or if the device itself is damaged. 

You protect yourself from such losses the same way you do with all your other important data: simply make a backup copy of your encrypted Merlin data file. Additionally, if you have Merlin installed on a second device and you enable full synchronization, Merlin on your second device will be an exact clone of Merlin on your first device. This is a sort of automatic backup; you don't have to do anything.

How do I add Merlin to a new device?

Log in to your account on our website, select 'Add a device to my account', and download the Merlin version you want. When you install it you will have to authorize that new device from your existing device in order to sync with it. Depending on how you configured your account security, and exclusively at your option, we will send you an email or a text message informing you that a device has been added along with an authorization code you must enter on the website before your new device will be enabled to synchronize.

Can I use the same Merlin password on different devices?

Yes. You can also use the same login image and click points. Because these are known only to you, and because they can also be different on each device, you must set them up separately on each new device.

What's the difference between my Merlin password and a Persona password?

Merlin uses two layers of encryption (plus anything it sends via Kahuna™ is wrapped in a third layer). The first layer is an encrypted data file (Merlin.medf) in which Merlin stores all your data. Separate from that, each piece of data within that file is also encrypted using separate keys.  Your Merlin password unlocks the data file which is then automatically mounted as a drive on your device. 

Your Persona password (and login image, if any) unlocks the separately encrypted data within that file, once it is mounted as a drive. 

You have only one Merlin password, and you may have up to six (6) separate Personas, each with its own password and login image, and each with its own independent encryption keys. This is described in greater detail on our technology page.

What's a login image and how do I use it?

In addition to a password or phrase, you can set up each Persona in Merlin to also use a login image. Merlin comes with a number of standard login images, or you can add your own. A good login image should be personally meaningful, such as a picture of your family or house, or a favorite holiday spot. And it should be rich in unique points. Here is a side-by-side comparison of a bad login image and a good one…


You set up a login image simply by clicking on parts of the picture you like the most, and then practising several times. We recommend using at least six (6) points. The sequence in which you click them matters. You can select the same point more than once.

What is the best size for a login image?

Login images must be at least 420 pixels tall and 700 pixels wide, and should be cropped to an aspect ratio of 1:1.66. You can use any popular image format, including JPG or PNG. If you do not scale the picture to the correct aspect ratio, Merlin will shrink it so that the largest dimension fits while maintaining the aspect ratio of your original image. The best thing to do is to copy a picture from your personal collection and resize and crop it to exactly 420 by 700 pixels using a simple image editing program (Microsoft Office Picture Manager or Paint.Net work well).

Does Merlin have a virus scanner?

When you receive files from other Merlin users – or import them yourself – they remain encrypted inside Merlin, protected from prying eyes inside a 'shell'. This protection works both ways – for so long as a file remains in Merlin it's isolated from the operating system, so a file that happens to be infected can do no harm. If you open that file using any of Merlin's built-in viewers and editors it is likewise isolated and can also do no harm. 

The exception to this is if you intentionally export a file from Merlin to your operating system (some folder in Windows, say). At that point the operating system can see it, and it can see the operating system. In such instances it's wise to scan the file with your regular virus scanner before opening it. 

This holds true for email attachments as well: so long as you view or edit them inside Merlin, should one happen to have a virus it can't access the operating system to cause any harm. It also can't cause any harm to other items in Merlin because each one is encrypted separately.  Merlin has been tested and works well with all major virus scanners.

What encryption technologies do you use?

See this discussion on the technology we use in both Merlin and in the Kahuna™ network.

Is there a 'portable' version of Merlin?

Yes, all versions of Merlin can be run in 'portable' mode. In this context, portable mode means that Merlin does not have to be explicitly installed; rather, it can be run from any directory, including from an encrypted drive, file system or removable flash drive.

Can I back up my Merlin data file?

Yes. Merlin keeps all of its data in folders within an encrypted data file. You can copy this file to any device with sufficient capacity to hold it, such as an external hard disk drive. You must exit Merlin to make the copy.

Can Merlin be run from an encrypted file system?

Yes. You can install Merlin in an encrypted drive (such as a mounted TrueCrypt drive, for example) and instruct it to keep its data files in a folder within that drive as well. This has been extensively tested and works fine.

If I have multiple Personas and I buy Kahuna™ Traffic Credits for one, can my other Personas use them?

Not directly, no. The reason has to do with keeping a very 'tall wall' between every Persona, such that there is no way to detect that two different Personas are in fact the same person. If we were to place all the Kahuna™ Traffic Credits you buy in a single 'pool' from which any of your Personas could draw, under certain extreme conditions it would be possible for an eavesdropper to determine that there was a relationship between those Personas. For this reason every Persona is absolutely separate from every other, including having separate Kahuna™ IDs and separate Kahuna™ Traffic Credits.

All that said, our philosophy is, it's your money and you should have the right to do something unwise with it if you want. What you can do is use the 'Transfer Kahuna™ Traffic Credits' function to transfer some credits from one of your own Kahuna™ IDs to another one, rather than give credits to someone else. But please note that we keep no record of such transfers, so once you confirm a gift we have no way to undo it.

Please note that the transfer of Kahuna™ Traffic Credits is not supported in the alpha or beta phases of this website.