Feature Request: Hide secret key from mobile app in case of mugging

tythompson
tythompson
Community Member

A friend was recently mugged, and the muggers forced him to reveal his iphone passcode, icloud password, and 1password password. They apparently had enough time to verify it all before fleeing. I read online that this is becoming a more common tactic by violent muggers.

I've been thinking of ways to avoid this. I've come up with: (1) randomizing my icloud password so I don't know it by memory, (2) swithing all text 2FA to email-based 2FA and using an email app (e.g. Einstein Email) that lets you set a pin to access, and (3) keeping critical logins (e.g. bank logins, email logins) off my devices using 1Password's Travel Mode. This way, I can just hand over my phone and passcode, but credibly say I don't know my icloud password or 1password. Essentially they'll have access to nothing important and I'll have time to wipe my phone using Apple's LostMyPhone feature.

The missing link however, is that my 1Password Secret Key is on my phone. A motivated mugger could use FaceID to access my 1Password, then force me to use my phone's browser to turn off Travel Mode. This can be avoided if I can keep my Secret Key off my device.

Ya, I know this sounds like going over-the-top in security, but my friend had a very surreal experience. Like muggers holding you up in a busy downtown city forcing you to reveal passwords. It's scary. and I can assume border agents in countries like China would have no problem taking the time to access all of this. So this feels like a justified product feature.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    @tythompson:

    The missing link however, is that my 1Password Secret Key is on my phone. A motivated mugger could use FaceID to access my 1Password, then force me to use my phone's browser to turn off Travel Mode. This can be avoided if I can keep my Secret Key off my device.

    The only way I can think of is if 1Password prompted you to enter your Secret Key every time you want to unlock the 1Password app, in addition to your account password. But typing the Secret Key every time would make the usability a problem :(

This discussion has been closed.