Accessing 1Password on public computers [not recommended]

SystemSystem

Team Member
This discussion was created from comments split from: Opera 42 and 1Password 6 [will be supported in 6.2.328d beta].

Comments

  • brentybrenty

    Team Member

    I gave up on that matter and uninstalled everything and re-installed 1password and Opera, but no extension this time. Since you both seem to be knowledgeable about 1Password, cause to this day I still hesitate about becoming a full member...

    @orbitalfenestra: I understand completely. We'll get the digital signature for Opera 42 and above in 1Password as soon as we can. Thanks for your patience.

    Situation: I am a student and unfortunately I often need to use their public computers. Until then everything worked well... but then I needed to connect to my facebook and gmail accounts to realise that.. I am screwed! How can I make this work without creating weaknesses in my passwords? Shouldn't 1Passwork propose something for people like me?

    This is really a whole other discussion, so feel free to start another and we can go more in depth. But I did want to mention that we really want to discourage accessing sensitive information on untrusted machines. I understand that it would be more convenient to use a public computer at times, but it is also a convenient way for someone malicious or mischievous to collect information from those who use it. This is a big part of why we offer the mobile apps as a free download with an in-app purchase, even though this is inconvenient in some ways: so that folks can access their data on the go on a trusted device. And it isn't available everywhere yet, but most current versions of 1Password support the Wordlist option for password generation, which makes it easy to create a strong, random password that is easy to read and enter manually for accounts where this is important.

    [...] As for passwords on the go who knows... Maybe 1Password could start selling its own USB stick with a digital fingerprint ID and even more for security addicts, the choice to bring only a few handy passwords I would definitively buy it.

    This is a really cool idea for portability, but again, with public computers, plugging a device in is risky in many ways. While not everyone has a phone that can run 1Password, and one that has a fingerprint reader, more and more people have access to smartphones. You probably wouldn't plug your smartphone into a public computer (or at least, I sure wouldn't), but it's something you can carry with you to have access to important information without trying to use a machine you don't trust. Eventually we'll all have smartphones and "dumb" phones will truly be relegated to the past...and these are much more useful than a USB stick. :)

  • "But I did want to mention that we really want to discourage accessing sensitive information on untrusted machines. I understand that it would be more convenient to use a public computer at times, but it is also a convenient way for someone malicious or mischievous to collect information from those who use it."

    I don't have a choice, specially for a lot of exams this is kinda mandatory. And don't worry I am attending an engineer's school and all the school PC are so much locked even windows search doesn't work! :P I hate using the school PC but a lot of software we need are on those computers. I created a www.box.com account with a phrased password and I put my school stuff on it. I seldom need my Google account or Facebook to read my messages now there is a problem. Of course I can do it on my mobile phone but getting a zip file from a colleague on Messenger and then the Phone is completely useless. So I may need to lower my Facebook password (sucks) or recently I zipped a file on an usb key with both gmail and Facebook password protected just in case I really need to use it from school PC.

    Still. and I speak for myself. I often have 2 hours labs where I need to access my stuff for many reasons and now it's been two months I am testing the thing to see if it is both secure and functional. It happened a few times I realized I couldn't access my accounts and I lost precious time finding a workaround.

    So I believe we all agree on security. Period. But for me to adopt 1Password for good I really need to find a simple and quick way to access the few accounts that I really need at school. Of course I could set weak passwords but what's the point of doing this anyway. As all of you guys I came to realize that I badly need to put order in my sensible stuff.

    Maybe setting a phrased password with a 2 factor authentication for the 2 accounts could be both secure and useful (still I would prefer to put an insane password but I can live with it) What do you think? Any suggestions from people in the same situation than me?

    ^__^

  • brentybrenty

    Team Member

    @orbitalfenestra: Thanks for your reply! I've split this bit off into a separate discussion, as I'm sure that others will have something to contribute from their own experience.

    I can see your point about exchanging files, and certainly if you need to use software that is only available to you on the school's computers for your work there that is a real obstacle. On the plus side, I'd hope that an engineering school has some great technical people in running things. But of course you probably have a lot of clever students as well. Mischief may be more likely than malevolence. :wink:

    But yeah, if it is mainly a handful of accounts you need to access there and you can plan for it, using randomly-generated, word-based passwords for those will make it much easier to login at least, without exposing anything. There is always the 1Password.com web interface in a pinch, but that is more difficult since you will need to enter both the Account Key and Master Password each time (since you won't want to have it store the Account Key on a public computer). Perhaps we'll be able to add a temporal multifactor option in the future, which would certainly help in your particular situation. I'm also interested to hear from others with similar needs. :)

  • You'd be surprised how uneducated people can be when it comes to IT... There is even a dude who was still using emails to discuss and exchange stuff until I pushed him quite a lot to create at least a Messenger account so we could do our HW in a group. Most people just don't bother about their personal data being exposed... lol Well to make things simple they won't change their behavior until they get hacked for real. So basically I am completely alone using this system as we speak.

  • brentybrenty

    Team Member

    I have some idea. ;)

    But yeah...unfortunately this is one of those things where most people have to learn the hard way. And, lest I point the finger at others, I should say that this is why I have a solid backup strategy now... :unamused:

  • Thanks for your kind help. I wish you well.

  • brentybrenty

    Team Member

    Likewise! And I do want to mention that the new Opera signature is supported in the current 1Password 6 beta, and we're hoping to release it to everyone soon. Be sure to reach out if you need anything else. Happy holidays! :)

This discussion has been closed.