Border search safe TOTP authenticator app?
While crossing international borders, a traveler may be legitimately asked to provide access to their devices. Such a person is often not in a position to refuse.
I am searching for a dual-pin TOTP app that looks like it is working whether it is or not. Entering the wrong PIN might cause the app to generate invalid codes while optionally wiping the real config.
Actually attempting to use the invalid code could potentially trigger all kinds of actions on the server that received the bogus login request. Sending an SOS email might be one such action.
I am not sure such a thing exists in either major app store. Thoughts?
FYI, you're asking about duress codes[1] - it may help your search to use that term.
[1] https://en.wikipedia.org/wiki/Duress_code
You need to re-evaluate your threat model and change your approach. As others have said here, a TOTP that doesn't work would attract more attention that one that does or one that outright doesn't exist, all the way up to escalating the encounter from casual privacy-conscious user to alleged spy.
The best way is to legitimately not have anything on the phone or your online presence that would cause problems, and then just be transparent (honestly, they're not after your nudes or embarrassing texts). A lot of border checks are based on feelings and if you look the part they'll quickly flick through the phone for obvious stuff they're after and will let you go once they don't find it.
If you are actually doing something that would cause issues, then you keep this off the local device and onto a remote one. Use a YubiKey or other dual-use authenticator (that gives you plausible deniability for having it - you can use the same key on benign social media accounts, etc) to access it from a secure device once you're through.
Also, the obvious: don't visit countries with border device searches.
I can understand customs looking for suspicious contraband. We all want drugs confiscated. But data is easier to transport across borders online than on a person's device. If they're looking for hints of terrorism these can be done also after entering the country with the proper warrants.
The only reason these are done is just theater and muscle flexing/bullying. They don't serve a real purpose. And the countries carrying these out are just trying to look tough.
Just store the TOTPs you actually care about on a Yubikey. Leave a few “worthless” TOTP in whatever TOTP app you use. Remove the Yubico Authenticator app before crossing the border.
Note: there are more comprehensive border-crossing security guides
https://freedom.press/digisec/guides/
Be very careful with your threat model here. If an agent attempts to use the codes and they don't work, and they find out there's a dual pin mechanism, you could end up in more trouble than with whatever they'd have seen in the first place.
Yeah, people love to LARP being Snowden but never actually have anything even theoretically worth being sent to border-jail over protecting.
And, if you do, and you're really asking hacker news for opsec advice, I would suggest you abandon your career as a super-spy or whatever you're doing, because you're doing it very wrong.
This is the nothing to hide argument dressed up with hyperbole, straw men, and insults. You're making fun of people protecting basic human rights.
Not a superspy. Oblig: https://xkcd.com/705
Have a phone just for travel. Different account. Only have things you actually need during travel on it. Turn on a cheap plan when you need it. If they ask for something just say you can't remember and let them keep it.
Memorize one TOTP key for a cloud offering; then store the rest in it. 1password, Lastpass, etc. It’s not that much longer than a Windows product key, and I still know one of those.
The secret key is just an RNG output so you could also take it in 4 byte chunks and memorize 16 PRNG inputs that generate each the 4 bytes.
Or you could memorize a passphrase, take a sha2 hash of it, and then memorize a single PRNG input that spits out the bitstring diff between the hash output and the TOTP key. That way you aren’t wholly dependent on memorizing numbers and you can still safely use a more predictable and weak ‘PRNG’ that can amplify the bitstring salt out of an input.
etc.
Lying to US officials is 5 years in prison. Per instance. One assumes other countries have similar laws, but I doubt anyone knows what actually happens in courts outside the US.
This post came to mind: https://blog.singleton.io/posts/2022-10-17-otp-on-wrist/
I doubt anyone wants to search a f-91w.