Protection of my data against coercion

Hello @Fcm1975! 👋

I'm sorry about your safety situation, that sounds like a very scary thing to have to look out for and consider.

A long time ago, our security team posted some thoughts about the types of threats 1Password can and cannot protect you against. One of the threats that 1Password doesn't protect against is something that is euphemistically called Rubber-hose cryptanalysis: Rubber-hose cryptanalysis - Wikipedia

It's important to understand that 1Password cannot protect you from a physical threat to your life. The strongest encryption in the world can't protect you when someone is willing to use violence or blackmail to get to your data. In that scenario your protection is reduced to your own ability and willingness to withstand the violence or blackmail before giving in and giving the attacker your account password.

But what if you had a hidden vault filled with fake credentials that is unlocked in lieu of your real vault when you use a special fake account password? The trouble with this is that this sort of feature may be nothing more than "security theatre". If an attacker already knows that you have a bank account then you unlocking a fake vault that doesn't contain your bank account's credentials will immediately tell them that the vault that you've unlocked doesn't contain the data that they're looking for. And then they'll threaten you again.

I know that some security software does include a hidden volume feature but even those services come with a long list of warnings explaining how such as feature isn't a guarantee that your data will stay hidden and they warn that the feature must be setup exactly correctly for it to work as intended and to avoid an attacker from learning that you have a hidden vault/volume.

That all being said, I have passed along your request for such a feature to our product team. They'll consider if this is something that we can build, in a secure and effective way, in the future.

-Dave

ref: 35651937