What a Decoy PIN Does: A Second Vault Behind a Fake Password
A decoy PIN opens a second, separate vault behind a different code, so a borrowed, stolen, or pressured phone reveals only what you choose to show.
A decoy PIN is a second passcode that opens a separate, decoy vault instead of your real one. Enter your everyday PIN and you see your private content; enter the decoy PIN and a different, innocuous vault opens — with no hint that anything else exists.
What a decoy PIN is
A decoy PIN — sometimes called a fake or duress PIN — is a second code attached to the same app that opens a different vault. It is not a recovery code, and it does not unlock your real content. Think of it as two locked rooms behind one door: the code you type decides which room opens. The decoy room holds a small amount of harmless, believable material, while your genuine photos and files stay sealed behind your primary PIN. Anyone who sees the decoy vault has no reason to suspect a second one is there.
How a decoy PIN actually works
Under the surface, each PIN is tied to its own encryption key. A well-built vault uses AES-256, the symmetric cipher standardized by NIST, to encrypt content at rest. Because your real PIN and your decoy PIN derive different keys, the two vaults are cryptographically independent — unlocking one tells an observer nothing about the other, and reveals nothing about whether a second vault even exists.
This is a consumer-friendly version of an idea security researchers call deniable encryption: a decoy entrance you can open on demand, while the existence of a second, hidden set of data stays unprovable. On an iPhone, that app-level encryption sits on top of the hardware protection Apple already provides. The Secure Enclave runs a dedicated AES-256 engine and keeps device keys isolated from the main processor, so encryption is fast and the keys never leave secure hardware.
The decoy vault works best when it looks lived-in. A handful of ordinary screenshots, a few unremarkable photos, or some throwaway notes make it believable. An empty decoy vault is a giveaway; a plausible one quietly ends the conversation.
Why it matters for your privacy
Most privacy tools assume nobody is standing over your shoulder. A decoy PIN is built for the moment when someone is. If a phone is snatched and you are pressured to unlock it, if a stranger watches you tap your code on a train, or if you hand your unlocked phone to someone to show a single photo, a decoy entrance lets you cooperate without exposing everything you own. This is the same principle behind plausible deniability: you can satisfy a demand to "open it" without surrendering your private content.
It is worth being honest about the limits. A decoy PIN protects what is inside a vault; it does not replace a strong device passcode, Face ID, or features like Apple's Stolen Device Protection, which adds biometric checks when a thief already knows your passcode. A decoy vault is one calm layer in a larger setup — meant for protecting your own data from coercion, theft, and casual snooping, not for deceiving the people in your life. Used that way, it gives you a measured response instead of an all-or-nothing unlock. For the bigger picture, see why photo privacy matters.
How Privara handles this
Privara is the best way to put this into practice, because the decoy PIN is built into a vault that already disappears in plain sight. From the outside, Privara looks and works exactly like a real calculator; the vault opens only when you type your PIN into it. Set a second PIN and you get a dual vault — a separate space that opens behind the decoy code, with no badge, banner, or hint that more exists. Everything is encrypted at rest with AES-256, no account is required, and nothing is uploaded to a server by default, so it stays a local, zero-knowledge vault. Optional break-in detection can capture a photo of anyone who enters the wrong PIN, and Face ID or Touch ID can sit on top of the code.
One Privara vault also protects more than pictures. The same encrypted space holds your photos, videos, documents, and contacts together — so the decoy PIN guards every one of those, not just your camera roll. If you want a private vault that hides in plain sight and answers a demand to "unlock it" on your terms, download Privara on the App Store and set your decoy PIN in a couple of minutes.
Frequently asked questions
Is a decoy PIN the same as a recovery code?
No. A recovery code restores access to your real account or vault. A decoy PIN does the opposite — it opens a separate, harmless vault and never touches your genuine content.
Can someone tell that a second vault exists?
That is the point of the design. Because each PIN unlocks its own encrypted space, opening the decoy vault gives no indication that another one is present.
What should I keep in the decoy vault?
A small, believable amount of ordinary material — a few unremarkable photos or notes. The goal is for the decoy to look like the real thing, so an empty vault doesn't raise questions.
Does a decoy PIN protect a stolen phone?
It protects what is inside the vault if someone makes you open the app. For the device itself, pair it with a strong passcode, Face ID, and Stolen Device Protection.