'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Legal, police, prison & official contact regulator asks for passwords • agency asks for passcode • asked to unlock phone on the spot • asked for device pin during investigation • asked for work email password • government inquiry credential request • asked to approve authenticator prompt • asked for two factor code • asked to share login credentials • subpoena and password demand • warrant and unlock request • compelled unlocking concern • fifth amendment passcode question • biometric unlock pressure • unsure if request is lawful • worried about refusing access • asked for account access • asked to unlock laptop • official interview password request What to do if…
What to do if…
a regulator asks you to provide passwords or passcodes during an inquiry
Short answer
Don’t give passwords, passcodes, or 2FA codes verbally “in the moment”. Ask for the request in writing (subpoena, warrant, or court order) and involve an attorney (or your organization’s counsel/compliance lead) before providing any access.
Do not do these things
- Don’t share your actual password, device PIN, or 2FA codes to “make it easier”.
- Don’t unlock a device/account and then leave officials alone with it without counsel-approved boundaries.
- Don’t delete messages, wipe devices, change accounts, or “clean up” after contact.
- Don’t lie, guess, or volunteer extra accounts/devices because you’re flustered.
- Don’t physically resist or interfere. Your goal is to pause, document, and route everything through the proper legal process.
What to do now
- Move the request onto formal paper. Calmly say:
“I can’t share passwords or passcodes informally. Please provide the subpoena/warrant/court order or a written request stating the authority and scope.” - Identify who is asking and what tool they’re using. Ask for the agent’s name, agency, and case/reference number, and whether this is:
- a subpoena/document demand,
- a request for testimony/interview, or
- a request for device/account access tied to a warrant or court order.
- Call counsel immediately (or your organization’s counsel).
- If you have a lawyer: contact them before disclosing anything.
- If this is work-related: notify your legal/compliance contact and IT/security lead right away.
- If you’re in custody: clearly request an attorney and stop discussing access credentials until you have advice.
- Offer cooperative alternatives that avoid handing over credentials. While counsel reviews the request, propose:
- Producing documents/data through counsel (exports, copies, logs) limited to the written scope.
- A supervised review where you navigate while they observe, limited to what’s legally authorized.
- Temporary/least-privilege access created by IT/admin (time-limited account), instead of your personal credentials.
- If they insist you must unlock immediately, ask for the exact written authority compelling that specific act. In the U.S., compelled unlocking (especially memorized passcodes versus biometrics) can vary by jurisdiction and the facts. Your safest move is:
- ask to see the warrant/court order they’re relying on,
- say you will respond through counsel, and
- do not physically resist.
- Preserve and document. Write down what happened (who asked, what they requested, when, what papers were shown). Preserve relevant devices and accounts as-is until your attorney gives direction.
What can wait
- You do not need to decide today whether to provide broad access. Right now, you only need to avoid irreversible mistakes and get the request properly scoped and reviewed.
- You do not need to provide a full explanation, background story, or extra accounts/devices in the moment.
- You do not need to make technical changes or run searches unless counsel directs it.
Important reassurance
It’s normal to freeze when an official asks for a passcode. Asking for written authority and involving counsel is a standard protective step—especially because passwords and 2FA can expose far more than a request is entitled to.
Scope note
This covers immediate first steps when you’re asked for passwords/passcodes during an inquiry. The right response depends on whether this is a civil regulator, criminal investigation, custody setting, and what legal papers (if any) have been served.
Important note
This is general information, not legal advice. If you’re served with a subpoena, warrant, or court order—or you’re in custody—get legal advice immediately and avoid deleting or altering data.
Additional Resources
- https://www.sec.gov/divisions/enforce/enforcementmanual.pdf
- https://www.govinfo.gov/content/pkg/USCOURTS-caDC-23-03104/pdf/USCOURTS-caDC-23-03104-0.pdf
- https://www.americanbar.org/groups/criminal_justice/resources/committee-articles/compelled-biometrics-fifth-amendment-rights/
- https://www.nacdl.org/getattachment/31317952-b53d-48ce-93bc-e44889f4804b/compelleddecryptionprimer.pdf
- https://www.justice.gov/jm/jm-9-13000-obtaining-evidence