Hi Dave,
thanks for your feedback and the details. I do understand what you mean.
But in my opinion there is a bug/flaw or security issue at all.
Example:
Correct me if I'm wrong, but it tried it with several systems and everywhere it is the same.
Full access with no additional confirmation of a password, secret-key and so on.
Best
Dragon
ModeratorThank you for sharing your concerns! Travel Mode is designed to prevent the casual discovery of secrets at a border crossing if you're asked to let someone look inside of your 1Password app.
Travel Mode is intended to be used for non-web clients because the feature itself is turned on and off within the web client. In cases where a user may be asked to unlock the web client using their account password, Travel Mode can't protect against this scenario. Similarly if a user is asked to unlock the browser extension and use the browser extension to sign into the web client, the same is true.
That being said, I've shared your feedback with the team internally. They'll continue to look out for further improvements that can be made to features like Travel Mode to make them even more useful for everyone.
-Dave
PB-47210899
Thanks for your feedback.
It really should be a big warning concerning extensions/web-clients and the travel mode at all. Or over all the 'integrations' tab.
I think, that many don't know about, that they're fully logged in within all their data.
Does it really need to be this way? Why no additional query for a password and so on, when opening the 'integrations' tab.
1P_DaveHi Dave, can you tell me, if this is the case as I mentioned? Actual workaround would be in not using the extensions for macOS/iOS and so on. Or am I wrong?
ModeratorThanks for the ping! If a user is asked to unlock the browser extension and use the browser extension to sign into the web client, Travel Mode can't protect against this scenario. If you're concerned about this scenario, the best option is to remove the browser extension before traveling.
-Dave
