1Password and travel emergencies
I'm thinking through an emergency travel scenario and want to make sure I understand properly what I need to do in advance. I use the Family version of 1P. ( I LOVE 1Password, by the way. You guys and gals rock.)
Assume I'm traveling alone with only a phone and no other registered device. My phone gets lost, stolen, or fried in an ocean. I can use a friend's computer or an internet cafe and log into my account at 1Password via web browser and get access to all my passwords.
But to do that, I will need my secret key, right? Clearly I can't keep the secret key on my phone. If I'm overseas, it may not be easy to call someone at home who has my secret key because of time differences or access to a telephone. So...how do travelers deal with this?
Should I carry a USB stick with my secret key in an encrypted format? Should I print a piece of paper that I keep in my personal baggage with the secret key but NO other identifying info (obviously would not print email address or my master password or even use the term "1Password").
Any ideas? Or do I have any of this wrong? Thanks so much for any thoughts.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:1password and travel emergencies
Comments
-
Hi @greenday!
For the scenario you mentioned, I have heard of people who keep a printed copy of the Secret Key in their wallet. You can also print a copy of your Emergency Kit and store it with your passport while you travel.
0 -
Print out your Secret Key on a sheet of paper. Arrange the paper somewhere inconspicuous in the scene of a generic photo, say you at your desk grinning and wearing a funny hat. Make sure you can still read the key when zooming in on the paper in the pic. Store the pic somewhere in your photo library, preferably NOT under "1Password Secret Key Photo"...
0 -
@ ag_ana, I’m not comfortable traveling w my emergency kit in my passport. Too many people handle passports. Maybe intl hotels don’t ask for passports any more? They used to.
@ williakz. Creative thought. But if I lose my phone while traveling, I won’t have access to my photos. No laptop. 1P would have my password to my cloud storage. So no joy on this one. Other ideas?
0 -
I’m not comfortable traveling w my emergency kit in my passport. Too many people handle passports. Maybe intl hotels don’t ask for passports any more? They used to.
Understood. What about the other suggestion to keep a printed copy of your Secret Key in your wallet?
0 -
@greenday, any port in a storm. Most folks keep (at least some of) their pics on one cloud or another. So any computer with access to the cloud can be used to retrieve your Secret Key which can then be used to install and repopulate 1Password on your replacement phone or laptop.
As for wallets, many destinations are rife with pickpockets so potential loss is always a consideration, although what they’d make of a LONG string of gobbledygook like a Secret Key is anyone’s guess.
0 -
@williakz, if you store your secret key openly in a cloud, for example your emergency kit *.pdf in OneDrive, the security of your passwords becomes the same security you have with OneDrive. Anyone with access to your OneDrive has access to your emergency kit, thus your secret key. This reduces the 1Password security to your master password, which is stored in your brain only, and probably on a printed piece of paper in the paper document safe at home.
You can do that of course, if you don't have the highest security demand, but you have to keep this in mind.0 -
@Tertius3, Agreed.
My suggestion was to "hide" the Secret Key (in plain sight) in a photo stored among many hundreds or thousands of others in one cloud or another. Kinda like my father used to hide money in a book in his huge library. A thief may suspect it's there, but they can't afford the time and effort to find it. Think about it.
0 -
@williakz Don't rely on that. That's very casual. There are often mechanisms you never think of that enable thieves to access stuff you think that are well hidden, but actually aren't. For example, Windows and apps keep a "last recently used" list of files that were recently opened. They might open your image viewer, look at the mru, and might immediately get your secret key image if you used it somewhat recently. Some mrus are months and years long, even if you see only the first 3 to 10 items.
There are other/more mechanisms that enable people find files in surprising ways.
0 -
@williakz and @Tertius3...Here's the deal--I won't have access to anything stored in the cloud. Access would require a password. Which is a 16-digit randomized monster I don't have memorized. I use 1Password to handle my randomized passwords, and without access to 1Password, I have access to nothing.
