Custom icons for security
In my local area, I have heard reports of people who are forced to unlock their iPhone, and asked at knifepoint to open their password manager.
I’d love to be able to change my 1P icon to something custom do it is less obvious that it is there.
I know this was discussed here a few years ago - what is the status?
Comments
-
Hi @amertner
This isn't something we currently have on the roadmap. If your intention is to hide 1Password you may want to consider putting it on the 2nd page of an unrelated folder. Intentionally adding functionality that causes the app to be deceiving about its function or purpose could be construed as a violation of Apple's rules and could be grounds for removal of 1Password from the App Store. I doubt that is a risk we'd be willing to take.
App Store Review Guidelines - Apple Developer
Another possible option here would be travel mode. Before entering an area where you might face such threats you could enable travel mode, leaving only a vault that has less sensitive accounts in it. You could even combine this with the above suggestion.
Use Travel Mode to remove vaults from your devices when you travel | 1Password
The situation you've described reminds me of one of my favorite comics, which I've posted a few times here, but I think is appropriate for this thread. As illustrated in the comic I think it is worth considering that there is only so much software can do to protect you, and that you may want to consider other precautions to protect against / prevent real-world threats.
xkcd: Security
I hope that helps. Should you have any other questions or concerns, please feel free to ask.
Ben
0 -
Two possible solutions @amertner are:
- Turn on PIN protection instead of TouchID/FaceID - you only get one chance at your PIN
- 1Password could implement a duress PIN which would open a pre-filled dummy vault
The first solution is already present in the settings. If held at knifepoint you would intentionally input your PIN incorrectly ('in a panic') - 1Password then demands your master password which you could say you don't have with you / [some other excuse here].
Personally I prefer the PIN option as it adds an additional layer of security. If somebody manages to use biometric authentication without my consent to unlock my device, they can't get into 1Password but I still have the convenience of not needing to enter my master password each time.
Many companies / government departments mandate 2FA on password managers - this provides something pretty close: biometric to unlock your device and PIN to unlock 1Password. Before 1Password introduced the PIN option I was unable to use it for work - entering a long master password each time was unacceptable.
The second solution would need to be developed and I'm not sure that's something 1Password would be willing to do on the basis of the XKCD comic. In addition it would introduce an additional element of technical complexity into the software that no developer wants. Finally I can see potential for it being misunderstood and misused by customers. However, unlike the disguised icon, it wouldn't be in breach of Apple's policy.
0 -
I guess one other consideration is... are you willing to get stabbed and potentially die to protect your data? Certainly people store a lot of valuable information in 1Password, but if faced with the possibility of death do you really want to attempt to deceive attackers with what may very well be easily seen through as a ploy? I can't answer that question for you. Each individual needs to make that determination for themselves. But especially with adrenaline pumping and such I'm not sure I'd advise anyone to do something that increases the odds of them ending up six feet under. Along with that: If they don't get what they are looking for from you via your password manager, what lengths are they going to go to in order to get it from you in other ways?
Food for thought.
Ben
0 -
Hi Ben - I would clearly not be willing to get stabbed or die to protect my data. My suggestion to allow me to pick another icon was simply to have plausible deniability if asked if I have a password manager.
Using travel mode is a nice idea for when I am traveling. Unfortunately, the recent events I have heard of are in my local neighbourhood, and enabling travel mode very time I go out clearly would defeat the purpose behind having a password manager in the first place.
I do like gazu's idea of a special PIN that would reveal a subset of my vault, so I can use that to avoid sharing the most important pieces of information.
0