Recovery Key Management
Essential guide to generating, storing, and using your PopaDex recovery key for E2EE accounts
Your recovery key is the only way to recover your encrypted data if you forget your password. When you enable End-to-End Encryption (E2EE), PopaDex generates a unique recovery key that you must save securely.
⚠️ Critical: PopaDex cannot recover your data without your recovery key. We don’t have access to it, and there’s no “forgot recovery key” option. If you lose both your password AND recovery key, your data is permanently inaccessible.
What is a Recovery Key?
A recovery key is a long, randomly-generated code that looks like this:
RXKE-4M2N-7P9Q-6H3L-8VWT-2KJF-5DCG-9BNM-7XSW-4RPT
It’s generated when you:
- First enable E2EE on your account
- Reset your password (new key generated)
- Regenerate it manually from settings
Why You Need It
Your recovery key serves two critical purposes:
1. Password Recovery
If you forget your password, the recovery key lets you reset it without losing your encrypted data. Without it, password reset means starting over with an empty account.
2. Account Migration
When moving to a new device or browser, you’ll need your recovery key to decrypt your data on the new device.
Generating Your Recovery Key
When you enable E2EE for the first time:
- Navigate to Settings → Security → Enable E2EE
- Create your master password
- PopaDex generates your recovery key
- You’ll see a screen displaying your key
- Save it immediately (see storage methods below)
- Check the box “I have securely stored my recovery key”
- Click “Continue”
Can I Generate a New Key?
Yes, but with important caveats:
When you can regenerate:
- You still remember your current password
- From Settings → Security → Regenerate Recovery Key
What happens:
- Old recovery key becomes invalid immediately
- All your data is re-encrypted with the new key
- You must save the new key
When you might do this:
- You suspect your recovery key was compromised
- You want a new key for better security practices
- You’re consolidating multiple backups
How to Store Your Recovery Key
Your recovery key must be stored securely outside PopaDex. Here are recommended methods, ranked by security:
🥇 Best: Password Manager
Store it in a password manager like:
- 1Password: Create a secure note
- Bitwarden: Use secure note field
- LastPass: Store in secure notes section
- Apple Keychain: Save as password with label “PopaDex Recovery Key”
Pros:
- Encrypted storage
- Accessible across devices
- Can’t be physically lost
- Easy to retrieve when needed
Cons:
- Requires trusting your password manager
- Single point of failure if master password lost
🥈 Good: Physical Paper in Safe
Write it down and store in:
- Home safe
- Safety deposit box
- Locked filing cabinet
Pros:
- No digital attack surface
- Can’t be hacked
- Survives digital disasters
Cons:
- Can be physically lost/destroyed
- Not accessible when traveling
- Handwriting errors possible
🥉 Acceptable: Encrypted USB Drive
Save to an encrypted USB drive and store securely.
Pros:
- Offline storage
- Portable if needed
- Can make multiple copies
Cons:
- Drive can fail
- Requires remembering encryption password
- Can be physically lost
❌ NEVER Store Here
- Screenshots/photos - Can be backed up to cloud
- Unencrypted text files - Easily accessed if device compromised
- Email to yourself - Email is not secure
- Cloud storage without encryption - Subject to breaches
- Sticky notes - Can be seen by anyone
- Phone notes - Often backed up insecurely
Using Your Recovery Key
You’ll need your recovery key in these scenarios:
Scenario 1: Forgot Password
- Go to PopaDex login page
- Click “Forgot Password?”
- Enter your email
- Check email for reset link
- Click the link
- Enter your recovery key when prompted
- Create a new password
- Your data is decrypted and accessible
Without recovery key: You’ll still be able to reset your password, but all encrypted data will be lost. You’ll start with an empty account.
Scenario 2: New Device Setup
- Sign in to PopaDex on new device
- Enter your password
- System detects this is a new device
- Enter recovery key to decrypt data
- Data syncs to new device
Scenario 3: Browser Data Cleared
If you clear browser data or reinstall your browser:
- Sign back in to PopaDex
- Enter password
- Enter recovery key when prompted
- Data is restored
Testing Your Recovery Key
It’s crucial to verify you’ve stored your recovery key correctly:
Test Method 1: Recovery Test (Recommended)
- Go to Settings → Security → Test Recovery Key
- Enter your stored recovery key
- System verifies it’s correct
- You’ll see: ✅ “Recovery key is valid”
Do this:
- Immediately after first saving your key
- After any storage method change
- Every 6 months as a safety check
Test Method 2: Use Incognito/Private Mode
Advanced users only:
- Open an incognito/private browser window
- Sign in to PopaDex
- It will ask for your recovery key (new browser profile)
- Verify you can access it and it works
- Important: Log out and close incognito window when done
Recovery Key Security Best Practices
✅ Do This
- Save it immediately when generated
- Test it within 24 hours of saving
- Store backups in at least 2 different locations
- Use a password manager for digital storage
- Keep it private - don’t share with anyone
- Update it if you suspect compromise
- Include in estate planning so family can access if needed
❌ Don’t Do This
- Don’t share it via email, messaging, or phone
- Don’t store it with your password
- Don’t photograph it unless stored in encrypted photo vault
- Don’t assume you’ll remember where you put it
- Don’t delay saving it (“I’ll do it later”)
What If You Lose Your Recovery Key?
If You Still Know Your Password
Good news! You can regenerate a new recovery key:
- Sign in to PopaDex (requires password)
- Go to Settings → Security
- Click “Regenerate Recovery Key”
- Save the new key securely
- Old key is now invalid
If You’ve Lost Both Password AND Recovery Key
Unfortunately, your encrypted data cannot be recovered:
- This is by design - we can’t decrypt what only you can unlock
- You’ll need to reset your account and start over
- Previous data cannot be retrieved
To reset:
- Go to “Forgot Password”
- Proceed without recovery key
- Account is reset (data cleared)
- Create new password
- Generate new recovery key
- Start with empty account
This is the security trade-off of true E2EE - absolute privacy means only you can access your data.
Recovery Key Format
PopaDex recovery keys have these characteristics:
- Length: 50 characters (10 groups of 5)
- Format:
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX - Characters: Capital letters A-Z and numbers 0-9 (no lowercase)
- Checksum: Built-in validation to detect typos
- Entropy: 256 bits (same as your encryption key)
FAQ
Q: Can PopaDex support recover my key?
A: No. We don’t have access to your recovery key. It’s generated on your device and never sent to our servers.
Q: What if someone steals my recovery key?
A: They would still need your password to access your account. The recovery key alone isn’t enough.
Q: Can I have multiple recovery keys?
A: No. Only one recovery key is valid at a time. Generating a new one invalidates the old one.
Q: How often should I test my recovery key?
A: Test it immediately after saving, and then every 6 months.
Q: What’s the difference between my password and recovery key?
A: Your password is what you remember. Your recovery key is a backup stored outside PopaDex to recover your password.
Q: Is my recovery key the same as my encryption key?
A: No. Your recovery key can regenerate your encryption key, but they’re different values.
Q: Can I print my recovery key?
A: Yes, but store the printout securely (safe, safety deposit box, etc.) and shred it if you regenerate a new key.
Related Topics
- End-to-End Encryption - Understanding E2EE
- Password Reset - How password reset works with E2EE
- Security Implementation - Technical details of our encryption
Questions? Contact [email protected]