Security settings
Last updated: 28 Jun 2026
Settings → Security—session and presentation hardening.
Who this is for
Anyone hardening day-to-day vault access: locking sessions, biometrics, coercion codes, travel presentation, and native capture protections.
What you need
| Tier | Free (Travel Mode and some toggles are optional features) |
| Vault state | Unlocked to change settings; master password for sensitive changes |
| Network | Offline-capable |
| Feature toggle | Travel Mode under Feature controls when hidden |
Steps
Vault identity (Key DID)
- Open Settings → Security → Vault identity (
https://se.nt2.me/settings/security/identity). - View your Vault Key DID—the cloud account handle for sync, Premium, and sharing. It is not your email.
- Copy the DID when pairing billing, support, or cross-device bootstrap. Provisioning happens on first successful unlock with master password.
Lock and auto-lock
- Open Settings → Security → Security (
https://se.nt2.me/settings/security/lock) or use the app-bar lock control. - Lock vault clears decryption keys from memory immediately; you need your master password (or enrolled biometrics) to return.
- Auto-lock fires after 5 minutes without keyboard, mouse, click, or touch activity, and on tab close or refresh.
Biometric unlock
- Open Settings → Security → Biometric unlock (
https://se.nt2.me/settings/security/biometric). - Unlock once with your master password, then enable Face ID, Touch ID, or device fingerprint for this device only.
- Threshold vaults require periodic master-password renewal (7- or 30-day grace, depending on enrollment).
- Use Revoke biometric fast unlock on all devices after device loss—requires master password and bumps the revocation epoch for every enrolled device.
Travel Mode (optional)
- Enable Travel Mode under Feature controls if the section is hidden.
- Open Settings → Security → Travel Mode (
https://se.nt2.me/settings/security/travelMode). - Pick a filter mode: hide categories, hide tags, or decoy list only (show only selected items).
- Configure categories, tags, or decoy items before turning Travel Mode on.
- On Tauri mobile, optional Auto-enable in area uses geofence coordinates—grant location permission when prompted.
Duress PIN
- Open Settings → Security → Duress PIN (
https://se.nt2.me/settings/security/duressPin). - Choose a code different from your master password (minimum 6 characters).
- Optionally create a decoy vault with a believable display name and harmless items.
- At unlock, entering the duress PIN never reveals your real vault.
Screen capture protection (Tauri desktop)
- Open Settings → Security → Screen capture protection (
https://se.nt2.me/settings/security/screenCapture) in the desktop app only. - Enable Protect sensitive reveals to block casual screenshots and screen recording while mnemonics, TOTP codes, document numbers, or card details are visible.
- Linux may not enforce blocking; iOS protection is best-effort only.
Lock when app backgrounds (Tauri mobile)
- Open Settings → Security → Lock when app backgrounds (
https://se.nt2.me/settings/security/backgroundLock) on mobile Tauri. - When enabled, leaving the app locks the vault and blurs the app-switcher preview. When off, blur still applies but unlock persists until idle timeout.
Tips and common mistakes
- Biometrics speed up unlock—they do not replace your master password on new devices or after revocation.
- Duress PIN is not forensic-grade; an attacker with full device access may find other vaults or backup files.
- Screen capture protection applies to revealed sensitive fields, not every screen in the app.
- After master password change, re-enable biometrics and review Digital legacy if configured.