To protect your privacy: email us with billing or account questions instead of posting here.

Suggestions for storing a Security Key safely while traveling to disable travel mode via website?

shelbourn
shelbourn
Community Member

Hi there!

So I was thinking about this last night and I am wondering if anyone has a good solution....

Travel Mode is an awesome feature considering the new state of affairs concerning international travel. But consider this scenario... I remove vaults from my Android/iPhone 1Password app temporarily via Travel Mode. Then I reach my destination and would like to disable Travel Mode so that I can access my vaults again on my phone app. However, in order to do this, I would need to login to 1Password.com using my Security Key and Master Password (assuming I'm not using my personal laptop which has a cookie saving the Security Key in my browser). My question is, since the Security Key is needed to log in to 1Password.com on an unidentified computer, what is the best way to store my Security Key while traveling?

I have considered storing a random phone contact that contains the Security Key, but I feel like there must be a better and more secure way. Any thoughts would be great. Thanks!

--Matt


1Password Version: 7.0.6.BETA-2 (Android), 7.2.2.BETA-2 (Mac)
Extension Version: 4.7.3.1 (Mac)
OS Version: Android 9, Mac OS 10.14
Sync Type: 1Password

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @shelbourn: Just to clarify, 1Password.com credentials, including the Secret Key, are never stored as browser cookies. That would be really, really insecure, as websites, Javascript, and certainly apps on your computer could easily access those. Better safe than sorry.

    I'm not sure there's a truly secure way to actually carry your account credentials with you. After all, you're presumably using Travel Mode to avoid having sensitive stuff on you that could be captured in a search. But if you have access to 1Password on any of your devices, you'll have your Secret Key right inside it, probably both in your account settings as well as in a saved Login item. And since you probably know your Master Password to unlock it, that will be accessible to you.

    Alternatives are to give your Emergency Kit to a loved one before traveling (not a bad idea in case of a true emergency anyway), and/or removing 1Password from your devices completely, in case you are likely to be targeted. The idea behind Travel Mode is that you're okay with having 1Password, just not with having everything in it while crossing borders. Food for thought. :)

  • shelbourn
    shelbourn
    Community Member

    @brenty Thanks a bunch for your quick reply! You answered my question 100%. I had never looked before and therefore wasn't aware that the security key is still present on a device after Travel Mode is enabled. And yeah, that was silly of me to think that the key would ever be stored as a browser cookie. In retrospect that makes zero sense. Anyway, I appreciate your help. Take it easy man.

    --Matt

  • Thanks for the update Matt. Glad to hear Brenty's advice was helpful. :+1:

    Ben

  • brian67
    brian67
    Community Member

    Yes but. To turn Travel mode off at your destination you have to go into safari on the device, sign in then input the secret key, etc. Although its "in" the app how do you get into the 1 password account log in. I have to carry my emergency kit with me? That's not an option for security.

  • danco
    danco
    Volunteer Moderator

    Really, you only need to carry your Secret Key with you, not the whole Emergency Kit. If that is written down, then even if the paper is stolen, it is not exactly identifiable as the 1PW Secret Key. Even if it were identified, your Master Password would not be known.

    If you still regard this as too insecure, you could store the Secret Key online (iCloud, OneDrive, etc) - but you would then have to remember the password for the online storage.

  • @danco is correct, all you need to carry with you in case of an emergency is your secret key. You will need your master password and secret key to restore access to your account if you accidentally drop your phone in the toilet! :blush:

  • AGAlumB
    AGAlumB
    1Password Alumni

    @brian67: It's not something we can really decide for you, as no one has the same situation. I personally don't carry my Emergency Kit with me, but rather someone I trust has it and I can call them to get the Secret Key if I need to. Again, not saying everyone needs to do that necessarily, but it's just one idea. I think Danco's is better for most people. :)

  • brian67
    brian67
    Community Member

    Thanks everyone. Just carrying the secret key is probably- the best solution. I think I will put it in a note in Lastpass and copy/paste it into password.com ...oh the irony.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Whatever works I guess. :lol:

This discussion has been closed.