Account Recovery

If you lose access to your account, the recovery path depends on what you still have. Keeplas's zero-knowledge design means the server cannot recover your vault for you — but it's also why the design holds up under attack.

Decision tree

Restore on a new device

This is the simplest path and the one we recommend if your phrase is intact.

  1. Sign in to Keeplas on a clean device with your email or WhatsApp OTP.
  2. Choose Restore from recovery phrase.
  3. Enter your 24-word phrase. Keeplas re-derives your master key on this device via Argon2id and re-unlocks your vault.
  4. Re-establish per-device unlock (PIN, biometric, or passkey).

Your recovery phrase is the seed for everything. Keep it on paper, in a safe place. Do not photograph it, do not store it in a password manager that you cannot fully verify, and do not transcribe it into any cloud service.

Initiate Social Recovery

If your phrase is lost but your trusted contacts are reachable, Social Recovery is the path.

  1. Sign in on a clean device.
  2. Choose Recover via trusted contacts.
  3. Keeplas notifies your trusted contacts. Each one is asked to authorize the recovery from their device.
  4. Once your threshold's worth of contacts authorize (2-of-5 by default), their devices unwrap their shards and reconstruct your master key — on your new device, never on the server.
  5. A 72-hour grace window applies if the recovery was initiated externally (for example, by Life Check). You can abort during grace from any signed-in device. Self-initiated recoveries that include your own OTP-verified device skip the grace.

If your threshold is high (3-of-5 or 4-of-5), allow days, not minutes — your contacts have lives too.

Assist a contact's recovery

If a trusted contact is recovering their own vault and you hold one of their shards, you'll receive a notification over WhatsApp and email. Open the request, verify the contact through whatever channel you trust (a phone call works), and authorize from your device.

You will never see their phrase, their master key, or the contents of their vault. You authorize your shard; the math does the rest on their device.

What Keeplas cannot do

Without your recovery phrase or a Social Recovery quorum, Keeplas cannot restore your vault. This is intentional and load-bearing:

  • The server only ever holds ciphertext.
  • The server has never seen your phrase, your master key, or a single plaintext key.
  • A recovery backdoor that worked for "you, the legitimate user" would also work for an attacker who claims to be you.

This is the trade-off behind zero-knowledge. The best protection against this scenario is to set up Social Recovery before you need it — three trustworthy contacts at a 2-of-5 threshold is a strong baseline. Re-verify the setup once a year.

editEdit this page on GitHub