Limits & recovery
Shadow Layers are strong, but they follow the same hard rule as everything in Oten Drive: only you hold the keys.
Recovery
Forgot a layer's password? Reset it with that layer's Vault Recovery Key. During a reset, each shadow layer can display a few sample file/folder names so you can identify which layer you're resetting.
Changing or resetting a password re-secures that layer. Do it on a device you control, and update your own record of which password opens which layer.
No recovery key + forgotten password = permanent loss for that layer. The data cannot be recovered by anyone, including Oten. That's the point of zero-knowledge encryption.
Limits to understand
No in-app layer switcher. By design, there's no menu of layers to pick from — you open a layer only by typing its password. This is what keeps layers undetectable.
Layers are per-vault. A Drive has no layers; if you want deniability, use a Vault.
Independent, not linked. Recovering or deleting one layer never touches another.
Sync affects all your devices. Changing a layer's password re-keys it; other devices will need the new password to open that layer again.
Keep it recoverable and deniable
The tension is real: recovery keys make loss less likely, but a recovery key found on your device could hint that a vault has more than one layer. Store recovery keys off the device — a password manager on separate hardware, or a physical safe — so your device reveals nothing while your data stays recoverable.
See also: How Shadow Layers work · User Key, Recovery & Devices
Last updated