Zero-Knowledge Account Recovery: How to Protect Yourself from Losing Access
Zero-knowledge encryption means we can't reset your password—but you can build your own safety net. Create a deadman switch that sends your recovery codes to yourself before your other switches trigger.
Zero-knowledge encryption means no one can read your files—not hackers, not governments, not even us. Your data is encrypted in your browser before it ever leaves your device.
But there's a tradeoff: if you lose your password and recovery codes, we can't help you. There's no "forgot password" email. No support ticket that resets your account. Your encryption keys exist only in your possession.
This is a feature, not a bug. But it creates a real risk: what happens if you lose access to your own account?
The Problem with Traditional Recovery
Most services store your password (or a hash of it) on their servers. When you forget it, they verify your identity through email, SMS, or security questions, then let you create a new one.
This convenience comes at a cost. It means the service can access your data. It means a hacker who compromises their systems—or convinces a support agent—can access your data too.
Zero-knowledge encryption eliminates this attack vector entirely. But it also eliminates the safety net.
The Solution: A Deadman Switch to Yourself
Here's how to protect yourself without compromising security: create a deadman switch that sends your recovery codes to yourself.
The setup is simple:
- Create a new deadman switch in Killswitch
- Add yourself as the beneficiary (your own email address)
- Upload a file containing your account recovery codes
- Set the check-in interval shorter than your other switches
That last part is critical. If you have switches set to trigger after 30 days of missed check-ins, set your self-recovery switch to trigger at 14 days.
How It Works
Normal scenario: You check in regularly. Nothing happens. Your recovery codes sit encrypted, waiting.
You lose access: Maybe you forgot your password. Maybe your password manager died. Maybe you changed phone numbers and can't receive SMS verification. Whatever the reason, you can't log in—which means you can't check in.
Day 14 arrives: Your self-recovery switch triggers first. Your recovery codes land in your inbox. You use them to regain access, check in, and reset your credentials.
Day 30 never happens: Because you recovered access and checked in, your other switches (the ones sending files to your family) never trigger.
What to Include in Your Recovery File
At minimum, include:
- Your Killswitch recovery codes
- Your password (or a hint only you would understand)
You might also include:
- Password manager master password
- Email account recovery information
- Backup email addresses
Store this as an encrypted note within Killswitch, or upload a file. Either way, it's protected by the same zero-knowledge encryption as everything else—until the switch triggers and sends it to you.
A Backup for Your Backup
This approach treats your future self as a beneficiary. You're essentially saying: "If I disappear for two weeks, assume something went wrong and send me my keys."
It's a safety net that doesn't compromise security. No one else has access. No support agent can be social-engineered. The only way to trigger it is to stop checking in—which is exactly when you'd need it.
Zero-knowledge encryption doesn't have to mean zero recovery options. You just have to build the recovery mechanism yourself.
Killswitch is a zero-knowledge encrypted vault with automated deadman switch delivery. Your files stay encrypted until you stop checking in—then they go exactly where you want them to go.