Best practices when working remotely using a personal 1Password account
In response to the COVID-19 situation, I have transitioned to working entirely from home.
My company provided me with shared (across ~3 - 10 employees) LogMeIn credential so I can remotely use my Windows work computer.
Normally I had been using 1PasswordX in Chrome when I was at physically at work. However, these new circumstances have made me question my setup/behavior, especially considering my 1Password Account is my own, and not provided by work. As such, I have tons of personal login/other sensitive information stored there.
I do have separated vaults, but I haven't seen a way to completely sandbox my Work vault on the work computer. I can turn a vault off, but if someone had access they could just turn the Personal vault back on. Plus, since my master password is global for my account, if it was obtained/captured, this setup wouldn't keep anyone from accessing any of my vaults.
I've since moved to the Windows application instead of X, because of the Secure Desktop login option. However, because I'm using LogMeIn that is always present in the secured desktop, but always shows up as a different Windows ProcessID number. So there is no way to be sure what else is running without opening the task manager each time to check if it is still only LogMeIn.
I also have chosen not to store my PC login credentials in LogMeIn, since others have access to that account. Are there any other simple steps I could take to make sure the situation is as secure as possible. When I was physically in front of my computer it felt less questionable. Now I have no physical access to my machine, but there are 100+ employees in the building who potentially could access that machine.
It seems the most secure but also the most inconvenient thing would be to never type or paste my master password on that remote PC. I could unlock my vault only locally on my Mac and copy individual Work vault credentials over. My master password and Personal vault credentials would be secure, but the workflow would be very awkward and slow.
I'm not imagining that anyone specific is doing anything nefarious. I just tend to opt on the side of caution wherever possible. Am I missing anything?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I posted this in the Lounge earlier: https://discussions.agilebits.com/discussion/112378/best-practices-when-working-remotely-using-a-personal-1password-account
The gist of it is: I use my self-purchased individual 1Password account for both my personal and work credentials. Now that I am working from home remotely, I want to separate my Work vault from my Personal vault as much as possible.
Would upgrading to a family account allow me to do this? To have a separate Master password for each of my vaults?
Can a family account work with only one person on it? Would I actually have to sign up with a separate email to make that work?This way if there were any sort of breach on the work side of this setup, anyone would only get access to my work logins, but none of my personal stuff. It would probably be worth the extra $24 per year if it won't be too inconvenient.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
@mlangsottile - I'm not an expert in how LogMeIn works, so I can't give you expert advice on that, but LogMeIn is essentially a remote desktop application, right? That means, you are logging in to another computer from your own computer, correct? Or are others also signing into your computer using LogMeIn?
To answer your question about separated vaults and accounts, you cannot give each vault a separate Master Password; that's not how it works in a 1password.com account, where you have only a single Master Password. If you want to truly separate logins, then you should set up one account for work-related items and another one for your personal items. This is what many people, myself included, do: I am a member of the AgileBits team for my work here, and I do not store any of my private-life logins in the various vaults on the AgileBits team to which I have access. Then my family and I have a separate 1Password Families account for which I have an entirely different Master Password. Hope that's helpful, but feel free to ask any follow-ups.
0 -
Thanks, @Lars.
LogMeIn is a Remote Desktop platform, so I am logging into another computer from my home computer. However, because my employer has one shared LogMeIn account across multiple employees, any of us could log into each others computer (if you think about it like an open office/shared plan, where I could physically go onto anyone's work computer and anyone could go onto mine, but each employee only has the credentials for their own Windows account)
I was asking about if it could be possible to use a Families account for this purpose, by setting up two accounts that I would use both. One for personal, one for work. So I guess from what I've looked at, using 1Password Family lingo I would have a 2 family member account, where my personal credentials would be stored in a Private vault for me as the only Family Organizer, and my work credentials stored in a Shared Vault with both members.
I'd have a Master password to access just my work vault, and a separate master password that would show me everything.
Would that work?
0 -
I do personally use LogMeIn so I can add a bit to what Lars mentioned.
There are two types of remote access, in my experience:
- Independent session remote access, where what you see isn't normally visible to anyone else
- Shared session remote access, where what you see may be visible to anyone at the console (e.g. physically viewing the monitor of the computer you're controlling) or otherwise remotely accessing the computer
LogMeIn appears to be the latter. It does offer a screen blanking option, which may help, but if someone can disconnect you from the session and then take over either from the console or another remote session they may be able to see what you were seeing prior to you disconnecting. To help mitigate this I believe LogMeIn also offers an option to lock the screen when disconnected.
I would suggest investigating these options, if they are not already enabled. :)
Ben
0 -
Thanks, @Lars
LogMeIn is a Remote Desktop platform, so I am logging into another computer from my home computer. However, because my employer has one shared LogMeIn account across multiple employees, any of us could log into each others computer (if you think about it like an open office/shared plan, where I could physically go onto anyone's work computer and anyone could go onto mine, but each employee only has the credentials for their own Windows account)
I was asking about if it could be possible to use a Families account for this purpose, by setting up two accounts that I would use both. One for personal, one for work. So I guess from what I've looked at, using 1Password Family lingo I would have a 2 family member account, where my personal credentials would be stored in a Private vault for me as the only Family Organizer, and my work credentials stored in a Shared Vault with both members.
I'd have a Master password to access just my work vault, and a separate master password that would show me everything.
Would that work?
0 -
Thanks, @Lars
LogMeIn is a Remote Desktop platform, so I am logging into another computer from my home computer. However, because my employer has one shared LogMeIn account across multiple employees, any of us could log into each others computer (if you think about it like an open office/shared plan, where I could physically go onto anyone's work computer and anyone could go onto mine, but each employee only has the credentials for their own Windows account)
I was asking about if it could be possible to use a Families account for this purpose, by setting up two accounts that I would use both. One for personal, one for work. So I guess from what I've looked at, using 1Password Family lingo I would have a 2 family member account, where my personal credentials would be stored in a Private vault for me as the only Family Organizer, and my work credentials stored in a Shared Vault with both members.
I'd have a Master password to access just my work vault, and a separate master password that would show me everything.
Would that work?
0 -
That would certainly be possible, yes. It seems that is something that perhaps your employer should consider providing, but, yes, if you're going to pay for it personally a 1Password Families membership would work. If your employer does decide to provide 1Password, then we offer either 1Password Teams or 1Password Business. :)
Ben
0