Please note: you need a Strongbox Pro membership in order to use the duress PIN feature.
Instructions
- Unlock your database
- Tap Database Settings (the icon with three sliders in the top left of the screen)
- Tap Touch/Face ID & PIN Codes
- Tap Configure PIN Codes
- Tap Turn Convenience PIN On
- Now enter a PIN Code, you’ll now be able to unlock your database with this PIN Code.
Next we will want to setup a separate PIN, our Duress PIN. To do so, let’s go back to that PIN Configuration screen:
- Down in the Duress PIN section, tap ‘Turn Duress PIN On‘
- Enter a PIN, different this time than your regular convenience PIN.
Once done, you’ll notice that the ‘When Duress PIN Entered‘ section is now enabled and you can choose from the three available options. Let’s have a look at these options in turn and see what they do:
- Open a Dummy Database
- This might be the most ‘stealthy’ option of all. Strongbox will open a database so it looks just like your Duress PIN worked. You can actually edit this database to make it look as realistic as possible. Think of it perhaps like a decoy wallet. You want something that looks plausible (e.g. old expired credit cards, maybe even a few dollars!). So you probably want to spend some time setting this up, just don’t enter your real secrets/passwords.
- Present a Technical Error
- A fairly straightforward response, a reasonable looking error message will popup. Simple yet effective.
- Remove Database from Strongbox
- This is sort of the nuclear option. The database will be removed from Strongbox completely. If your database is stored on a remote provider somewhere it won’t be touched, so don’t worry. It will just not be visible or accessible from Strongbox without re-adding it. However if someone is watching you while you do this it might be obvious you’ve done something to thwart them.
Those are your options, and you’ll need to choose which one suits your particular scenario best. We can’t offer advice on this, only you can decide. Indeed, you will need to decide if you want to use this feature at all. Take a look at our short note of caution below before deciding if using a Duress PIN is something you really want to do. Another option you may consider is to simply remove the database from Strongbox completely during transit in and out of problematic territory. You can re-add your database once you’re safely through that tough jurisdiction, or sticky situation.
A Note of Caution
It may actually be illegal or counter productive to enter a duress PIN in some situations, because if you get caught somehow doing this, the relevant forces/legal authorities may consider this as a deceptive act and may take punitive measures against you. This is something you’ll need to consider as part of your particular situation and threat model. It is worth examining how your target jurisdiction will react if you somehow were discovered to be using a Duress PIN in a situation like this. Strongbox only provides this powerful option, the choice then, is entirely yours.