This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Keystroke Logging Security Issue

ea1958
ea1958
in Windows
<div class="IPBDescription">At Cafe (secured or unsecured) or even my home ISP</div>1Password still seems a bit circular to me (just like everything else).

I understand the convenience factor. I'm just not sure that the security factor is there. I am at a cafe right now. The network is unsecured and the Windows exclamation mark symbol is showing next to the network name in the task bar pop-up network viewer.

I almost logged into my 1Passord module (on-board my netbook) using my Master Keychain (don't know if those are the right terms) and then it occurred to me that I am damned if I do, damned if I don't.

What am I getting? What am I missing?

Thanks,

e
Flag

Comments

  • DBrown
    DBrown
    edited February 2011
    When you unlock your 1Password data, you're opening a local file, so your master password shouldn't be getting transmitted over the Wi-Fi.



    Of course, if someone has managed to install keystroke-recording software on your computer, then I assume the master password would be captured, as well; but the bad guy wouldn't have access to your 1Password data.



    Login credentials that 1Password fills into a form in your web browser aren't transmitted as keystrokes, so a keystroke-recording software shouldn't be able to "grab" them.



    I'll ask Stefan to provide more useful details and to correct anything I've gotten wrong. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/huh.gif' class='bbc_emoticon' alt=':huh:' />
    Flag
  • ea1958
    ea1958
    It seems like a great convenience and I may purchase for that reason (w/DropBox functionality).

    But, two things will happen. Security against losing password data will go up. Damages from password data loss will go up.

    e
    Flag
  • DBrown
    DBrown
    edited February 2011
    I'm afraid I don't understand what you mean by "Security...will go up," and I don't see how damages or "password data loss" will go up.



    I hope Stefan or someone else has some ideas about how to help.



    Thanks for your patience, e!
    Flag
  • ea1958
    ea1958
    edited February 2011
    It's just evolution. I got no beef with that.

    I still see myself using it for its convenience and its security-tending features <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

    e

    PS-Still can't get this site to notify me of thread postings <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' />
    Flag
  • DBrown
    DBrown
    Sorry that I'm just not following this, e: [i]what[/i] is just evolution?
    Flag
  • DBrown
    DBrown
    [quote name='ea1958' timestamp='1297304216' post='20333']

    PS-Still can't get this site to notify me of thread postings <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' />

    [/quote]

    In your account settings, click Notification Options; there's an option to automatically "watch" any thread in which you post a reply.



    You also can "watch" the entire forum.
    Flag
  • ea1958
    ea1958
    edited February 2011
    Oof, this is just evolution:

    I had to stop watching the thread, refresh my browser and then start watching the thread again; when I tried to start watching the thread again, I got this page:



    http://forum.agile.ws/index.php?app=core&module=usercp&tab=forums&area=watch&watch=topic&do=list&tid=3552



    I had been to notification options 2 or 3 times, but may have tried to watch the thread initially, before having those options properly set (I'm a genetic dead end).



    OK, now:

    To the constant high-sec Master Keychain re-entry. If I have the security that is intended/implied, can't I just use a simple password for my Master Keychain? That seems like it would solve the constant re-entry difficulty for us Windows Hominina.

    Thanks DB,

    e
    Flag
  • DBrown
    DBrown
    edited February 2011
    [quote name='ea1958' timestamp='1297353014' post='20358']

    To the constant high-sec Master Keychain re-entry. If I have the security that is intended/implied, can't I just use a simple password for my Master Keychain? That seems like it would solve the constant re-entry difficulty for us Windows Hominina.

    [/quote]

    Your master password is sort of like the key to the safe in which the secret decoder ring is stored.



    Effectively, the more difficult it is to guess your master password, the safer your data will be from someone who [i]also[/i] obtains access to your data (by having stolen your laptop, for example).
    Flag
  • ea1958
    ea1958
    OK, last post, I swear (sometimes).

