Password vs Vault key: your two keys
Two locks with two different jobs — understanding this is understanding Schweizerform.
Last updated July 7, 2026
| **Password** | **Vault key** | |
|---|---|---|
| Job | Signs you into your account | Unlocks your encrypted responses |
| Who verifies it | Our server (as a protected hash) | Only your browser — it never leaves your device |
| If forgotten | Reset by e-mail code | Restore with your recovery code (8.3) |
| If we're asked for it | We couldn't tell anyone — we store only a hash | We couldn't either — we never had it |
Why two keys? Because they protect against different things. The password keeps strangers out of your account. The Vault key keeps everyone — including us, including anyone who ever breached a server — out of your data. A stolen password alone cannot open your responses.
Tip
Make them genuinely different. The password can live in your password manager like any other; the Vault key deserves the strongest treatment — a memorable passphrase plus the safely stored recovery code.