Recovery & Data Loss

Q. What are the two recovery keys, and what does each do? A. The User Recovery Key restores your account identity on a new device. A Vault Recovery Key restores access to one specific vault if you forget its password. Each vault has its own.

Q. I forgot a vault password. What now? A. Reset it with that vault's Vault Recovery Key (vault actions → Recovery / Reset password). For a vault with Shadow Layers, each layer can show sample file/folder names to help you pick the right one.

Q. What if I lose a password and the recovery key? A. That data is unrecoverable — by you or by Oten. Zero-knowledge encryption has no backdoor. This is the trade-off that makes it trustworthy.

Q. Can Oten reset my password for me? A. No. The server holds no keys, so there's nothing for Oten to reset. Recovery is entirely through your own keys.

Q. I lost my User Key entirely. A. Use Send request for losing User Key to start the recovery path, or restore with your User Recovery Key if you still have it. Without either, the account identity can't be restored.

Q. Does deleting a vault delete it everywhere? A. It depends which option you choose: Hide (keeps everything), Delete local (keeps the cloud copy), or Delete everything (permanent, both device and cloud). See Remove or delete a vault.

Q. Where should I store my recovery keys? A. Off the device — a password manager on separate hardware, or a physical safe. A recovery key on the device it protects is both a loss risk and, for a vault with layers, a hint.

Last updated