lost cellphone and laptop

victor2019
victor2019
Community Member

Hello:

I'm traveling overseas next month for maybe 60 days. My question is: How can I recover my information in case my cellphone and laptop are lost or stolen? I used to have all this information in an Excel file and send it to my gmail.com account. That way I could go into an internet café and download the information if I ever need it. But now, I keep all 200 passwords only in your App and recreating it now in excel will be a very long and tedious process. What would you recommend me to do, assuming that I would need to access a public computer?

Thanks


1Password Version: 7.3
Extension Version: Not Provided
OS Version: iOS 12.2
Sync Type: laptop and iphone
Referrer: forum-search:lost cellphone and laptop

Comments

  • gazu
    gazu
    Community Member

    @victor2019

    How can I recover my information in case my cellphone and laptop are lost or stolen?

    I can think of four options - somebody ingenious may offer some more:

    • Take a copy of your secret key on holiday with you - preferably disguised
    • Store it disguised in your Gmail but only if you know your email password
    • Leave it on a PIN protected voicemail service that you can phone into
    • Give it to a trusted friend at home in a sealed envelope

    If you need to use your secret key on an untrusted computer (not recommended) change it as soon as possible afterwards.

    I keep all 200 passwords only in your App and recreating it now in excel will be a very long and tedious process

    You can export everything automatically into a spreadsheet for backup purposes but don't do this as you lose security.

    That way I could go into an internet café and download the information if I ever need it.

    Only in a life or death situation should you do this. As soon as you expose your passwords to a computer that doesn't belong to you, all protection is lost.

    If you ever have to do this, change your passwords as soon as you're on a trusted computer.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @gazu: Great advice! Thank you! :chuffed: :+1:

    @victor2019: I'll just add that I don't take my Emergency Kit with me when I travel. Similar to gazu 's fourth suggestion, I leave a copy with someone I trust -- both in case I need to contact them to get it, or if something happens to me an my family needs to.

    Indeed, exporting data leaves it unencrypted. And while I can certainly imagine situations where one might need/want to access their data on an untrusted system, it should only be done after weighing the risks involved in doing so -- a determination each of us needs to make for ourselves.

  • XIII
    XIII
    Community Member

    Is mail that you send to yourself still passing hubs on the internet, where bad actors can read it?

  • AGAlumB
    AGAlumB
    1Password Alumni

    It shouldn't, but it's possible that it would, if the server is misconfigured and relays the message to another server when the destination is itself. You'd need to check with your email provider. But if your connection to the email server is not secure, then messages can be read in transit either way. Most of us are using TLS (webmail) or secure SMTP to send email these days though.

  • gazu
    gazu
    Community Member

    @XIII

    Is mail that you send to yourself still passing hubs on the internet, where bad actors can read it?

    It shouldn't be however as brenty alluded to (if the mail server is misconfigured) it may be visible by a bad actor.

    Google have an easy way to identify if mail is encrypted, you just click on the arrow next to the sender's name as indicated at the end of this post.

    92% of mail should have the grey padlock. In the organisation I work for all legally privileged material has the green padlock - we also have a forced TLS rule for our trusted partners and MTA-STS for everybody else.

    Outlook don't have an easy way of identifying whether an email is encrypted - to find out you have to trawl through the headers and trace the TLS route.

    100% of email sent between (Google and Google), (Outlook and Outlook) or (Google - Outlook) (Outlook - Google) should be encrypted with TLS.

    One solution, if you suspect your mail provider is insecure, would be to store your secret key in a private entry of your calendar, phonebook or in your Drafts folder. I wouldn't recommend this but, if anybody chooses to do this, they should change their secret key as soon as possible afterwards - it's one half of your encryption key.

    Remember that mail providers must upon subpoena disclose the contents of your mailbox.

    You might want to consider using a substitution cipher (normally wildly insecure) for your secret key. Because the secret key is random there is no way to reconstruct your key without knowing the shift number/s. A=1, B=2, C=3 etc. Ordinarily you'd be using modular arithmetic and a non-repeating key to make this more secure but this is unnecessary because the secret key can't be deduced through analysis.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for all the tips @gazu! :+1:

  • victor2019
    victor2019
    Community Member

    Thanks everybody for their useful recommendations!

  • :+1: :)

    Ben

This discussion has been closed.