    Post notification operates, not at all.
    Flag
  • ea1958
    ea1958
    Testing notification fix.

    e

    PS-My windows user ID requires log-in from hibernate, so I close lid before handing it over at gunpoint. So my Master Password for 1Password need not be a difficult one.

    PSS-PayPal did not seem to play well with random password assignment.
    Flag
  • DBrown
    DBrown
    edited February 2011
    [quote name='ea1958' timestamp='1297547096' post='20506']

    PS-My windows user ID requires log-in from hibernate, so I close lid before handing it over at gunpoint. So my Master Password for 1Password need not be a difficult one.tt

    [/quote]

    As stated elsewhere, the harder it is to guess your master password, the better your 1Password data is protected from someone who has your computer and, thus, access to your 1Password data file (a.k.a. keychain). I suspect it's rather simple (at least for a professional bad guy) to unlock a computer.



    The choice is yours, though, as to the right balance (for you) between security and convenience.



    [quote]

    PSS-PayPal did not seem to play well with random password assignment.

    [/quote]

    In the Strong Password Generator, you can adjust the parameters to conform to the requirements of any particular web site's "new account" page, in terms of the number of characters and whether it contains digits and/or nonalphanumeric characters.
    Flag
  • ea1958
    ea1958
    That re-enters a degree of difficulty that side-lines me for the time-being (my PayPal password I could reset through their 'Forgot Password' function. For my bank password I will have to wait until Monday to get help from my bank, via phone).

    The good news is, I got Notifications to work!

    I will continue to follow this 'Windows' forum.

    Thank you.

    e
    Flag
  • ea1958
    ea1958
    You guys are trying to re-invent too many things at once (I mean, I like evolution:-).

    I found my bank password in the 'ALL' sub-menu listed as "Password for...", instead of finding it in the primary Logins window.

    Is it because I am in the trial period? I reached my (20) quota (trial and erroring passwords), and then deleted some and kept going. My bank does have a 3-step login process of which [u]password[/u] is step 3.

    e
    Flag
  • Stefan von Dutch
    Stefan von Dutch Community Moderator
    [quote name='ea1958' timestamp='1297629021' post='20554']

    I found my bank password in the 'ALL' sub-menu listed as "Password for...", instead of finding it in the primary Logins window.

    [/quote]



    This is because you used the strong password generator, and generated a new password for some web site. Whenever this happens, we create and store a new item in the "generated passwords" section. This is by design. The auto-save prompt then creates a new item in the Logins section.
    Flag
  • ea1958
    ea1958
    edited February 2011
    I just found the Generated Password folder title <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_blush.png' class='bbc_emoticon' alt='(blush)' />



    "The auto-save prompt then creates a new item in the Logins section."

    I don't quite understand that part of your reply. Shouldn't I see my 'generated' password in the primary 'logins' window? Did I miss an "auto-save" prompt when I created that particular generated-password?

    e
    Flag
  • Stefan von Dutch
    Stefan von Dutch Community Moderator
    [quote name='ea1958' timestamp='1297674192' post='20583']

    I don't quite understand that part of your reply. Shouldn't I see my 'generated' password in the primary 'logins' window? Did I miss an "auto-save" prompt when I created that particular generated-password?

    [/quote]



    Whenever you bring up our strong password generator, and then have it generate a new password, we store a new item in the "generated passwords" section.



    Whenever you log into some website, our auto-save prompt appears. When you click on the button labelled "Save", then we create a new item in the "logins" section.
    Flag
  • ea1958
    ea1958
    I survived the hazing.

    I'm in, right???

    e
    Flag
  • DBrown
    DBrown
    e, I sure hope you're kidding about the hazing. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' />



    We do ask, though, that you take a few minutes to read the [i]Introduction[/i], [i]Getting Started[/i], and [i]Tutorials[/i] sections of the user's guide. They're short, and they'll give you the information you need to get up to speed quickly. As you use 1Password for Windows, we believe you'll find the [i]FAQ[/i] section to be a useful resource.



    That said, don't hesitate to create new topics here in the forum (or contact us at [i]support@agile.ws[/i]) whenever you have questions.
    Flag