No password recovery isn't a bug—here's why we can't help if you forget
If you lose the password, the note is gone. That’s not a design oversight; it’s the only way zero-knowledge can work.
We get asked “what if I forget my password?” more than almost anything else. The answer is: we can’t recover the note. We don’t store your password or any key. The only place the key ever existed was in your browser at the moment you decrypted. Once you close the tab or clear state, we have no way to recreate it.
Why we don’t offer “reset via email”
Any recovery flow would require us to be able to decrypt your data—or to have stored something that lets us or you derive the key. The moment we have that, we’re no longer zero-knowledge. So the only safe design is: you are the only source of the password. Write it down, use a password manager, or accept that losing it means losing the note.
What we do instead
We make the “Secure This Note” and “Password Required” flows clear. We don’t hide the fact that there’s no recovery. And we support changing the password from inside the editor so you can rotate it or fix a typo without creating a new note.
FAQ: Why password recovery is impossible
Q1. Why can’t you send me a reset link to recover my note?
Because we never see or store your password or decryption key. A reset flow that restores plaintext would mean we had some way to decrypt your data, which would break zero-knowledge.
Q2. Do you really have no way to help if I forget the password?
Correct. Without your password, we have ciphertext, salt, IV, and KDF parameters, but no key. That’s by design, not a bug.
Q3. Why design it this way instead of allowing recovery?
Zero-knowledge means removing the provider’s ability to read your data, even for support. Keeping us out of the loop is what protects you if our infrastructure is compromised.
Q4. How can I avoid losing important notes?
Use a password manager to store strong, unique passwords for critical notes. Don’t rely on memory alone for anything you can’t afford to lose.
Q5. Can you at least prove that a note is unrecoverable?
You can inspect network traffic and see that we never send or receive your password or key—only ciphertext and parameters. From our side, there is genuinely nothing else to use for recovery.
Where to go next
To see how this fits into the bigger picture:
- Read “Zero-knowledge encryption: what it actually means when we can't see your data”.
- Read “Why we encrypt in the browser (and what happens to your password)”.
- Try creating a note in Inkrypt at https://www.inkrypt.online and saving its password in a manager so you can experience the no-recovery model safely.