New feature recommendation

Hi 1P_Ben

In response to your comment of:

The attacker must have the capacity to compel you to unlock 1Password while at the same time not have the power to retaliate once they discover the deception. Or they must be incapable of discovering the deception.

Note that even if you can fool the attacker at the time that they compel you to unlock, they are very likely to detect the deception at some later time. They are then unlikely to say, "Oh, nice trick. Very clever of you. I guess we lost."

The context of the attacker being likely to detect the deception at a later time seems irrelevant to many scenarios. Imagine a journalist from Israel who travels to Saudi Arabia. They demand he unlock his KeePass keychain (used as an example because they support duress codes). He enters duress code.

At "some later time" they realize it was a deception.

Journalist is already back home in Israel, safe.

If I'm being really fair, then yes, this is far more niche of a security feature than offline vaults. If you're not going to allow offline vaults, which is a far more useful security feature under significantly more circumstances, then duress codes are much less likely to be useful.

However, duress codes don't have the same problem that offline vaults have, in that duress code functionality won't reduce the need for people to pay for a perpetual subscription to your service. We all understand that offline vaults might jeopardize the subscription business model and we may not be happy, but we understand. Duress codes wouldn't jeopardize the subs.