Your passphrase

Your passphrase in Private.Ki is essentially the additional password that encrypts your private keys (and therefore your mailbox and all your messages). It’s a crucial piece of your security:

It’s a secondary password you set to protect your encryption keys. The passphrase is needed to decrypt your mail each session. It ensures that even if someone got your account login, they couldn’t read your messages without the passphrase.

On login, after entering the account password, you are prompted for the passphrase to unlock your mailbox. You enter it and then the mailbox content loads.

In detail: The client (your device) uses it to decrypt your private key, which then decrypts your messages. If you opted to skip the passphrase (for convenience), then you only need to log in with your account password. In this case, we set up an "internal passphrase" for you, which is derived from your password. But if you did set one, you must remember it.

We emphasize do not share the passphrase to anyone, do not reuse it as your account login or elsewhere. Make it strong (since it is protecting all your data).

You can change your passphrase at any time.

If you forget your passphrase, you lose the ability to decrypt your emails. For security reasons, there is no way to access your encrypted content if you forget your passphrase. It's technically impossible.

You can skip the passphrase instead of a passphrase. In this case, technically, we generate an "internal passphrase" for you (which you don't need to enter or save), derived from your account password. That’s easier - but slightly less secure. But it’s an option for convenience.

Don't confuse the passphrase with the password which you need to login to Private.Ki: We don't store your password, but you can change it or reset it any time.