Recovery Phrase

localWiki generates a 12-word recovery phrase when you first create your vault. This phrase is the only way to regain access if you forget your master password.

How it works

Your vault is encrypted using a key derived from your master password (Argon2id + AES-256-GCM). The recovery phrase is a separate mnemonic that can reconstruct the decryption key independently of the password. It is generated once during vault setup and is never stored on any server.

Setup during first launch

After you set your master password and the vault is created, localWiki displays the recovery phrase:

1. Display step — All 12 words are shown in a numbered grid. You can hover over the phrase area to reveal a copy button, but the clipboard is automatically cleared after 60 seconds.
2. Verification step — localWiki picks three words at random and asks you to type them back. All three must match before you can proceed.

Recovering your vault

If you forget your master password, click the “forgot password? recover with phrase” link on the vault unlock screen. The recovery flow has three fields:

1. Recovery phrase — Enter all 12 words (space-separated or one per line). A word counter shows progress (e.g. “8/12 words”).
2. New password (optional) — If you want to set a new password, enter it here (minimum 8 characters).
3. Confirm new password — Re-enter the new password to confirm.

Click recover to unlock the vault. If the phrase is correct, you regain access immediately. If you also set a new password, future unlocks will use the new password.

Security model

• The recovery phrase is derived using cryptographically secure random number generation.
• It is shown exactly once during setup and never persisted in the app after you dismiss the screen.
• The 12-word format follows a standard mnemonic scheme for memorability.
• Rate limiting protects the unlock screen against brute-force attempts — too many failed tries triggers a cooldown timer.