Using a Passphrase

When you create a vault, you can set an optional passphrase that adds a second layer of protection on top of your recovery key. Think of it like a PIN on a bank card — the card alone isn't enough. Your trusted contact will need both the recovery key and the passphrase to decrypt your vault.

What Does the Passphrase Do?

The recovery key is what your trusted contact uses to unlock your vault when the failsafe timer expires. A passphrase adds an extra requirement on top of that:

Your trusted contact needs both the recovery key and the passphrase to decrypt the vault.
Without the correct passphrase, the vault cannot be recovered — even with the recovery key.
The passphrase never leaves your browser and is never stored on our servers. It's incorporated directly into the encryption process on your device.

When Should You Use a Passphrase?

A passphrase is especially useful when you want to separate the knowledge needed to access your vault across different channels or people. Here are some common scenarios:

Separate delivery channels — share the recovery key via one method (e.g. the Recovery Kit PDF locked in a safe) and the passphrase through another (e.g. a phone call, a sealed letter, or a password manager). If one channel is compromised, the vault is still protected.
Delayed access — give your trusted contact the recovery key now, but share the passphrase only when the time is right — through a lawyer, a sealed envelope with instructions, or a secondary trusted person.
Multiple trusted contacts, one gatekeeper — if you have several trusted contacts who all receive the recovery key, only the one who also knows the passphrase can actually decrypt the vault.
Peace of mind — even if the recovery key is accidentally exposed (a lost USB drive, a compromised email), the vault stays locked without the passphrase.

When You Might Not Need One

The passphrase is genuinely optional — vaults without one are still fully protected by ArkVault's zero-knowledge encryption and key splitting.

You might skip the passphrase if:

Your recovery key is already stored securely (e.g. printed and locked in a safe) and your trusted contact is someone you fully trust.
You want to keep things simple and minimize the chance of something being lost.
You're confident your delivery channel for the recovery key is secure enough on its own.

How to Set a Passphrase

During vault creation, find the "Optional Passphrase" field.
Enter a memorable word or phrase (up to 100 characters).
You'll be asked to confirm that you've saved the passphrase before proceeding.
That's it — the passphrase is applied to your vault's encryption automatically.

How to Share the Passphrase Safely

The key principle is simple: never send the passphrase and recovery key together through the same channel. Here are some practical ways to share it with your trusted contact:

In person — tell them directly, face to face.
Sealed letter — write it down and store it in a safe, with your will, or with a lawyer.
Password manager — store it in a shared vault or as an emergency contact note.
Phone call or encrypted message — communicate it verbally or through a separate encrypted channel.

By using a different channel for the passphrase than for the recovery key, you ensure that compromising one doesn't compromise both.

What Happens If the Passphrase Is Lost?

This is important to understand: if the passphrase is lost, the vault is permanently unrecoverable. There is no reset, no bypass, and no way for ArkVault to help.

This is by design — the same zero-knowledge architecture that protects your vault from us also means we can't recover it for you. We never see or store your passphrase, so we have nothing to fall back on.

Our recommendation: store a backup of the passphrase in a secure, separate location — somewhere only you or your trusted contact can access.

For more on how our zero-knowledge model works, see Why ArkVault is Secure.

The passphrase is a simple but powerful way to add defense in depth to your most important information. Ready to try it? Create a vault →