Accessing 1password from an untrusted public computer with "just one time valid entry password"
I am looking for a practical, yet safe approach to access my data (e.g. stored passwords) in 1password, from an untrusted computer while travelling. I have read this forum and learned that the 1password's team strongly encourages the users to always carry a personal computer/mobile/tablet and never use a public device to connect to 1password. Although this recommendation sounds quite reasonable, it cannot be hold in an emergency situation. For example, imagine that I, as an international tourist, travelled to another country and lost my bag and personal electronics, but do remember my 1password master key and do have account key (e.g. in my USB keyring). If in this situation I want to access my 1password account (for example to get a password or a stored document there to show the police or whatever), of course I would be able to do so, however my 1password credentials might be stolen using a keylogger or malware installed on that machine. As you guys recommend it is absolutely discouraged to log in from an untrusted computer, but as I explained such a need may happen for a frequent traveller.
Now, I have a suggestion: would you guys be able to add a new feature (if it doesn't exist already!) to the great 1password software, so that a user could define a "just one time valid entry password" and use it in an emergency situation? What I mean by "just one time valid pass" is that you could use it just for one time logging in and as soon as you log out that password becomes invalid. This would be really great feature for an emergency situation while still keeping a level of security. Would you be able to provide this feature?
Thank you for your nice product!
1Password Version: 6.8.5
Extension Version: Not Provided
OS Version: OS
Sync Type: Not Provided
Referrer: forum-search:one time valid password
Comments
-
Welcome to the forum, @hd_ali! Thanks for the thoughtful question and the suggestion. :) I'm not the cryptography expert here, but as far as I know this sounds like it wouldn't be possible, and I'll try to explain why. It's not because we don't want to, I think it's not cryptographically possible.
Your 1Password data is protected by your Master Password and Secret Key when you have a 1Password account. And when I say "protected," I mean the data is encrypted by the combination of those two things. Those two pieces of data, combined, are what derive the actual AES256 encryption key that transforms your data from human (and machine)-readable text into unreadable ciphertext and back. The way the AES256 cipher (and most others) work is: you need the specific key to transform the data. And you need the specific password (or in this case, Master Password plus Secret Key) to derive that key. It's not like an authentication system where you could have a regular password and a "secret" or "one-time" password that the system would know. In encryption, the string you enter is run through the mathematical functions of the algorithm and if you've entered the same set of data (password) that you did to ENcrypt the data, then it works and the data are DEcrypted. Enter anything else, and it will fail.
It's a good idea, but it's contrary to the math of encryption, and therefore never going to be possible, as far as I can tell. Thanks for taking the time to suggest it, however! You're quite correct that we do indeed discourage the use of the 1password.com web client on untrusted computers (and any computer you don't own or know should be considered untrusted), because of exactly what you envision -- a malicious computer can steal/capture virtually anything, which is why this should be avoided if at all possible.
However, if you're really stranded without any device of your own that you trust, and in your opinion you MUST access your 1Password account, I would say go ahead, as long as you understand exactly what you're risking. In a worst-case scenario, if you do this, a sophisticated attacker could gain immediate access to all your 1Password data. That's a terrible outcome -- but it's for you, not us, to judge the relative risks and outcomes of whether it would be worse to risk that, or to NOT access your account for whatever it is you need. If you decide to take the risk, then as soon as you're around a trusted device, sign in again and change both your Master Password and regenerate your Secret Key. I would also recommend changing all of your Login passwords and notifying any bank or credit institutions to be on the alert for fraud. In other words: our recommendation stands (in general): DON'T do this, unless it's absolutely necessary.
0 -
Hi Lars,
Thank you very much for your prompt reply. I appreciate your elaborated explanation which helped me to understand why such a feature could not exist within AES256 framework. Keep up the good work! :+1:0
