Security when using 1P4
Hi,
How can I improve secure login when working in a public space (e.g., airport)?
My wife and I have adopted 1P4 for secure login on our iPhone5s, iPads, MacBook Pro, MacBook Air and iMac devices and Windows via VMware. We are reassured that we are doing as much as possible to protect ourselves from identity theft since having created the master password to access 1P4 to login to all of our accounts.
My fear is that someone can record my master password without my knowledge as I log in while working in a public space. (I travel frequently so it is not always feasible to conceal or work in a guarded position where my keyboard is not readily visible.)
If that breach should happen, how likely is it that the same person can then access my 1P4 data file via public wifi network?
What are the chances that some key login software on any of the devices will record the typed master password?
I do not suspect that anyone would specifically target our data. However, the risk is real for the master password to be recorded (phone cameras or security cameras are everywhere today). What is the likelihood to match this with the correct 1P4 data file in Dropbox?
Regards,
Jay
Comments
-
Hello @Fairgame!
"Shoulder surfers" are something to be (mildly) concerned about, and really the best defense is to practice entering your Master Password frequently so that you can do it quickly. Also the longer your Master Password is, the harder it is for a shoulder surfer to capture it. So having a strong Master Password that you can enter relatively fluidly is a good solid approach. Also simply paying attention to your environment as you enter your Master Password matters.
You are correct that someone would need both a copy of your 1Password data and your Master Password to be able to get at your secrets. There are two ways that they could get a hold of your data. One is by capturing it off of one of your machine, for example, if your laptop is stolen. The other is through capturing it off of a sync service. 1Password is designed with the foreknowledge that some people will have their data captured that way. Computers get stolen all the time, and sync services aren't perfect. (And with respect to sync services, we should assume that the data is easily available to governments.)
But an ordinary criminal who gets a substantial portion of your Master Password through shoulder surfing (already unlikely) would have either steal data off of your computers or devices or find a way into your iCloud or Dropbox account to capture your data. Unless you are being targeted by trained specialists, I really don't see this happening.
0 -
Thank you for your response. That is a relief.
0 -
Also note that your Master Password doesn't "go anywhere" other than into the 1Password application on the device you are accessing your data from. There is no transmission of it to any server or external service so it cannot be "sniffed" by anything even in a completely public Wi-Fi setup.
0
