Recovering your secrets

Posted by Paulo on October 10, 2017

Once you commit to it, using a password manager is liberating. Having unique and strong passwords for all your logins creates warm fuzzy feeling inside. You feel like you are in control of your digital life.

This is only possible because there’s a trust relationship between you and your password manager. And your passphrase is the link in between.

Any serious password manager will derive encryption keys from your master passphrase. This means that your passphrase is the only way to access your data. If your password manager can recover your data without your passphrase or some secret only you know, then they can access your data without your consent.

But this presents a challenge to that warm fuzzy feeling. Forgetting your passphrase means loosing access to your data. The passphrase is both the basis for trusting the security of your data and also something you must remember… and remembering a long passphrase can be hard. So hard that most of us avoid changing it.

That’s why with Secrets 2.4 for Mac you can create a Recovery Key.1 A Recovery Key is a 128 bit random value that can also be used to unlock your secrets. You can use this key if you ever forget your master passphrase. And because it’s not tied to your passphrase, you can change it reassured by the fact you can recover your data in case you forget it.

To create a Recovery Key, simply go to File -> Recovery Key -> Create… and follow the steps2. You will be asked to print your key. It will look something like this:

Printed recovery key sample

Printed recovery key sample

The included QR Code allows you to use your Mac’s camera to scan the key instead of typing all those characters.

You should print the recovery key and test it by selecting File -> Recovery Key -> Test… Finally, store it some place safe.

You can also entrust a copy of your Recovery Key to someone you trust in the event something happens to you. This isn’t something most of us ever think about. But our digital selves grow bigger everyday. And in the event that, for some drastic reason, you are unable to access your passwords… your next of kin will be able to with as little friction as possible.


  1. This feature will eventually make its way to Secrets for iOS. [return]
  2. Recovery keys are per device and are not synced via iCloud. You can only use a recovery key on the device that created it. [return]
 

Subscribe for updates on Secrets and other news from Outer Corner.