plausible deniability with different passwords opening different vaults and vault hidding

thiagosouza
thiagosouza
Community Member

Plausible deniability is the ability of lying under treats, so 1pass should implement a way of loading different vault according to different passwords, allowing us to "surrender" some passwords with controlled damage.

Beyond the passwords, hiding very secret vaults on mobile also would help. Not just unselect like it is today, but I mean completely hide, so even under a treat we could open our vault and not deliver important information.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:Plausible deniability

Comments

  • Hello @thiagosouza! 👋

    Thank you for the suggestion! I've filed a feature request on your behalf so that the product team is aware that this is something that you'd like to see.

    We've discussed a feature like this previously and the important consideration here is something called a threat model. A service like 1Password protects you against certain threats and not others and it's important to understand that 1Password cannot protect you from a physical threat to your life. The strongest encryption in the world can't protect you when someone is willing to use violence or blackmail to get to your data. In that scenario your protection is reduced to your own ability and willingness to withstand the violence or blackmail before giving in and giving the attacker your account password.

    Another consideration is whether such a feature, when it comes to password managers in particular, may be nothing more than "security theatre". If an attacker already knows that you have a bank account then you unlocking a fake vault that doesn't contain your bank account's credentials will immediately tell them that the vault that you've unlocked doesn't contain the data that they're looking for. And then they'll threaten you again.

    I know that some security software (such as VeraCrypt) has a hidden volume feature but even those services come with a long list of warnings explaining how such as feature isn't a guarantee that your data will stay hidden and they warn that the feature must be setup exactly correctly for it to work as intended and to avoid an attacker from learning that you have a hidden vault/volume.

    If you're interested, our Principle Security Architect wrote more on the subject here: https://1password.community/discussion/comment/79821/#Comment_79821

    -Dave

    ref: IDEA-I-2174

This discussion has been closed.