Question about security on a work computer
A quick security question about 1Password and my work computer. I've read your entry on why it is a good idea to treat a computer at work as a hostile device, and to just log in to limited number of sites manually, using passwords stored on my phone. Unfortunately I read that after installing 1Password on my work computer, and using it for a while. I have since deauthorized the computer, although I am unable to uninstall 1Password as I lack administrator privileges on my office machine. I know there's no such thing as perfect security, but am I right in thinking that I'm probably safe moving forward: that any locally stored vault can't be accessed by anyone at work, and that I'm otherwise pretty safe from incursion? I work for a very big university and doubt that anything like keystroke logging was going on (i.e. I doubt they logged my master password, though of course I can't know for sure). I'd rather not change my master password, but would that be a good idea to be on the safe side? I'm using the most recent 1Password, on a Mac, syncing via my 1Password account, although it might have stored my old "primary" vault on the local machine. Thank you!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@htrouser - what you've just described is one of the very reasons we suggest not using 1Password on computers - any computer - you don't own/control. If you've got a 1password.com membership, deauthorizing that device was definitely a good step.
As to "any locally stored vault can't be accessed by anyone at work," the answer is probably -- but not necessarily. Let me try the reassuring part first: 1Password is designed to be very secure. If you chose a good strong Master Password and you never shared that with anyone - and kept your Secret Key private as well - then 1Password's defenses are quite robust indeed. However, for reasons it sounds like you've already read up on, if your work computer had surveillance-ware (keyloggers, screen recorders, etc) installed on it by your employer, then they could have relatively easily captured both your Secret Key and your Master Password as you used 1Password in the course of your day.
To be clear, if you have a 1Password vault (or more than one) on your work computer that you can't remove, it's protected by your Master Password. No one else who has access to your computer who did not already know your Master Password would be able to decrypt your data; they'd be essentially no better or worse off than an actual hacker/attacker, in other words: this is one of the very scenarios 1Password is literally designed to protect against, and it does an excellent job.
But yes, if your employer had invasive-enough spyware installed on your company-provided computer, they could indeed have captured both your Master Password and your Secret Key. How likely is that? I can't say. You seemed to suggest the answer is: probably not very, which is good, and it's what I'd expect in most cases. Even if it turned out your university did have that kind of surveillance installed, that would presumably mean that only the IT department would know this information, and it's difficult to imagine someone's employer using that knowledge to intentionally access their own employee's private 1Password database. But "difficult to imagine" and "impossible to imagine" are not the same thing.
So, if you believe that keylogging/spyware might have been present, or you just want to be as sure as possible, then changing your Master Password on a different device - one you own, not connected to your university's network - might not be a bad idea. The existing data on your work computer that you can't erase could still be opened with your previous Master Password, but there would be an authentication error message for the sync attempt. In other words, unless you (or someone else) entered the new Master Password into that error prompt within 1Password, only the existing data would be available, not any changes/additions you'd made since changing the Master Password. The absolute most secure thing to do would be to not just change your Master Password, but also change every password for every account you have, using 1Password on a device you control. That would render the data you can't erase on the work computer mostly meaningless. If you want my opinion, that's probably overkill. But it would be the best way to be sure the data on that work computer was of as little value as possible even if someone could access it.
To sum up, you wondered: "am I right in thinking that I'm probably safe moving forward?" Yes, probably, unless a) surveillance capabilities were already in place and b) your IT department or someone with authority over them is evil and wants to target you specifically. You asked: should you change your Master Password? Yes, if you want to be as safe as possible. But even if you did change it, anyone who had both your local data and your old Master Password would be able to access the local data (though not any changes made after you change the Master Password). One final thing: if you decide to change your Master Password for your 1password.com account, obviously DO NOT open 1Password on the work computer and change the authentication prompt to reflect the new Master Password, or you'll have undone any good you did by changing it in the first place.
Let us know if you have any questions.
0 -
Thank you so much for this very thoughtful and comprehensive reply. It answers all of my questions and gives me all the information that I need moving forward. I really appreciate the advice!
0 -
One follow-up question: would a good precaution also be to delete the locally stored vault on my work computer, which I should be able to do even though I can't uninstall 1Password? I installed 1Password on the work machine long after I switched to a 1Password account, so I think I'm correct that that means that only my "personal" vault would have been synced, not my old "primary" vault (the latter remains stored locally on my Mac at home, but is no longer synced via Dropbox now I have a 1Password account; that should mean it was never downloaded to my work Mac). If I'm right, then I'd just have to go to the folder in the instructions below and delete the locally stored vault on my work Mac, and there would be no copy of my vault accessible to any (hypothetically nefarious) IT person at work. So even if my master password and key had been logged via key logging software, they wouldn't have a local vault to get into. Does that sound right?
https://discussions.agilebits.com/discussion/92287/vault-file-location
0 -
@htrouser - we've got a complete guide to how to manually uproot/uninstall 1Password, which you can use if you like. I was under the impression you couldn't delete anything, but if for whatever odd reason your employer's setup is such that they don't mind you fooling around in the
~/Library
folder but just won't let you uninstall apps from/Applications
, well, on a personal note I'd consider that a weird choice of opsec, but not my place to say. If you are able to remove things from~/Library
, then yes, you can definitely do it -- though if your employer makes regular iterative backups (which I would expect), then that data would theoretically live on forever in some dusty server room. But you can remove the working copy. If you were using 1Password 7 for Mac, your SQLite file (what 1Password actually uses) is at:~/Library/Group Containers/2BUA8C4S2C.com.agilebits/Library/Application Support/1Password/Data
You might also want to delete:
~/Library/Group Containers/2BUA8C4S2C.com.agilebits/Library/Application Support/1Password/Backups
as well. Or for that matter, if you know you're never going to be using 1Password again on this Mac, just delete the entire 1Password folder in Application Support. "Nuke the site from orbit," as it were. ;)If you had any standalone vaults synced via either Dropbox or Folder Sync to an Agile Keychain or OPVault, you might also want to make sure to remove those as well.
Again, this is likely to be an unneeded, abundance-of-caution operation, but yes: removing the data in this manner is another way to help ensure against the chance of future bad things, however remote.
0 -
Much appreciated. I'll give it a shot and see if my permissions will allow me to do this. Thank you again!
0 -
On behalf of Lars, you are welcome! :)
0