1Password Gains 'Travel Mode' to Protect Sensitive Data When Traveling

[MacRumors]

AgileBits recently introduced a new 1Password feature called Travel Mode, which is designed to protect password vaults from unwarranted searches when traveling.

When activated, Travel Mode will remove every password vault from all of a user's iOS and Mac devices except for vaults that have been earmarked as "safe for travel," effectively hiding a user's most sensitive information. Travel Mode is available to all customers who have a 1Password membership.

Before Travel Mode, I would have had to sign out of all my 1Password accounts on all my devices. If I needed certain passwords with me, I had to create a temporary travel account. It was a lot of work and not worth it for most people.

Now all I have to do is make sure any of the items I need for travel are in a single vault. I then sign in to my account on 1Password.com, mark that vault as "safe for travel," and turn on Travel Mode in my profile. I unlock 1Password on my devices so the vaults are removed, and I'm now ready for my trip.

Once a user arrives at their destination, Travel Mode can be toggled off and the vaults return to all of a user's devices. AgileBits has a detailed support document outlining how to use Travel Mode.

Vaults are not hidden with Travel Mode, but instead are completely removed from all devices as long as Travel Mode is turned on. AgileBits says that there are no traces left for anyone to find, and there are no signs that a special mode has been enabled.

With 1Password for Teams, Travel Mode allows the team administrator to turn Travel Mode on and off for employees, giving companies a way to make sure their data stays safe.

1Password can be downloaded from the App Store for free, but there is an in-app fee to access the service. A standard 1Password account is priced at $2.99 per month and a multi-user family account is priced at $4.99 per month. There is an additional fee when purchasing a subscription through the App Store, and there are separate subscription options for teams. 1Password also offers a one-time purchase option in the Mac App Store.

- 1Password for Mac [Direct Link]

- 1Password for iOS [Direct Link]

Article Link: 1Password Gains 'Travel Mode' to Protect Sensitive Data When Traveling

 

[jonnysods]

Killer idea. I don't have the subscription, just the outright app but this is a pretty cool feature. Just hate subscriptions!!

 

[RosOne]

Hmm... I never make temporary passwords for traveling. Not sure I understand the feature. ELI5 pls?

 

[webbuzz]

Bummer, 1Password.com only.

 

[OldSchoolMacGuy]

Hmm... I never make temporary passwords for traveling. Not sure I understand the feature. ELI5 pls?

The TSA can force you to unlock your device and may require you to turn over passwords. This may also be true of police in other countries. Refusal to do so may result in the TSA holding you for a very very long time and could result in far worse from other police forces.

If you don't have the passwords on your phone there's nothing to turn over. By removing them from your phone, this protects you from having to turn over the passwords or other information on your phone.

 

[RosOne]

The TSA can force you to unlock your device and may require you to turn over passwords. This may also be true of police in other countries. Refusal to do so may result in the TSA holding you for a very very long time and could result in far worse from other police forces.

If you don't have the passwords on your phone there's nothing to turn over. By removing them from your phone, this protects you from having to turn over the passwords or other information on your phone.

Ok, so it's only to hide passwords from the TSA?

 

[Apple_Robert]

I like the idea. Kudos to 1Password for continuing to make the app the best it can be.

 

[Ap0ks]

Hmm... I never make temporary passwords for traveling. Not sure I understand the feature. ELI5 pls?

Sounds like it removes all vault data from all your devices (except the vaults you flag as required/safe) before you travel in case any of the devices get lost or stolen en route. Once at your destination, if you needs your vaults back, you can disable the travel mode and all your vaults are restored.

I suppose because 1Password stores a local copy of your vault on each device, this gives people piece of mind that, if they use the feature and a device is lost/stolen, there is no longer any password data on the device that can be retrieved or accessed.

Edit - also what OldSchoolMacGuy said, there's a lot more security when travelling across borders these days.

 

[Michael Scrip]

The TSA can force you to unlock your device and may require you to turn over passwords. This may also be true of police in other countries. Refusal to do so may result in the TSA holding you for a very very long time and could result in far worse from other police forces.

