"Fake" Vault for Plausible Deniability

  • Feature Name
    · Fake Vaults

  • What will this feature do differently?
    · This feature allows you to set up a fake vault or a decoy vault, exactly the same process as how you would setup a normal account/vault, with an email and a password, this fake vault would simply have some non-important logins to some random websites (up to the user on what he wants his fake vault to contain). This fake vault would employ the same email as your real vault but a different password.

Basically when you are at the login form to enter your encrypted vault if you type your email (this email should have the real vault and the fake vault setup) and the fake vault password (or maybe a wrong password) you will be prompted to the fake vault.

  • What benefits will this feature bring?
    · This feature is thought for people who are forced to unlock their Bitwarden vault maybe by the police or an oppressive government or just someone who is threatening you. When someone forces you to unlock your vault you would just type your email and a password that isn’t the one that unlocks your main/real vault and you would be prompted to the fake vault, keeping all your important passwords and credentials safe.

  • Remember to add a tag for each client application that will be affected
    · This feature would be useful in every instance of the Bitwarden application (Mobile, Desktop, Browser etc.)

  • Are there any related topics that may help explain the need and function of this feature?

  • Are there any references to this feature or function on other platforms that may be helpful?
    · This feature is inspired by Truecrypt´s hidden volumes, you can learn more about this feature reading this article: https://www.truecrypt71a.com/documentation/plausible-deniability/hidden-volume/

I hope you can understand my post as I am not a native english speaker.

If I were forced to open my vault, they would probably try one of the entries. That will fail so then they would again force me to enter the real password.

I suppose you could put some genuine but insignificant credentials into the “fake” vault, e.g. forums, shops (with no payment card details saved), etc.

Wasn’t this feature requested earlier by someone else?

These two other feature requests seem really similar to the feature requested here.

Bitwarden accounts are free so for your fake account use your regular email account and then for the real one append the + trick to your email.

Fake Account: [email protected]

Real Account: [email protected]

Fill the fake account with real accounts and an easy to remember master password.

1 Like