
The Border Patrol can take your password. Now what - CrankyBear
https://www.engadget.com/2017/03/03/the-border-patrol-can-take-your-password-now-what/
======
icodestuff
"Sure thing, the password is 'if you had any honor or decency you'd quit your
job, fascist'. With spaces, all lowercase, comma after 'job', no period at the
end."

Much like moaning during a TSA pat down, I wonder how well a mass campaign
doing that would demoralize CBP officers.

~~~
__derek__
> Much like moaning during a TSA pat down, I wonder how well a mass campaign
> doing that would demoralize CBP officers.

Maybe a few, but many are sociopaths and would be unfazed or even energized by
the opportunity for conflict.

Source: anecdata based on many times crossing the Canadian border.

------
axoltl
I flew into the US this morning (Green Card holder), and before I landed I
changed my password to a random string that I had put in my home directory and
a USB stick in my house. I did not know what the string was (being 16 bytes
from /dev/random base64 encoded), and thus could not give up my password. My
reasoning was they could go to my home and retrieve the USB stick, but they'd
need a warrant.

I understand I would've been detained for a significant amount of time, but I
also would not have been able to give them my password. Do they have to
release me after a while, or can they just kick me out (Greencard's a little
stronger than a visa, but I'm not a citizen)?

~~~
TillE
Best case scenario is they just seize your device for a few months if it's
encrypted.

I definitely wouldn't take any risks at all as a non-citizen. Don't travel
with encrypted data; travel with _no_ data. That is, only travel with what
you're willing to expose to malicious strangers. Stash anything else you need
on a server somewhere, and encrypt that.

~~~
diafygi
Aren't there reports of asking for social media passwords, even if you don't
have a device[1]? So traveling without electronics seems to not prevent access
to private information.

Q: "I have Facebook open on my screen. What is the username and password to
your Facebook account?"

So now most people have a choice. Do you lie and say you don't have a facebook
account, do you try and change your password so you can say "you don't know
it" (possibly getting rejected from entering), or do you give them the
password?

[1] - [http://www.businessinsider.com/john-kelly-travel-ban-
social-...](http://www.businessinsider.com/john-kelly-travel-ban-social-media-
password-2017-2)

~~~
bobsil1
Use a password manager. "I have no idea, sir."

~~~
hughdbrown
So you set your account to some string selected by your password manager and
you don't have the password manager on your phone/computer. Then the agent
says, "Fine, why don't you:

1\. install the password manager on your phone/computer and log in to the
password manager or

2\. reset your password for the account and get the reset link emailed to
you."

Your ignorance only takes you to the next step.

~~~
askvictor
"I have two factor authentication on my password manager, and the second
factor is this phone which I can't unlock as the password is a random string
stored only on a USB stick in my house"

(Or 2nd factor itself is at home)

------
jack9
"Painting this trend as anything but dangerous to the individuals most at risk
of exploitation -- travelers crossing our borders and everyone they're
connected to -- is so flagrantly irresponsible it's inevitable that we're
going to learn a painful lesson the hard way."

Reads like FUD. Guns fit this "can be dangerous and we'll learn, eventually."
narrative as well. These are the costs of doing business in the US. You put up
with them because they aren't good or bad, but reliant on the inherent good of
the people to stay firmly in the good column. I believe in that.

------
mywittyname
We need to move away from passwords for mobile devices.

With more and more information moving away from being stored locally, it's
completely viable to set up decoy accounts that don't contain any important
information, then switching over to your real account once you get through
security.

~~~
wyager
What you've described isn't incompatible with passwords. See truecrypt hidden
volumes.

------
alpaca128
What happens if I just change the password immediately afterwards? I guess
they won't check every single account, but if they check mine would they
assume I told them the wrong password?

