A look at 1Password's Travel Mode
AgileBits, makers of the 1Password password manager, introduced a new Travel Mode feature in recent versions of the program for paying customers. This new mode hides password vaults when you enable it, so that they are not revealed when someone opens the passwords in the application.
Traveling internationally with electronic devices can be an unpleasant experience. Border agents may want to take a closer look at the devices, and if you are unlucky, ask you to unlock them or even provide you with passwords to check your activity on social networking sites and elsewhere.
While you can theoretically say no to this, chance is high then that you will be questioned thoroughly, and may even be denied entry to the country in question.
One common option to protect your data from this is to use a device without sensitive data, and transfer or sync the data once you have entered the country. This allows you to agree to a closer inspection of the device.
1Password Travel Mode
Travel Mode is a new feature of the 1Password password manager that tries to address this in a different way, at least when it comes to the information stored by the password manager.
You may enable Travel Mode on the 1Password website at any time to hide all password vaults that you have not flagged as "safe for travel" explicitly.
If someone inspects the passwords in the app, all they see is the "safe for travel" data, and nothing else. You can flip the Travel Mode switch once you have entered the country to sync the the other vaults to the device.
AgileBits notes that the vaults are removed entirely from all devices it is installed on for as long as Travel Mode is enabled.
Your vaults aren’t just hidden; they’re completely removed from your devices as long as Travel Mode is on. That includes every item and all your encryption keys. There are no traces left for anyone to find. So even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.
Administrators manage the information for 1Password Teams which adds another layer of defense to the process.
Instructions on how to set up Travel Mode are available on the 1Password support website. Here is a short overview:
- You should create multiple vaults if you have not already to separate save for travel data from data that you want to protect.
- You need to click on the edit icon of a vault, and check the "safe for travel" option that is displayed then, to mark the vault as safe for travel. Any vault that you mark this way is revealed when you open the 1Password application while in Travel Mode.
- Any other vault, those not flagged as "safe for travel" won't be in the app if you enable Travel Mode.
- To enable Travel Mode, go to the 1Password website, click on your account name, select My Profile, and there "enable Travel Mode".
- Open the 1Password app on all devices you are traveling with. You will notice that vaults that have not been marked as safe for travel will be removed.
- You turn Travel Mode off once you crossed the border.
How useful is Travel Mode?
Travel Mode hides vaults in the password manager, and does not reveal that the app is in Travel Mode either.
If you are asked to open the password manager, all that is displayed are safe for travel information.
The system works well for as long as the border agent is not aware of the functionality. You might be asked to open the account on the 1Password website if that is the case to check for Travel Mode.
Good news is that this is different for 1Password Teams, as this functionality is handled by administrators. If you are not an admin, you cannot disable Travel Mode even if you sign in to the 1Password website.
A better solution, in my option, would be to allow for multiple login accounts to separate the data. While that adds some complexity to the program, it seems to be the safer solution.
Now You: Do you protect your data when you cross borders?
“A better solution, in my option, would be to allow for multiple login accounts to separate the data. While that adds some complexity to the program, it seems to be the safer solution.”
Martin, what do you mean by allowing for multiple login accounts? Do you mean creating another 1Password account especially for travel?
Amir yes something like that, but maybe not a separate account but an option to use different sign-ins for one account. Even if you sign-in on the site using that account then, no one would be able to figure out that there are other logins that open other vaults.
Typo: A better solution, in my option
You probably meant “in my opinion” ;P
Nice to read
It stores your data in “the cloud”? Another way of handing over your data I guess. Ehh, pass. I never traveled outside Europe, but here I was never asked about what’s inside my laptop (inside, as in data).
My general view on cloud connected password managers is very bad. Borderline malware-like behaviour with a topping of shady marketing.
I’ve always had reservations against cloud password managers, but drank the cool-aid and went with 1Password for Families and Teams. Can you elaborate on “Borderline malware-like behaviour with a topping of shady marketing?”. I’d love for someone to change my mind :)