Most University data lives in cloud services now. The risk during travel has shifted from data sitting on the device to credentials and active sessions that can reach the data. Plan accordingly.
Password Manager
The University supports 1Password. Before you travel, consider creating a separate travel-specific vault containing only the credentials you'll actually need on the trip. Sign out of 1Password before crossing borders, so an unlocked device doesn't grant access to your full vault.
Multifactor Authentication
Enroll at least two different types of authenticator before you travel: a platform authenticator built into your device and a roaming authenticator you carry separately. International travel can disrupt your usual sign-in methods β cellular service may be unavailable, push notifications may not arrive, and a single lost or confiscated device can lock you out entirely.
Warning: SMS and phone-call methods are unreliable abroad.
Carrier roaming, local SIM swaps, and network congestion can all prevent one-time passcodes from arriving. Do not rely on SMS or voice calls as your only second factor while traveling internationally.
Platform authenticators use biometrics or a device PIN you already have β no additional hardware required:
- Apple devices: Touch ID or Face ID (registers a passkey through iCloud Keychain)
- Android devices: Fingerprint, face unlock, or screen lock (registers a passkey through Google Password Manager)
- Windows devices: Windows Hello β fingerprint, facial recognition, or PIN
Because a platform authenticator is tied to the device it is registered on, losing that device means losing that factor. That is why you also need a roaming authenticator.
Roaming authenticators (physical FIDO2 security keys) are small USB or NFC devices you carry on a keychain. They work on any computer or phone, require no network connection or battery, and are the strongest phishing-resistant factor available.
- Recommended: FIDO2-certified keys such as those from Yubico (YubiKey 5 series).
- Where to purchase: Available on CDW-G, Amazon, and most major electronics retailers, typically starting around $25β$55. Departments may choose to fund keys as a travel expense β check with your business manager.
- Tip: Choose a key with both USB-C and NFC so it works with laptops and phones alike. Consider purchasing two so you have a backup stored separately.
Store and Sync Passkeys with 1Password
The University supports 1Password, which can serve as both your password vault and your passkey manager. Passkeys stored in 1Password sync across all your devices β Mac, Windows, iOS, and Android β so if a device is lost, confiscated, or wiped during travel, your passkeys are recoverable the moment you sign in to 1Password on another device. This is a significant advantage over platform-only passkeys, which are tied to a single device or ecosystem.
Using 1Password for passkeys also keeps your credentials and your second factor in separate places β your passkeys travel with your 1Password vault, not with the physical device an adversary may be holding.
Authenticator types compared for international travel
| Consideration |
Platform Authenticator |
FIDO2 Security Key |
1Password Passkey |
SMS / Phone Call |
| Works offline |
β YES |
β YES |
β YES |
β NO |
| Phishing-resistant |
β YES |
β YES |
β YES |
β NO |
| Survives device loss |
PARTIAL |
β YES |
β YES |
PARTIAL |
| Syncs across devices |
ECOSYSTEM ONLY |
β NO |
β YES |
N/A |
| No network needed |
β YES |
β YES |
β YES |
β NO |
| Nothing to purchase |
β YES |
β NO |
β YES |
β YES |
How to enroll your authenticators
- Sign in to Pitt Passport from a trusted network.
- Navigate to Security Info and select Add sign-in method.
- To register a FIDO2 key, choose Security key. To register Touch ID, Face ID, Android biometrics, or Windows Hello, choose Passkey.
- Follow the on-screen prompts. You will verify with your current method first.
- Repeat to add your second authenticator type so you have both a platform and a roaming option enrolled.
- Test each method by signing out and signing back in, selecting the new authenticator at the prompt.
Tip: Save passkeys in 1Password for cross-device access.
When a website or app offers to create a passkey, 1Password can store it in your vault instead of locking it to a single device. Your passkey then syncs across every device where 1Password is installed β Mac, Windows, iOS, and Android. This is especially valuable for travel: if a device is lost, confiscated, or wiped, your passkeys are recoverable the moment you sign in to 1Password on a replacement device. See
Passkeys in 1Password for supported sites and setup details.
Note: Do this well before departure.
Enroll and test your authenticators while you still have access to your normal sign-in methods. Troubleshooting is straightforward on campus β it is not straightforward from a hotel in a foreign country. If you need help, contact the Technology Help Desk at
412-624-HELP (4357).
Avoid putting both factors on the same device when you can. A platform authenticator, a password vault, and an authenticator app all living on one phone means one compromised or confiscated phone equals full account takeover. Carry your security key separately from your laptop and phone.
Reduce Active Sessions
Before departure, sign out of services you won't use on the trip. Every active session is a credential that's already passed authentication and can be reused if the device is taken.