By default, ZeroPass splits key to 3 trusted contacts (friends / family / administrator). You need 2 out of 3 friends to recover your keys.
Paying users can print the whole backup key or saved it on the USB stick. You are still advised (but not forced) to simultaneously split the keys between trusted contacts, to retain the inheritance feature.
Backup is self-contained within ZeroPass and parts of the keys .
No email will (or should) help you, most hacks happens with reset of the password delivered into wrong inbox.
[password slot] creation
Everytime you add new password / key / passphrase / secret;
1) it gets backed-up and encrypted, with derived private key (brown “box”)
2) then it splits into two parts. One is saved with ZeroPass servers, other stays on your devices.
When you sign-in with this slot, both parts come together.
If you lost the parts of this key (stored on device) and want to recover this key, Master Private key needs to be recovered first (see recovery tab)
Master Private key splitting
Master Private key gets split into 3 parts and erased afterwards to decrease exposure to attacks.
1) one key is saved on ZeroPass servers,
2) one key is saved within your device (or more of them)
3) one key is a backup key
You need 2 out of 3 keys to recover master private key.
Firstly, long random Master Private key is created. We use key derivation based on bip32 (bitcoin deterministic wallets) to generate Master public key which child are then used to encrypt all your passwords backups for possible later recovery.
Click on tabs to split schematic into more chewable pieces.
Latest specification for ZeroPass security scheme (gitbook);
Read White Paper
All client-side code will be released eventually;
to be verified by security specialists and to proof that your secrets never touches our servers.