Can I set up a limited vault for international travel?

Dan234
Dan234
Community Member

There are legitimate concerns about being forced to surrender passwords at customs in this and other countries. Can I create a vault for travel for only my most needed items, with idea that I can survive having them compromised if forced to surrender my master password? Would I have to wipe all other vaults from my device, or is there a way to accomplish this with different accounts and limited accessibility?


1Password Version: 6.5.3
Extension Version: Not Provided
OS Version: OS X 10.12.3
Sync Type: Not Provided
Referrer: forum-search:Can I set up a limited vault for international travel and not have other items accessible?

Comments

  • illogical_logic
    illogical_logic
    Community Member

    Hi there,

    I'm also very interested in seeing Agile's expertise and guidance on this important topic. Based on experience, this is a really challenging process, especially for those that are inexperienced. It's unfortunate that most people can't live without their tech while traveling abroad, and probably shouldn't have to if they have secure means to keep their data safe. My guidance questions are below as well as my feature requests.

    Trip prep:

    • Tagging a sub-set of items in your vault(s) and only taking what you anticipate you'll need.
    • Where do I store my password vault?
      • in the cloud? If so, what additional steps do I need to take to protect my vault?
      • local storage? If so, what about apple devices?
    • How do I securely store my contacts while I'm traveling? cough
    • Do I need to disable fingerprint authentication?
    • What worst case scenario do I need to be prepared for in the event my vault file is copied off of my device?
    • Do I uninstall 1password until I've crossed the geopolitical border?

    On the road:

    • Are there any concerns about syncing 1password while in country?
    • What do I need to be on the look out for with my vault?

    Return to base:

    • How do I identify any changes to my travel vault (at scale) and easily reincorporate the changes back into my original vault(s)?
    • Is there an easy way to maintain a travel vault?

    Things that aren't so easy (aka feature requests)

    • Duress - All of us don't travel to places that follow laws and due process. How do I prevent my PII or other sensitive data from being compelled from my vault (regardless of whose asking)?
      • Can you please incorporate a process for failed attempts or alternative codes?
    • Authentication - Our master passwords are only as good as how we store them -
      • Can you please incorporate multi-factor authentication options into the platform?

    Thanks all, and for those that are traveling, stay safe.

  • Hi folks,

    Thanks for taking the time to write in. This is a pretty broad topic, but I'll write about what I've considered doing for my next international trip (assuming I take one).

    I am not a lawyer, and don't play one on TV either. :)

    • I'll delete 1Password from my device.
    • If I feel there is something that I absolutely must carry digitally I'll create a standalone vault separate from my 1Password account, and store a copy of that in the new vault. I'll use a separate Master Password for this vault than from my 1Password account.
    • I'll consider mailing a copy of my Emergency Kit, sans Master Password, to my destination. That way I can log back in and have all of my data while I'm there, to be deleted again before returning.

    I will touch on a couple of individual pointed questions:

    How do I securely store my contacts while I'm traveling?

    1Password isn't an address book, and doesn't intend to be. We do have an Identities feature, which could potentially be used to store contact information, but again it isn't an address book.

    Do I need to disable fingerprint authentication?

    I personally would but honestly it probably isn't going to help you much if you are at the border. My (very limited) understanding is that US CBP has much less restriction imposed on them while at the border than they would within CONUS.

    How do I identify any changes to my travel vault (at scale) and easily reincorporate the changes back into my original vault(s)?

    My personal plan would be to not edit until I'm back to my 1Password account with full access. What edits would you anticipate needing to make while actively crossing the border?

    Can you please incorporate a process for failed attempts or alternative codes?

    We do use PBKDF2 to help prevent multiple repeated failed attempts.

    Can you please incorporate multi-factor authentication options into the platform?

    1Password Teams does have the option of using Duo for MFA (beta).

    I don't believe it is technically feasible to add MFA of that variety to standalone vaults. For starters, it seems you'd need to have internet access, which you may not have while traveling.

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

This discussion has been closed.