WingNews logo WingNews GitHub [2]
top | item 17870804

Ask HN: Privacy/security with using a password manager on a managed workstation

3 points| littleweep | 7 years ago | reply

I work for a very large international corporation (420,000+ employees). I sit in the United States. I use my personal password manager (1Password) on a managed workstation (Macbook Pro, not sure that matters).

Should I assume that my password information is at risk/no longer private? Not sure if my keystrokes are being logged or if there's another way my information could be compromised.

I store my encrypted password database in a Dropbox folder that is local to my machine as well as in 'the cloud'. I realize this could be a separate security concern but my question focuses on using 1Password on a managed machine.

If (as I suspect) my information is not secure, does anyone have any suggestions for using a password manager on a managed machine? My intuition says to keep it on my phone and not use any password manager on my machine. I'd appreciate any thoughts.

Thanks.

1 comment

order
[+] pwg|7 years ago|reply
If you are on a machine for which you do not control the installed software (i.e., work provided machine), then it is possible for anything you place on that machine to be obtained and viewed/stored by the actual owner (employer, etc.).

If you want your passwords to be secure, then you can not use/type them on any machine for which you do not control the installed software.

And for machines for which you do control what is installed, you also have to be certain that no malware has been installed unnoticed.