1Password's Travel Mode allows you to protect login credentials when going through customs. It's not a silver bullet, but it's an important legal step you can take. Here's how to use it.
1Password travel mode is not a panacea. It’s a feature that might help while making other tradeoffs.
It is true that you can use 1Password v8 to effectively travel “clean” through customs, with no password data on you. But that too will raise suspicions, just like the kids who thought they could either selectively delete their social media or pretend that they have no social media accounts at all.
Secondly, 1Password v8 forces you to store all your passwords in a cloud system that Agilebits claims is secure. Version 7 and below allowed the user a choice of where to store the encrypted data file and how to exchange updates among devices - in a cloud or locally.
The cloud storage requirement was a cornerstone to the subscription-only model that agilebits rolled out as of v8. In the before times, people could buy perpetual licenses. To me, v8 is a classic example of a “enshittified” app where valuable features are removed while price is raised.
The cloud model is predicated on encryption being secure, their implementation being secure, etc. and it represents a huge target for hackers. It’s available 24/7, lots of reward for the effort put in since 1Password users can also use it to store SSNs, photo ID, and like sensitive documents.
Whereas the local storage model of prior versions would require a hacker to hack into millions of homes (which will not scale as easily since people have choices re firewalls, OS, IDS, and so on). Ditto local exchange vs. cloud exchange. It’s very hard to scale intercepting stuff locally for an attacker.
So no, I would not put 1Password v8 on a pedestal. Instead, I would travel with a password manager that has a minimum of content (ie a travel subset that you cannot be without) while leaving the rest behind. Ideally travel with burner devices that have little content to go through in the first place.
On iOS / MacOs consider strongbox pro as an excellent alternative to 1Password, it gives you a choice where to store passwords and how to exchange them among devices. They even offer family plans and give you a choice between perpetual licenses and subscriptions. I know, choice, what a concept.
Hey Constantin, thank you for all this! Really good for people to know exactly what they’re getting when they sign up for a service. I agree that cloud encryption poses risks that local encryption doesn’t—and that Travel Mode is not a panacea!—though I still think in this case the benefits outweigh the costs for folks wanting at least some peace-of-mind about protecting their login credentials when they cross the border.
A password manager is definitely a step up from no password manager. People are really bad at making up random, long passwords that are hard to guess. A password manager makes all that super easy.
I reduce the attack surface by only traveling with passwords I 100% depend to use regularly. That also reduces the number of passwords / accounts that I have to update should I fall prey to a potential “evil housemaid” attack.
If you’re really paranoid, replace all passwords that traveled with you after every trip. Hence also the suggestion for a burner phone that you only use for trips. You never know if you will leave a country with more apps than you started with. :)
Lastly, playing the deception game with CBP is unlikely to ever end well, especially given the lack of accountability in the federal government at the moment. What do you suppose will happen if CBP catches you in a lie re: that being your actual set of passwords, etc?
No, you’re better off being able to say truthfully that you have no access to further passwords because they’re at home, not accessible from your phone, etc. The five passwords you have with you are your travel related passwords and that’s that.
If you want to confront CBP as an American, by all means refuse to unlock your phone, etc. but know that they’ll likely confiscate the phone, crack its encryption, and likely the encryption of the password files on it also. Additionally, expect to lose access to global entry, TSA precheck, etc.
I would never trust a phone to be secure after any government had access to it, hence the burner phone suggestion. Bottom line, have nothing for them to capture, ditto the government of any nation you might be traveling to. For example, Australia and United Kingdom require cooperation re passwords with police. What you don’t have, you cannot share.
As part of the password manager routine, use it to come up with long random passwords that are easy to enter on iOS and macOS alike, rotate them at least annually.
This world has gone mad. What technology has given us, now has control over us. More ways to steal from us, take our freedoms from us, and pour anxiety into traveling. Awful, just awful.
Make sure your data is backed up, then factory reset your phone before passport control. No data! Then, after you get through, log in (apple, Google) and reload your apps and stuff.
Phones are computers. They log events (like connecting / disconnecting remote storage) and keep backups, to allow quick restore. All of that data is there waiting to be discovered, and no amount of disconnecting / uninstalling can hide them.
The important thing is to not look suspicious. Things that look suspicious:
(1) logs showing that a lot of apps / files have just been removed
(2) logs showing that yesterday your password manager granted access to a site that now it claims to have never heard of
(3) deliberate encryption, especially full disk
(4) a password manger that announces itself as being in travel mode
Important points to consider. Privacy/security is a spectrum, and everyone has to make individual choices about what type(s) of risk they're willing to tolerate.
What about leaving your regular phone in the check in baggage and taking another one with you in your pocket? I have two phones. I could delete just about everything on my spare phone...
Hey Leonardo! Airports often (only saying “often” because I can’t definitively say “always”) have customs after baggage claim, and have scanners they can use there. There’s lots of space for human error, but that strategy doesn’t feel as solid as others.
I guess I'll just be who I am. Whatever. They can search my phone and they are going to find I'm vehemently opposed to the present regime. We'll go from there. I'm not going to hide anything. Why? If they want to find something they will.
All great points, thank you! Critical stuff to consider. I’ll direct folks this way in the post so that they can read them.
1Password travel mode is not a panacea. It’s a feature that might help while making other tradeoffs.
It is true that you can use 1Password v8 to effectively travel “clean” through customs, with no password data on you. But that too will raise suspicions, just like the kids who thought they could either selectively delete their social media or pretend that they have no social media accounts at all.
