Idea: Reduce the searchability of Emergency kit PDF

Perhaps one more level of Emergency Kit security would be sending it as a PDF image instead of searchable text, as cloud storage often includes intra-document search.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:emergency kit

Comments

  • LarsLars Junior Member

    Team Member

    @es33 I'm not quite sure what you mean? When you save your Emergency Kit, it IS saved as a PDF -- is this not what you experienced? If not, can you tell me a bit more about what steps you took? Thanks.

  • Hi, yes it's saved as a PDF but with searchable text. I was suggesting to save it as a PDF'd image so if someone searched Google Drive/Dropbox/Box for the word 'password' it wouldn't show up.

  • BenBen AWS Team

    Team Member

    Thanks, I understand what you’re saying. Doing this wouldn’t prevent someone from searching for “Emergency Kit,” or using a more advanced search to find it. Generally what you’re suggesting would be considered “security through obsecurity,” which is something we try to avoid.

    Security through obscurity - Wikipedia

    A more effective defense would be to ensure other people do not have access to the locations you’re storing your Emergency Kit by using strong passwords (and perhaps multi-step verification / “two-factor authentication”) for those services, as well as limiting physical access to your devices.

    Ben

  • Hi Ben - I would argue then perhaps it’s best to generate the PDF with a random text string filename, instead of 1Password Emergency Kit. I didn’t suggest this originally because users can easily rename themselves.

    I’m obviously not suggesting obscurity as the only line of defense. I just don’t think it’s a good idea to have the word “password” plastered across a document (including filename) that can easily be searched, but maybe that’s just me.

    Cheers

  • I think it comes down to one question: should I store one of the most important documents I have (i.e. the emergency kit) in a location I'm not 100 percent controlling myself? The answer for me is: hell no!
    I would never ever store the emergency kit at any cloud provider. And if you @es33 are afraid that someone would search your Dropbox/Google Drive/whatever, then maybe you also think it's not the best idea ;)
    Because if that person is able to search your cloud storage, what would prevent him from copying all your PDFs and make them searchable with some OCR tool?
    If someone was able to get to my unencrypted cloud data, a searchable PDF is my least problem.

  • BenBen AWS Team

    Team Member

    Because if that person is able to search your cloud storage, what would prevent him from copying all your PDFs and make them searchable with some OCR tool?

    Yep, exactly. When trying to solve problems like these we try to ask ourselves:

    • What is the threat?
    • Does the proposed solution actually mitigate the threat in a meaningful way?

    In this case the threat is that someone has access to the cloud storage account where you’re storing your Emergency Kit. Obfuscating the Emergency Kit in any way does not mitigate that threat in a meaningful way.

    Ben

  • I thought I saw somewhere in the instructions the cloud suggested as a possible location to store it (in addition to USB/print/external drive) but perhaps I am mistaken.

    The other instance I was thinking of is perhaps your computer getting stolen. Sure, if someone was determined they could find whatever they wanted, OCR, etc. etc., but a casual thief might just type in "password" and, without any hits, just move on.

  • Just saw Ben's comment. Ok I concede, thanks for the discussion guys.

  • sjksjk oversoul

    Team Member

    Hi @es33,

    I thought I saw somewhere in the instructions the cloud suggested as a possible location to store it (in addition to USB/print/external drive) but perhaps I am mistaken.

    I'm not sure where you might have seen that since none of our 1Password Support articles suggest saving the Emergency Kit in the cloud. For example, not in:

    thanks for the discussion guys.

    You're welcome, on behalf of the other participants in it. 🙂

    Drop by again if you have other suggestions for 1Password or issues we can help you with. Cheers!

  • I knew I saw it somewhere... after you "save emergency kit" from within your profile: https://cl.ly/433P3Z0R3M1A

  • BenBen AWS Team

    Team Member

    Generally the biggest threat with the Secret Key is not having access to it yourself, and so storing it in cloud storage, while perhaps not ideal, is better than losing it. :)

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file