Is it safe to use 1PX on public computers?

Need to use 1P on shared Linux lab machines. But wondering if it’s safe to do so.

Thanks

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @BXIA: No. Obviously it's your data so it's ultimately your call, but I do want to be clear that this is just not a good security practice.

    Now, could you use 1Password (X or otherwise) on an untrusted machine, and potentially not have the security of your data compromised? Sure, but it's not something you should count on, so it isn't something we recommend. We put a lot of effort into the security of 1Password X — and 1Password in general — but the reality is that anyone else with access to the machine could use that power to capture information as you enter or access it.

    You probably wouldn't login to your bank in the Linux lab (or at least you shouldn't), and given that we all probably keep our bank login credentials in 1Password, using it there would be the equivalent, since it could allow someone to steal our account credentials to get that as well.

    The best thing to do, if you absolutely have to sign into accounts on a shared or public computer, would be to use only those which you must (for example, for school) there, entering the password referencing 1Password on your phone. Using a random word-based password will make that easier, and consider changing the password periodically in that case, as it could be compromised on the shared machine.

    Anyway, I hope this helps give a good overview. Please let us know if you have any other questions!

  • omrih
    omrih
    Community Member

    I wish there was a way to send a single password from my phone to a public (or work) browser.
    I often need to login to places from my work computer. I use 1Password and am aware my keystrokes are saved so my password is. I want to have a 1Password browser extension that would link via my account to my phone (maybe displaying a QR code to identify the extension without me needing to put in my password), and if I want to fill a site I would invoke the extension, a popup would come up on my phone saying '1password wants to fill on the browser' or something, and if I approve that password will be sent. In this case, I am aware my specific password might be compromised on that machine, but would much rather not have ALL my passwords possibly compromised.

  • That's an interesting idea, @omrih. It's not something we're interested in adding at the moment, but I can totally see how that would be very useful in your use case. As good of an idea as it is, we just have too many other interesting ideas that we're already exploring to add this one to the list. At least not yet :)

This discussion has been closed.