Quick Confirmation - Data Security On Work Computer
Hi,
I've been thinking about this for a little while now and am finally asking. I've joined an organisation that's Windows based but there's a healthy view to individuals being able to install legitimate productivity tools that suit them.
As wonderful as 1password.com is I am really missing the convenience of the browser plugins and I have to log into lots of different dev and test etc environments. I have a 1Password subscription.
My question is, if I install 1Password on my Work Windows machine and install the browser plugins (I use several different browsers for different purposes) is my 1Password data secure from the internal network and system admins that have all levels of access and control?
Regards,
Fish.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Depends on your organization's threat model and systems in place.
If you work at a typical small-mid sized firm, that's probably fine. On the other hand, if your employer is some sort of government agency, financial services company, technology firm etc, there should be no presumption of privacy since there are plenty of enterprise solutions including screen recordings, key logs, HTTPS scanning, etc.
0 -
@fish - No, it's definintely NOT secure from someone with that kind of access. And you should not expect your privacy to be respected on a work device; especially if you work at an office location owned or leased by your employer, Even if you just have a company-provided laptop and work remotely, there's no telling what might be installed on it, and none of it would be illegal or even particularly unethical; after all, it IS their company and their computer. I might feel personally uneasy about working for a company I knew was exercising what I considered an invasive level of scrutiny over me...but that would be my own choice to work there or not. The general rule is: do not install or use 1Password on untrusted devices or devices you do not own/control. That includes 1password.com, in fact.
Fortunately, most of us carry around a trusted device (at least one!) with us at nearly all time on which we run 1Password, so although it may be inconvenient, you could use the Large Type feature of 1Password on your iPhone or Android device (or even a laptop), and type in your passwords, when you need them. That's the only way to be as certain as possible your employer isn't able to see/read/copy your personal 1Password data. If you're less worried about your employer's willingness (or ability) to do such invasive oversight of your activity on their devices, you can install 1Password and it will provide you the same level of protection it does on your own devices...but you'd be best served by making sure you shut down your computer (or at least fully quit 1Password) when you leave your desk, and go into it knowing that anyone with root-level privileges (which your IT staff almost certainly has) could get your Master Password and thus your 1Password data, if they so chose. It's really a call only you can make.
0 -
Don't open your personal 1Password vault at work.
Create a guest vault instead to avoid releasing the master password and secret key (of your personal vault) to your employer.
0 -
@derek328 @Lars @gazu Thank you for your responses. When I posted the question I was mainly wondering if my database of logins etc would end up on the machine but you're all correct, it's much more than that. Whilst I know my employer does not do any key logging or similar intrusive activities you never know when an individual with the power might, so thank you. I get it, I should stop using 1password.com too because of the master password. Really appreciate your responses.
0 -
Absolutely! And even if your employer isn't doing anything like that, many are, so it's important to consider. Anyway, glad that everyone was able to chime in on this to help answer your questions. Cheers! :)
0 -
I want to echo the comment that it's worth trying to understand the specific policies and the threat model of your employer. A few comments:
1) HTTPS scanning would defeat the privacy of web browsing and e.g. of checking personal email via a webmail client. I'm guessing most of us will still log into our email on our work machines, for convenience. But HTTPS scanning should not compromise the security of a 1Password client (including the 1Password.com website AFAIK) based on what's described in the 1Password Security Design whitepaper, because the communication protocol (along with the storage scheme of course) does not rely on SSL/TLS/HTTPS for protecting the vault data*.
2) It's true that a key logger, screen capture, or any other direct remote access will compromise data that's typed or displayed on screen.
3) It's true that software running in certain high privilege contexts could access the memory used by the 1Password client. As implied by Lars this includes the browser client.Basically my attitude on this is: work -network- is probably safe for 1Password. Work computer.. it's really up to you to decide whether you trust your employer not to snoop.
I think it's worth pointing out that many companies (not all!) who would have the infrastructure in place to be able to snoop also probably handle sensitive data themselves in the course of business, and thus should also have policies preventing Joe Random IT person from arbitrarily deeply snooping on employee's computers. For instance a sysadmin at a financial services company probably is not allowed (by policy and hopefully with automatically enforced access limitations or notifications) to access private data on an executive's, operations person's, or engineers computer. Aside from your 1Password data, your computer could contain trade secrets, confidential HR information, or confidential customer data and access to that data SHOULD be controlled by corporate policy. If they have a reason to access the data then they will access it, and at that point it's up to whether you trust them to do the right thing (just like you have to trust HR to do the right thing with the various personal data the company keeps about you).
*I may actually be wrong about this .. based on a re-read of Appendix E it may be possible for HTTPS scanning to allow recording of vault encryption keys when first adding vaults to a device. I don't think this detail changes my conclusions in this post, though as we're still talking about high privilege behavior on the work device specifically, and based on my reading this would also require a pretty specific directed attempt to steal the keys, not straightforward traffic logging.
0 -
@rationull is on target.
1Password will be safe against HTTPS scanning, as it does not depend on the secrecy of TLS. When you use it in the web browser it does depend on the integrity of the TLS connection, but that case aside 1Password does not depend on the security of TLS. Indeed, there was an instance a few years back when the secrecy of TLS was broken in some cases. This had zero impact on 1Password users.
On to local compromises (key loggers, etc) on your work computer. As we've said, there are fundamental limitations on what we (or anyone) can do to keep you safe when you are using a compromised computer. But I also agree with @rationull, that it is not particularly likely that your company is doing that. They certainly have the power to fully own anything you do on their computers, but you will have to be the judge of whether the chances of them using that power is sufficient reason not to use 1Password.
And just a followup to @rationull's query about whether someone in a network privileged position could launch the kind of attack described in Appendix E of the secure white paper (PDF), the answer is "no". When data (including various public keys) are sent from our server to your client, that data is encrypted and authenticated. So there is no possibility of tampering in transit. Mr. Talk (the cat in the middle) has to control our server; controlling network traffic to and from the server is not sufficient to launch such an attack.
0 -
@jpgoldberg awesome to have you chime in here and validate my thinking :)
I wasn't clear in my comment on the Appendix E situation. It is clear that a man/cat-in-the-middle on the network would not be able to snoop keys, but if some kind of endpoint HTTPS scanning were in place on the work device, including a custom installed root certificate on the client machine (similar to this) then it is theoretically possible to snoop keys, right? But this is just another compromised computer case, no different from a key logger or screen capture.
0 -
Remember that our authentication involves mutual authentication and a session key derived from authentication process. So if the 1Password client isn’t compromised, it could never send a key (or any data) to something that didn’t hold the SRP verifier.
But, if the attacker can get the victim to use a comprised client, then there are for more direct ways to get things than substituting in bogus public keys.
0 -
Ah right, OK. This goes back to the point that there is no sensitive data transferred such that it is protected only by SSL/TLS, right? That's great, and seems like it reinforces that really the only thing to worry about on a work computer is what the company can do with root/admin access to the processes running on the machine.
0 -
@rationull - that's basically the case, yes. But since, depending upon what's done and how it's done, you may not even be able to tell what kind of access the company has, it's best to assume work computers aren't as private as devices you control. To echo what @jpgoldberg said, however, that level of invasive scrutiny isn't common...but it IS possible. This is where using your own judgment would be the best option: what do you know/suspect about your employer? Etc.
0