If you don't have the passwords on your phone there's nothing to turn over. By removing them from your phone, this protects you from having to turn over the passwords or other information on your phone.

This whole thing sounds horrible.

I haven't travelled internationally in many years so I haven't experienced it yet.

What exactly are they looking for? Which passwords do they want?

I would have a real problem handing over vital passwords like my GMail password. That particular account is the key to everything I do. What prevents the TSA from changing my password and locking me out of everything?

And can't I just show them my Facebook page? Do I really have to give them the password to my whole Facebook account? I also manage many business pages on Facebook. I don't want to give the TSA access to my stuff... and I'm sure those businesses wouldn't want anyone else to have control of their Facebook pages either.

Why don't I make a copy of my housekey so they can rummage through my stuff while they're at it...

 

[RosOne]

Sounds like it removes all vault data from all your devices (except the vaults you flag as required/safe) before you travel in case any of the devices get lost or stolen en route. Once at your destination, if you needs your vaults back, you can disable the travel mode and all your vaults are restored.

I suppose because 1Password stores a local copy of your vault on each device, this gives people piece of mind that, if they use the feature and a device is lost/stolen, there is no longer any password data on the device that can be retrieved or accessed.

Edit - also what OldSchoolMacGuy said, there's a lot more security when travelling across borders these days.

Hmm, but even if I lose my iPhone isn't my data safe? It's protected isn't it?

 

[Apple_Robert]

Hmm, but even if I lose my iPhone isn't my data safe? It's protected isn't it?

Not automatically it isn't. It depends on how the user has the phone set up.

Never assume protection is 100%.

 

[ginkobiloba]

Looks like Agile Bits is about to move to an Adobe-like rent-only option for their software. So sad.

 

[Primejimbo]

Looks like Agile Bits is about to move to an Adobe-like rent-only option for their software. So sad.

You don't ever own the software, even when you "buy" it.

 

[Munch]

If you don't have the passwords on your phone there's nothing to turn over. By removing them from your phone, this protects you from having to turn over the passwords or other information on your phone.

As lovely as this ideal sounds, if they find any indication that you use apps or sites that require passwords and you "don't know" your password, you better believe they'll have the patience to wait until you figure it out. While the premise is good, this will make your life hell more than it will protect you should they decide to dig deep.

 

[MrX8503]

The TSA can force you to unlock your device and may require you to turn over passwords. This may also be true of police in other countries. Refusal to do so may result in the TSA holding you for a very very long time and could result in far worse from other police forces.

If you don't have the passwords on your phone there's nothing to turn over. By removing them from your phone, this protects you from having to turn over the passwords or other information on your phone.

How long could the TSA hold you for?

 

[horsebattery]

How long could the TSA hold you for?

That depends on how well of an attorney you can afford.

 

[V.K.]

As lovely as this ideal sounds, if they find any indication that you use apps or sites that require passwords and you "don't know" your password, you better believe they'll have the patience to wait until you figure it out. While the premise is good, this will make your life hell more than it will protect you should they decide to dig deep.

Yes, this is certainly not bulletproof. If they find that you have, say, a Facebook account (easy enough to do) and you tell them you don't know the password, it's not going to end well.
Another thing I really don't like is that it's for subscription customers only. I've used 1Password since 1Password 3 (around 2012?) and never felt a need for a subscription service. Don't want to switch.

 

[nwcs]

How long could the TSA hold you for?

If you are a US citizen returning from overseas I think it's not very long but they can keep your device(s) for a long time but not forever. If you are a foreign national it will likely be longer on both fronts. I can easily see when this will become the norm for every country to some degree. Generally speaking it will likely be "higher risk" people having to deal with it. The problem is "higher risk" definition changes with whomever is in charge. But governments never give up powers they grab without a fight. And people seem willing to give up their rights these days whether free speech or privacy in exchange for convenience or the illusion of safety.

 

[MrX8503]

That depends on how well of an attorney you can afford.

I'm a US citizen. Are we talking days here?

