TL;DR
Yes, several password managers offer an extra layer of security by allowing you to store your password database within a hidden encrypted drive or container. This adds protection against offline attacks – if someone gets hold of your computer, they’ll need *two* passwords to access your data: the main password manager password and the password/key for the hidden drive.
How it Works
These solutions typically use a container format (like VeraCrypt or similar) that creates an encrypted virtual disk. Your password manager database is then stored *inside* this container. The container appears as a normal file on your computer, but without the correct password/key, its contents are unreadable.
Password Managers Offering Hidden Encryption
- VeraCrypt with Password Manager: VeraCrypt isn’t a password manager itself, but it’s a free and open-source disk encryption tool that many people use *with* their favourite password manager. You create an encrypted container file, then store your password manager database within it.
- Pros: Very secure, flexible (works with any password manager), cross-platform.
- Cons: Requires more technical setup than dedicated solutions.
To create a VeraCrypt volume:
veracrypt -c /path/to/your/container.vc(Follow the on-screen prompts to set your password and volume size.)
- Bitwarden with Hidden Files: Bitwarden allows you to store your data file in a hidden folder, which can then be encrypted using VeraCrypt or similar. This isn’t *built-in* but is a common practice.
- Pros: Good balance of security and usability, cross-platform, open source.
- Cons: Requires manual setup with VeraCrypt.
- KeePass/KeePassXC with Hidden Files: Similar to Bitwarden, KeePass and its fork KeePassXC can store the database file in a hidden folder that you encrypt separately.
- Pros: Free, open source, highly configurable.
- Cons: Requires manual setup with VeraCrypt or similar; interface can be less user-friendly for beginners.
- Password Safe: Password Safe allows you to encrypt the entire password database file and store it as a single file, which you can then further protect using VeraCrypt.
- Pros: Secure, simple interface.
- Cons: Windows only; less actively developed than some other options.
Setting Up a Hidden Drive (Example with VeraCrypt and Bitwarden)
- Install VeraCrypt: Download and install VeraCrypt from the official website.
- Create an Encrypted Container: Launch VeraCrypt and click ‘Create Volume’. Choose a standard volume (not hidden). Select the location and size for your container file.
Set a strong password for the container – this is *separate* from your Bitwarden master password.
- Mount the Container: In VeraCrypt, select an unused drive letter and click ‘Select Volume’. Browse to your container file and mount it. You’ll need to enter the container password.
The container will appear as a new drive in File Explorer.
- Move Bitwarden Data File: Open your Bitwarden settings (usually under ‘Settings’ then ‘Data’). Export your Bitwarden data file (.json). Move this .json file into the mounted VeraCrypt drive.
- Configure Bitwarden to Use New Location: In Bitwarden, point the data file location setting to the path within the mounted VeraCrypt drive. (This step varies slightly depending on your Bitwarden client.)
- Unmount When Not in Use: When you’re finished using Bitwarden, *always* unmount the VeraCrypt volume by right-clicking it in VeraCrypt and selecting ‘Dismount’. This is crucial for security.
Important Considerations
- Password Strength: Use strong, unique passwords for both your password manager master password *and* the hidden drive/container password.
- Backups: Back up both your password manager data file and the VeraCrypt container file securely (e.g., to an encrypted external drive).
- Key Files: Consider using a key file in addition to a password for extra security with VeraCrypt.
- Regular Updates: Keep your password manager and VeraCrypt software up-to-date to benefit from the latest security patches.