Secondly, 1Password v8 forces you to store all your passwords in a cloud system that Agilebits claims is secure. Version 7 and below allowed the user a choice of where to store the encrypted data file and how to exchange updates among devices - in a cloud or locally.
The cloud storage requirement was a cornerstone to the subscription-only model that agilebits rolled out as of v8. In the before times, people could buy perpetual licenses. To me, v8 is a classic example of a “enshittified” app where valuable features are removed while price is raised.
The cloud model is predicated on encryption being secure, their implementation being secure, etc. and it represents a huge target for hackers. It’s available 24/7, lots of reward for the effort put in since 1Password users can also use it to store SSNs, photo ID, and like sensitive documents.
Whereas the local storage model of prior versions would require a hacker to hack into millions of homes (which will not scale as easily since people have choices re firewalls, OS, IDS, and so on). Ditto local exchange vs. cloud exchange. It’s very hard to scale intercepting stuff locally for an attacker.
So no, I would not put 1Password v8 on a pedestal. Instead, I would travel with a password manager that has a minimum of content (ie a travel subset that you cannot be without) while leaving the rest behind. Ideally travel with burner devices that have little content to go through in the first place.
On iOS / MacOs consider strongbox pro as an excellent alternative to 1Password, it gives you a choice where to store passwords and how to exchange them among devices. They even offer family plans and give you a choice between perpetual licenses and subscriptions. I know, choice, what a concept.
Hey Constantin, thank you for all this! Really good for people to know exactly what they’re getting when they sign up for a service. I agree that cloud encryption poses risks that local encryption doesn’t—and that Travel Mode is not a panacea!—though I still think in this case the benefits outweigh the costs for folks wanting at least some peace-of-mind about protecting their login credentials when they cross the border.
A password manager is definitely a step up from no password manager. People are really bad at making up random, long passwords that are hard to guess. A password manager makes all that super easy.
I reduce the attack surface by only traveling with passwords I 100% depend to use regularly. That also reduces the number of passwords / accounts that I have to update should I fall prey to a potential “evil housemaid” attack.
If you’re really paranoid, replace all passwords that traveled with you after every trip. Hence also the suggestion for a burner phone that you only use for trips. You never know if you will leave a country with more apps than you started with. :)
Lastly, playing the deception game with CBP is unlikely to ever end well, especially given the lack of accountability in the federal government at the moment. What do you suppose will happen if CBP catches you in a lie re: that being your actual set of passwords, etc?
No, you’re better off being able to say truthfully that you have no access to further passwords because they’re at home, not accessible from your phone, etc. The five passwords you have with you are your travel related passwords and that’s that.
If you want to confront CBP as an American, by all means refuse to unlock your phone, etc. but know that they’ll likely confiscate the phone, crack its encryption, and likely the encryption of the password files on it also. Additionally, expect to lose access to global entry, TSA precheck, etc.
I would never trust a phone to be secure after any government had access to it, hence the burner phone suggestion. Bottom line, have nothing for them to capture, ditto the government of any nation you might be traveling to. For example, Australia and United Kingdom require cooperation re passwords with police. What you don’t have, you cannot share.
As part of the password manager routine, use it to come up with long random passwords that are easy to enter on iOS and macOS alike, rotate them at least annually.
All great advice.
I prefer not to travel to the US.
Problem solved.
Unfortunately this is probably the safest option for folks outside the U.S. But for Americans traveling in-out, a tool like this can be helpful.
Yes it can. I wish you well in your times of trouble.
🙏
This world has gone mad. What technology has given us, now has control over us. More ways to steal from us, take our freedoms from us, and pour anxiety into traveling. Awful, just awful.
yyyyyep.
Make sure your data is backed up, then factory reset your phone before passport control. No data! Then, after you get through, log in (apple, Google) and reload your apps and stuff.
That's one route, to be sure—but still not bullet-proof!
Phones are computers. They log events (like connecting / disconnecting remote storage) and keep backups, to allow quick restore. All of that data is there waiting to be discovered, and no amount of disconnecting / uninstalling can hide them.
The important thing is to not look suspicious. Things that look suspicious:
(1) logs showing that a lot of apps / files have just been removed
(2) logs showing that yesterday your password manager granted access to a site that now it claims to have never heard of
(3) deliberate encryption, especially full disk
(4) a password manger that announces itself as being in travel mode
(5) obviously new devices
Important points to consider. Privacy/security is a spectrum, and everyone has to make individual choices about what type(s) of risk they're willing to tolerate.
Better still… like millions of others, just avoid going to America!
Not the best option for American citizens—though I take your point otherwise…
What about old-fashioned flip phones? Aren’t they making a comeback? Isn’t there plausible deniability in not wanting to be a slave to your phone?
How about leave your regular phone at home and travel with another with bare minimum installed apps?
What about leaving your regular phone in the check in baggage and taking another one with you in your pocket? I have two phones. I could delete just about everything on my spare phone...
Hey Leonardo! Airports often (only saying “often” because I can’t definitively say “always”) have customs after baggage claim, and have scanners they can use there. There’s lots of space for human error, but that strategy doesn’t feel as solid as others.
I guess I'll just be who I am. Whatever. They can search my phone and they are going to find I'm vehemently opposed to the present regime. We'll go from there. I'm not going to hide anything. Why? If they want to find something they will.