If you are a US citizen returning from overseas I think it's not very long but they can keep your device(s) for a long time but not forever. If you are a foreign national it will likely be longer on both fronts. I can easily see when this will become the norm for every country to some degree. Generally speaking it will likely be "higher risk" people having to deal with it. The problem is "higher risk" definition changes with whomever is in charge. But governments never give up powers they grab without a fight. And people seem willing to give up their rights these days whether free speech or privacy in exchange for convenience or the illusion of safety.

If I turn my iPhone off, the TSA can't force me to unlock it right? I take my privacy very seriously and I'll fight tooth and nail to protect it as long as I'm not breaking the law.

 

[horsebattery]

I'm a US citizen. Are we talking days here?



If I turn my iPhone off, the TSA can't force me to unlock it right? I take my privacy very seriously and I'll fight tooth and nail to protect it as long as I'm not breaking the law.

My original post was made partially in jest. But legally speaking, US citizens usually cannot be detained for more than a few hours, but YMMV. As an example, there was a NASA employee (entering from a foreign country) who was apparently told by US Customs & Border Patrol agents that he could be detained indefinitely until he gives up the password for his (government issued) phone - https://www.washingtonpost.com/news...-smartphone-passcodes/?utm_term=.80f51a40b1c5. In this case, it seems like the man was held for over an hour. The author of the article concluded that there's not enough case law to more easily answer similar questions.

In a different circumstance but with similar, uncertain legal precedent, there is also an ongoing case of a person who has been indefinitely detained (for over a year as of writing) for not providing the password to his computer - https://arstechnica.com/tech-policy...d-16-months-for-refusing-to-reveal-passwords/

So this is the reason for my first post (as far as for both of your questions go) - if you are detained, you'd have to hope you have a good lawyer available.

 

[ziggie216]

I'm a US citizen. Are we talking days here?



If I turn my iPhone off, the TSA can't force me to unlock it right? I take my privacy very seriously and I'll fight tooth and nail to protect it as long as I'm not breaking the law.

They already have done so many times in the past. You have two options, give up your passcode so they can make a copy of your phone or they can detain you for... well that part is up to them.

 

[Michael Scrip]

They already have done so many times in the past. You have two options, give up your passcode so they can make a copy of your phone or they can detain you for... well that part is up to them.

Is there some kind of process for determining who gets their phone inspected and/or copied?

I'm having a hard time imagining they do this for every passenger's phone.

There were 58,000,000 passengers traveling through JFK airport in New York in 2016. We'd have to cut that in half to split arrivals and departures... then we'd have to determine how many flights are coming from outside the country.

But that would still be THOUSANDS of people PER DAY arriving at JFK... both US citizens and international travelers.

And that's just one airport in the US.

Is the TSA really checking thousands, or possibly tens of thousands of phones per day?

 

[CarlJ]

As lovely as this ideal sounds, if they find any indication that you use apps or sites that require passwords and you "don't know" your password, you better believe they'll have the patience to wait until you figure it out.

The funny thing is, there are a lot of sites that require password, where I have logins, and I have no idea what the password is - because I had 1Password generate random 30-50 character passwords - it knows them and I don't.
[doublepost=1495596313][/doublepost]

Is the TSA really checking thousands, or possibly tens of thousands of phones per day?

Not every one, only those of people who look "suspicious." To their eyes.

I wonder if "flying while having middle eastern ancestry" is becoming the new "driving while black".

 

[NightFox]

Surely if the TSA are going to go to the trouble of looking at your vaults in 1Password, they're also going to check if you've got the 'travel mode' switch turned on?

 

[Rigby]

Is the TSA really checking thousands, or possibly tens of thousands of phones per day?

The TSA doesn't typically search phones (they are the ones you encounter at security checkpoints on departure). The CBP (the immigration officers you see when arriving on an international flight) does for a small number of arriving travelers:

https://www.cbp.gov/newsroom/nation...eases-statistics-electronic-device-searches-0

Unless you are a "high risk" traveler (e.g. a national of certain middle eastern countries) or look like one, the chance is small that your devices will be searched. Still a sad development from the civil rights perspective.