Plausible Deniability - A way to offer more protection over passwords

That requires to set a second password that creates a 2nd vault. The password prompt would ask for password as usual. If the user enters the “real” password, he’s given the “real” vault. If the user enters the “other” password, he’s given the second vault. The second vault can be filled by the user with right and/or wrong passwords. People who need Plausible Deniability know how to use it.

I think it can be a great addition to Bitwarden. And I don’t know of any password manager who has that. However, some security keys do have it.

I was thinking of something similar. I use Bitwarden for most internet passwords. But not for financial accounts or to store Credit cards or passport etc. But I really want to when I go travelling soon.

For me this needs a greater layer of protection and privacy as I’d prefer that no-one ever thinks I have these online. That includes real people and any virus that might compromise computer and hence access Bitwarden when using my daily regular password.

And the way things are in the world I could see travelling somewhere in the future, and some airport official requiring access to ALL apps before entry.

A simple solution where if you gave a 2nd password on login and it gives you access to an entirely separate set of records. Plausible deniability, and an area I would access rarely so less likely my password would be captured - would for me be the killer feature.

I don’t suggest this to argue the feature request here, which I think is an interesting one, but a less elegant but just as effective option already exists - simply create a second, free Bitwarden account with another password and populate it with some of your non-essential credentials. When you travel, simply login to that account before you leave and switch back after you arrive.

Or just delete the app altogether and reinstall on arrival.

1 Like

Feature name

Hidden/second account when logging into bitwarden using a special password.

Feature function

When logging into bitwarden there is a secret second password you can login with. This password is another vault entirely that you can setup just like the main legitimate account, but with fake login credentials.

It can be used to fool others into thinking they have the legitimate bitwarden credentials, when in reality they have a fake account.

You could be alerted that somebody logged into this account, giving you a heads up bad things are happening.

I struggle to find any security benefit from this.

  1. This sounds like just making another Bitwarden account, but more complex. You have different vaults, different passwords, different login credentials (but the same e-mail address as far as I can tell)

  2. Let’s say you login into the fake vault to “fool or confuse” the potential hacker. Then you log in into your main vault, because…you must…all your passwords are there. You are still on the same computer, so if the hacker can figure out your “special” password, what’s stopping him figuring out your main master password…be it with somekind of virus, keylogger, or just looking over your shoulder.

  3. For me this somewhat defies the purpose of a password manager. They are supposed to make your life easy by storing your passwords, so that you have to remember only 1. Now I have to make a second vault and fill it with fake, believable credentials? It seems like too much hassle.

4 Likes

From the bitwarden FAQ

However, if for some reason Bitwarden were to get hacked and your data was exposed, your information is still protected. This is because Bitwarden uses strong encryption and one-way salted hashing. As long as you use a strong master password, your data is safe no matter who gets hold of it.

Hi! A fake master password which leads you to a second vault would be great security wise

I don’t know how good this approach is; But what about having temporary master password

Is this what you are talking about?

I think this feature would be great.
Not for tricking any potenital hacker into believing he has the real password, more for keeping yourself secure.
You know, police, governments, bad people, etc. all around the globe could force you to enter your password into bitwarden to gain access to your accounts.
Having the option to not give out the real data but grant them access to a “fake vault” would be very good.
Something like the hidden partition inside VeraCrypt partitions.

I think he is talking about something like this, but maybe more like my version of this request.
see here

I’m not a fan of this as it’s security by obscurity but if you want it here is an idea that works today. Since Gmail allows you to add letters to your username you can do this.

Real Vault:
[email protected]
MyMasterPassword

Fake Vault:
[email protected]
WhateverMasterPassword

If pressured to log in just use the fake vault details. The Bitwarden accounts are free so this is easy to do.

Hello.

I don’t know if other password managers have this, but if you do it, it will be great.

Now I will explain what I mean by double bottom.

For example, intruders have taken possession of your phone and, under physical violence, require a master password from you.

It would be great if you could set two master passwords for the main vault and the secret one. Thus, you can enter a master password, the one that contains not important data and thus satisfy the requirements of attackers and keep your important passwords on the second master password safe.

Perhaps one part of the storage could be encrypted with one master password and another with another. It is necessary that only the owner knows how many master passwords are in this storage. Decrypt only data that matches a specific master password.

I hope you get my point, thanks.

Veracrypt allows this on virtual disks to mount. The space on Veracrypt is encrypted so to an observer the second partition appear as random chars. The good partition contains real records, the fake partition contains fake or less harmfull records. So if under physical violence you are able to reveal the fake password.

This is a great feature to save ourself from physical attack

I got this idea when i use Veracrypt software, which you can build a hidden encrypted drive and encrypt with another key, if i’m forced to decrypt my vault, use the fake one and they would get the fake data, there are no way to prove that there are another vault which are still under protection, and everything will be fine.