Accessing 1Password from Unsecure Public Computers
Hi!
Have been using 1Password for some years now and loving it, and just recently upgraded to 1Password accounts to aid in accessing my data more easily when travelling abroad.
Recently managed to get myself into a bit of a situation without being able to access my 1Password data that was backed up on DropBox due to not having my mobile device to authenticate the 2 factor verification and the new DropBox backup code stored inside of 1Password! doh.
In any case this is all redundant now as I have a 1Password account so can access my data through the website.
For me it raises a couple of security questions that although for others may be a non-issue. As I travel quite intensively I am always using public computers that are what I would consider unsecure, in that they could have any kind of malware stored on them, which makes both my master password and also account key vulnerable to keyloggers and screenloggers when typing it into these computers and can potentially compromise all of the data within.
Does 1Password offer, or will offer in the future, any feature to combat this? Obviously in an ideal world I could use my mobile devices (if I have them) to copy passwords, however this would still involve typing and if I am unable to install any of the 1Password extensions on the computer I am assuming that when copying an unrevealed password from the website this would be read some how?
Just trying to work out the best way access and use my 1Password account on unsecure computers as I noticed with Lastpass they offer features such as virtual keyboards for logging in and also one time passwords for accessing the actual account that can be generated beforehand on a 'secure' device, as in the near future I will be having some extended works trips throughout West Africa and would like to get my account as secure as possible for access when I do not have my own devices.
Many Thanks
Jason
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi There Jason,
Work travel across the globe. It sounds amazing and I'm jealous!
I'm also curious, is it at all possible to come at this from the direction of investing in a laptop? I think you're right in that there's a lot that happens on public computers to feel hinky about. Perhaps being able to give yourself more control over a situation that you might come across in your travels would cut out a lot of the worry.
Looks like someone asked the same question last month, but here's a link to the answer given by one of the agile bits team. Click me!
Hope that helps out (I'm still jealous),
Beth0 -
Hi @RedMonkey
In addition to what Beth has mentioned in the previous comment and in the linked post she provided, I simply don't trust any computer or device that is not my own.
I realize this is possibly inconvenient but as you indicate I have no idea what these other devices may have on them, from key loggers to all kinds of other malware. My data in 1Password is extremely sensitive, particularly my work vaults and a number of items in my personal family account that contain everything from Social Security Numbers to banking logins.
My thought on this is simply "Would I trust any random stranger with this information?" if not, I don't look at it, open it, or access it from any device that is not my own.
When I travel, which is far less than you it seems, I always have my laptop, an iPad, and an iPhone with me. I travel fairly heavy in that sense. Having your own devices helps a great deal with "can I trust this device?" by making sure you have your own devices. But that's not the only factor either. If you join a public Wifi network you're also at the mercy of the way that network is setup and it's entirely possible for other members on the same wifi network to snoop on traffic of other people on the network. I get around this by using a VPN (Cloak in my case).
The VPN does something rather neat. Normally on a wifi network your device connects to the wifi network, then that wifi network connects to a network and ultimately ends up on the internet. With a VPN your device connects securely to another server on the internet, and the traffic between your computer and the VPN server is encrypted. Anyone on the same wifi network is just going to see encrypted junk. So your device is basically accessing the internet through the VPN server instead of through the wifi network. It's not fool proof, but it's another way to protect yourself. And when I travel I always have my VPN enabled for untrusted networks.
In the event of an emergency, I would probably sign into my account on a public computer, but I would as soon as I was able, update my Account Key by having it regenerated and changing my master password. And this would only ever be in absolute emergency situations.
I hope that helps a little bit, but generally I would say avoid anything where you need to login on untrusted computers. These computers are fine for looking things up, like maps and directions, to hotel information etc, but if it requires a login, I avoid it.
0
