Forgot Password

Passwall does not offer a “password reset” flow by design. This is not a limitation — it is a direct consequence of our security model.

Why can’t we reset your master password?
Because Passwall is built on a zero‑knowledge architecture.

Your vault is unlocked using keys derived on your device. Your master password is never sent to our servers in plaintext — which means no one (including Passwall) can see what’s inside your vault.

A “reset” would require us to either regenerate decryption keys for your vault, or keep a server-side backdoor. Passwall deliberately does neither.

Our servers only store encrypted data. Without the correct master password, it is not practically decryptable.

Bottom line: if you forget your master password, we cannot “reset it” for you — not because we won’t, but because we can’t. This is one of the key guarantees that keeps your vault protected even in worst‑case scenarios.

What can you do now?
If you can’t remember your master password, you still have a few options.

If you still have an active session: If you’re still signed in on any device/tab, you may be able to change your master password from account settings and regain access.

If you’re using Passwall with a team: Contact your organization admin. Depending on your org’s policies/workflows, they may be able to help with access management.

If you can’t recover it: For security reasons, access to your vault cannot be restored. In that case, you can submit an account deletion request (form below).

This design works together with a strong KDF (PBKDF2/Argon2) to slow down brute‑force attacks, end‑to‑end encryption (AES‑256), and the zero‑knowledge principle. “No reset” is the price of not weakening security.

Delete My Account
This form creates an account deletion request. We’ll verify your request before initiating deletion.

This request cannot be undone. If possible, export your vault first.

For your safety, do not share passwords, vault contents, or any secret material via this form.

support@passwall.io
Security summary
The technical foundation behind “no reset”.
Zero‑knowledge
Your master password never reaches our servers; decryption happens on your device.
Strong KDF
PBKDF2‑SHA256 (600,000+ iterations) or Argon2id.
AES‑256
Vault data is encrypted on your device and stays encrypted.
Master password tips
A strong master password directly increases your vault’s security.
  • At least 12 characters (longer is better)
  • Random and unique (never reused elsewhere)
  • Prefer a passphrase you can remember
  • Never share it with anyone