Data Security at the Border

[loveworksdotcom]

In this thread regarding the need for a password re-entry after reboot instead of allowing biometrics (which I agree 100%), one of the posters mentioned the need for greater security when passing through the borders.

 

In my search for a solution, I came across 1passord's travel mode.  I am not now, nor have I ever been a 1password user so I don't know anything about the company.

https://blog.1password.com/introducing-travel-mode-protect-your-data-when-crossing-borders/

 

I realize that Enpass doesn't have a "travel mode" -- but I remember reading about how to remove your enpass vault before you pass through borders/immigration and then re-sync it when you are safe.

Would somebody with better information, experience or knowledge about how this works explain to me, in specific steps, how I would accomplish this safety method when crossing borders.  I travel internationally all the time, and I am more concerned about opening my passwords up to scrutiny and possible exposure.

 

[Fabian1]

You can create a travel mode yourself:

Keep all important information only in an extra vault. The default vault contains nothing (or just passwords that you want to share with the border official ;-))

The extra vault should have a different password than your default vault. Do not store this password in your default vault (or delete it before traveling).

Only this extra vault is synchronized with the cloud. Best with an anonymous webdav server, that can not be associated with you. The iCloud is not so good because it's tied to the Apple ID, that you can look up in the phone, so the border guard might ask for the Apple ID password, searching and finding your extra vault there and will ask for this password too.

Also on all other devices (desktops, pads, telephones, etc.): the standard vault contains only a few unimportant passwords or remains completely empty. All devices synchronize the important data via cloud with the extra vault.

If a device is to be taken over the border, then the extra vault and the sync with the cloud must be deleted.

Only the standard vault - containing only unimportant passwords or fakes - remains on the device.

After successful border crossing, the sync to the extra vault on the (secret) webdav server can be restored and the extra vault restored to the device.

By the way, there is a big security advantage to synchronize all data only via an additional vault: The extra vault can be protected by a very complex password! It rarely needs to be entered, for example only after a border passage, when the sync is reestablished. A complex password protects the data, if the extra vault in the cloud should fall into the wrong hands. On the local device the password for the standard vault will also open the extra vault (unless it has just been deleted because of a border passage). The password for the default vault could be easier to type, because it is needed more frequently.

And you can use different passwords for the default vault on any device. Some passwords easy to type on a desktop-pc are very unconfortable on a small iphone for example

Edited October 2, 2019 by Fabian1

[benoitc]

how secure is the removal of the extra vault from the device? Which mesure are taken for it? 

[Pratyush Sharma]

Hi @benoitc,

Thanks for using Enpass and writing to us.

If you want to remove the extra vault from Enpass, it is up to you only as all your data is on your device only. But there is no option to delete the primary vault to remove it: to do so, you need to reset Enpass.