In this travel scenario, I have lost my only device that has 1P. I don't want to call home on a borrowed phone to get the Key because of time differences, and also because my family at home don't have Signal or other apps (they're older), so I'd have to figure out how to make an international call and pay the toll, etc
So...I'm back to a hidden piece of paper with the Key. Or an encrypted USB stick. Maybe what I need is a giant ring with a secret compartment, ha! Anyway, I appreciate the thoughts. If anyone has some other creative ideas, let me know.
0 -
What you do probably also depend on the hostility of your travel location. If you're just on vacation in a civilized democratic constitutional state, you can probably just put a piece of paper into your suitcase. If it's possible your smart phone and your wallet gets stolen at the same time, don't keep the backup in your wallet.
If you travel to a more hostile environment, obfuscate the code and make sure nobody suspects that this is some kind of secret key but just some rubbish or just normal text, and only cover but don't actually hide it.
I would not rely on a USB stick. A USB stick can get lost or stolen as well, and it's not sure if you're able to use an USB stick in every internet cafe.These days, a lost smartphone is a major issue. Just recently, I bought a new smartphone and realized my old smartphone has become a key for several things. 1Password is only a tiny part of that. Much identification stuff runs over that smartphone and its registered phone number. It's also a registered device for 2 banking apps. And so on. It was a chore to change all this stuff over to the new smartphone (the old was just old, not stolen).
It depends on where you travel, but if that location is not as secure as your home country, consider leaving your smartphone at home and buy a cheap second smartphone just for travelling where you don't add everything. Also consider buying extra SIM cards for that smartphone, local prepaid ones on arrival for local (cheap) fees and not use roaming.
0 -
Lotsa good suggestions here. Great point on centrality of smartphone to various forms of secure access (outside 1Password). Agree it’s a great idea to know in advance what you’ll be up against but not really doable in many cases. Life throws you its curves when and where it will.
0 -
@Tertius3...agreed on the centrality of the smart phone now, which is why I'm being a little compulsive about figuring this out. I won't be going anywhere hostile, but I'm always a little paranoid. Good points on the USB stick. OId school might be best here. I think I'll put the key segments in reverse order on the back on an innocuous looking receipt or manual or something. I'll give some thoughts to a burner phone. That might be a good idea. Thanks very much for your thoughts!
0 -
This content has been removed.
-
How has no one mentioned UbiKey? I keep two/three in different places whilst travelling or at home. Useless to someone else, even if they know what it is without knowing what accounts it unlocks or your other sign in details.
Many people keep UbiKeys on a lanyard under clothing, etc. This approach will get you out of most problematic scenarios. After losing your phone, you can log into a computer anywhere in the world as long as you have one of your UbiKeys.
0 -
After losing your phone, you can log into a computer anywhere in the world as long as you have one of your UbiKeys.
Not unless you also have your Secret Key and Master Password. The Yubikey is not enough to login to a 1Password account. Since the original post focused on situations where the Secret Key is not available, the Yubikey would not help in this case.
0 -
This issue has been brought up before and AgileBits several years ago and nothing has changed.
0 -
Lots of good information in that other discussion too, so thank you for sharing that link @wavesound!
0 -
@wavesound Thank you very much for the link. I did not see it in my search.
0 -
:+1: :)
0 -
I can share what I have done recently for this exact scenario.
I use the app what3words, it’s available in the browser like google maps, Which splits the world into 3m by 3m squares and each square has a 3 word phrase attached to it.
I have 3 locations memorable to me. Using the browser based map I find them and use them as follows:
Square 1 / location 1: the email address, for example trusted.machine.airport@gmail.com
Square 2 / location 2: is the password to the email account.
Square 3 / location 3: is the password to the encrypted file containing the emergency kit.
Even then I don’t store the master password on the document. No 2FA on the email account. The email address isn’t stored anywhere. Accessible from any internet connected device.
I think it would be extremely unlikely anyone would be able to access the encrypted document, even then, they would still need to know my master password. All this solely protects my families secret keys in the event of all devices being lost/ destroyed/ stolen.
0 -
That's an interesting way of encoding the information you'd need to recover your 1Password account. Do keep in mind though the added risk of both relying on a third party as well as the fact that the passwords and email account are technically public and tied to meaningful locations to you.
Cheers
0