Table of Contents
Hotel business centers, library computers, airport kiosks, a friend’s laptop, a work computer you share with colleagues – sometimes you need to log into an account on a device you do not own or fully trust. This is one of the few situations where using a password manager requires extra thought. Your vault contains your entire digital life, and exposing it to an untrusted device is a legitimate risk. This guide, part of our Password Manager Guides & Tutorials series, covers safe strategies for these situations.
The Core Risk
Public and shared computers pose specific threats that your personal devices do not:
- Keyloggers: Software or hardware that records every keystroke. If you type your master password on an infected computer, the attacker captures it.
- Screen recording: Malware that takes screenshots or records the screen. Everything you display – including passwords you copy from your vault – is captured.
- Clipboard monitoring: Programs that watch the clipboard and capture anything you copy and paste.
- Session hijacking: If you log into a web vault and do not properly log out, the next user could access your session.
- Shoulder surfing: Someone physically watching your screen in a public space.
These are not hypothetical. Public computers in hotels, libraries, and internet cafes are frequent targets for credential theft.
Strategy 1: Use Your Phone Instead (Best Option)
The safest way to handle the “public computer” problem is to avoid it entirely. Your phone is a trusted device with your password manager installed, Face ID or Touch ID protection, and AutoFill configured.
When You Need a Credential on a Public Computer
- Look up the password on your phone (in PanicVault or your manager of choice)
- Type it manually on the public computer
- Do not paste from your phone to the computer (this often does not work between devices anyway, and clipboard sharing can be intercepted)
Downsides
- You have to type potentially long, complex passwords by hand
- Generated passwords like
k7#mQ9xL4&nPw2$tare tedious and error-prone to type from a small screen - Not practical if you need to do extended work on the public computer
Tips for Manual Entry
- In PanicVault, tap to reveal the password so you can read it
- Type in groups of 3-4 characters, checking each group against the screen
- For very long passwords, consider temporarily changing the password on that account to something shorter and typeable, then changing it back when you return to your trusted device (and updating your vault both times)
Strategy 2: Web Vault Access (Cloud Managers Only)
If you use a cloud-based password manager like Bitwarden or 1Password, you can access your vault through a web browser on the public computer.
How to Do It Safely
- Open the browser on the public computer
- Navigate to your vault’s web interface (e.g., vault.bitwarden.com or my.1password.com)
- Use an incognito/private browsing window – this prevents the browser from saving your session, cookies, and history
- Log in with your master password
- Access the credential you need
- Copy and paste the password rather than displaying it in full view (aware that clipboard monitoring is a risk, but it is less visible than having the password on screen)
- Log out completely when done
- Close all browser windows, including incognito
- Clear the clipboard by copying a random piece of text
Risks
- Your master password is typed on the public computer. If there is a keylogger, it is captured
- Your vault contents are displayed on a screen that may be monitored or recorded
- The browser session might not fully terminate even after you close the window
Mitigations
- Enable 2FA on your vault account: Even if your master password is captured, the attacker cannot access your vault without the second factor (which stays on your phone). This is where 2FA on your password manager pays off.
- Change your master password after using a public computer, as soon as you are back on a trusted device
- Only access the specific credential you need – do not browse your vault or look at multiple entries
PanicVault Note
PanicVault is a local, KDBX-based manager without a web vault. You cannot access it from a public computer’s browser. Use Strategy 1 (phone lookup) or Strategy 3 (temporary credentials) instead.
Strategy 3: Temporary Credentials
For accounts you know you will need on a public computer (e.g., webmail during travel), create a temporary password before your trip.
How It Works
- Before you leave your trusted device, log into the account you will need
- Change the password to something temporary – still reasonably strong but shorter and typeable (e.g.,
TravelLogin-March2026!) - Save the temporary password in your vault with a note: “Temporary – change back after trip”
- On the public computer, use the temporary password
- When you return to your trusted device, change the password back to a strong, generated password and update your vault
Advantages
- You type a simpler password, reducing keylogger exposure and typing errors
- The password is temporary – even if captured, it has a limited window of usefulness
- You do not expose your master password or vault
Disadvantages
- Requires advance planning
- The temporary password is weaker than your normal generated password
- You might forget to change it back
Best For
- Email access during travel
- Any account you specifically anticipate needing
- Not practical for spontaneous needs
Strategy 4: One-Time Passwords for Email
Some email providers support app-specific passwords or one-time login methods that reduce risk.
Google Account
Google supports app-specific passwords and has an option to generate one-time verification codes:
- Before your trip, generate app-specific passwords in your Google account security settings
- Write down the app-specific password (or store it separately on your phone)
- Use it on the public computer – it grants limited access and can be revoked later
- Revoke the app-specific password as soon as you are done
Apple iCloud Mail
iCloud web access (icloud.com) uses your Apple ID. You can generate app-specific passwords for limited access:
- Go to appleid.apple.com
- Generate an app-specific password
- Use it on the public computer
- Revoke it after use
Strategy 5: Two-Device Authentication
Leverage your phone as a security checkpoint for public computer logins.
How It Works
- On the public computer, begin logging into the service
- The service sends a 2FA prompt to your phone
- Approve the login on your phone
- Even if the public computer has a keylogger that captures your password, the attacker cannot log in later without also having access to your phone
Requirements
- 2FA must be enabled on the account
- Your phone must be with you and charged
- The 2FA method should be TOTP or push notification, not SMS (which can be intercepted)
Post-Session Security Checklist
After using any credential on a public computer, follow this checklist:
Immediately (Before Leaving the Computer)
- Log out of every account you accessed
- Close all browser windows
- Clear the browser history (Ctrl+Shift+Delete in most browsers)
- Clear the clipboard by copying a random word
- Check for any “stay signed in” prompts you might have accidentally accepted
- Verify no browser extensions were installed (some malware installs extensions silently)
As Soon As You Return to a Trusted Device
- Change the password on every account you accessed from the public computer
- Review account activity logs (most major services show recent logins – look for unauthorized sessions)
- If you used a web vault, change your master password
- Revoke any app-specific passwords you created
- Check for any unauthorized changes to your accounts (email forwarding rules, recovery email changes, new linked devices)
If You Suspect Compromise
If anything looks suspicious in your account activity:
- Change the password immediately
- End all active sessions (most services have an option to “log out of all devices”)
- Review and update 2FA settings
- Check email forwarding rules (attackers often add forwarding to maintain access)
- Review recently sent messages (attackers may send messages from your account)
Situations to Avoid Entirely
Some situations are too risky even with precautions:
- Never log into banking or financial accounts on a public computer. The risk is too high and the consequences too severe. Wait until you are on a trusted device, or call the bank if the need is urgent.
- Never type your master password on a public computer. If you need vault access, use your phone. If your manager has a web vault, only use it with 2FA enabled, and change the master password afterward.
- Never access your password manager on a computer with visible signs of compromise – unusual popups, unexpected behavior, or unknown software running. Trust your instincts.
- Never use a USB drive from an unknown source. Some attacks involve leaving infected USB drives in public places. Do not plug any unknown device into a computer you are using.
Travel-Specific Advice
When traveling, public computer use is most common. Prepare:
- Before you leave: Identify accounts you might need and set up temporary passwords (Strategy 3)
- Enable 2FA on critical accounts if you have not already
- Print essential information: Hotel confirmations, flight details, and other reference information you will need – reduce the need to log into accounts at all
- Carry a charged phone: Your phone with PanicVault is your secure vault. A portable battery charger ensures access throughout the day
- Consider a travel email: A separate email account with no access to critical services, used only for travel bookings and communications
