The real benefit of this is notification

Posted Aug 24, 2021 20:26 UTC (Tue) by pizza (subscriber, #46)
Parent article: Adding a "duress" password with PAM Duress

eg to notify the mothership that you / your device has been compromised and to take action on the remote side by disabling access from that device, while simultaneously granting full access to whatever data is stored locally.

The real benefit of this is notification

Posted Aug 25, 2021 10:44 UTC (Wed) by farnz (subscriber, #17727) [Link] (1 responses)

Combine that with removing all local temporary tokens (short expiry X.509 certificates for browser TLS and VPNs, Kerberos tickets etc), and you're in a position where you plausibly have to call the mothership to get your access restored. Not going to protect you from a suitably vicious regime (I wouldn't, for example, want to rely on this to protect me in North Korea), but enough to help if the local threat isn't operating with the full support of their government.

The real benefit of this is notification

Posted Aug 26, 2021 6:34 UTC (Thu) by nuvious (guest, #153911) [Link]

This is the was the root case I was considering and more to say protect against corporate espionage or for use by journalists. Delete/remove access to the "super sensitive" data, leave the less sensitive data and phone home to let someone besides you know you're in duress. All while appearing to fully comply with the request for access to your device.