Limits & recovery

Shadow Layers are strong, but they follow the same hard rule as everything in Oten Drive: only you hold the keys.

Recovery

  • Forgot a layer's password? Reset it with that layer's Vault Recovery Key. During a reset, each shadow layer can display a few sample file/folder names so you can identify which layer you're resetting.

  • Changing or resetting a password re-secures that layer. Do it on a device you control, and update your own record of which password opens which layer.

  • No recovery key + forgotten password = permanent loss for that layer. The data cannot be recovered by anyone, including Oten. That's the point of zero-knowledge encryption.

Limits to understand

  • No in-app layer switcher. By design, there's no menu of layers to pick from — you open a layer only by typing its password. This is what keeps layers undetectable.

  • Layers are per-vault. A Drive has no layers; if you want deniability, use a Vault.

  • Independent, not linked. Recovering or deleting one layer never touches another.

  • Sync affects all your devices. Changing a layer's password re-keys it; other devices will need the new password to open that layer again.

Keep it recoverable and deniable

The tension is real: recovery keys make loss less likely, but a recovery key found on your device could hint that a vault has more than one layer. Store recovery keys off the device — a password manager on separate hardware, or a physical safe — so your device reveals nothing while your data stays recoverable.

See also: How Shadow Layers work · User Key, Recovery & Devices

Last updated