Account authentication
VERA protects your account with two-factor login and an encrypted vault. Here's what you need to know.
How login works
Every time you sign into VERA, you complete two steps:
Step 1 — Verify your email. VERA sends a one-time passcode (OTP) to your registered email address. Enter it to prove you have access to the account.
Step 2 — Enter your vault password. This is a separate password you created during account setup. It unlocks your encrypted vault, which holds your credentials, documents, and contact keys.
Both steps are required every time. If someone gets access to your email, they still can't get in without your vault password. If someone guesses your vault password, they still need access to your email.
Your vault
Your vault is where VERA stores everything sensitive — your credentials, shared documents, and the keys that secure your connections. Every workspace (personal and each organisation) has its own vault.
Your vault is encrypted and hosted by VERA, which manages encryption of your data at rest. Your vault password encrypts and decrypts your data as it moves between your device and the vault. Without your vault password, you can't access anything stored inside.
When you enter your vault password, it's used locally on your device to unlock access. VERA verifies you have the right password without the password itself ever being sent to VERA's servers.
On-premise deployment is on the roadmap, which will allow organisations to self-custody their vaults rather than relying on VERA as the hosted vault provider.
Your vault password
Your vault password is not like a typical password. There are three things to understand:
It's separate from your email login. Your email OTP gets you to the door. Your vault password opens it. They're independent.
VERA doesn't know it. Your vault password is never stored by or sent to VERA. This means VERA staff cannot look it up, reset it, or recover it for you under any circumstances.
If you lose it, your recovery key is your only option. There is no "forgot password" email flow for vault passwords. If you lose both your vault password and your recovery key, your vault data is permanently inaccessible. This is a security feature, not a limitation.
VERA cannot reset your vault password. There is no backdoor, no support override, and no workaround. Treat your vault password and recovery key with the same care you'd give to a bank PIN.
Your recovery key
During account setup, VERA generates a 12-word recovery phrase. This is your only backup if you forget your vault password. VERA shows it once during setup and never again.
Where to store it:
Use a password manager (1Password, Bitwarden, iCloud Keychain) or print it and keep it in a locked safe. Don't store it in unencrypted notes apps, email drafts, screenshots, or anywhere easily accessible.
Recovering a lost vault password
If you've forgotten your vault password but still have your recovery key:
Start the recovery flow
On the login screen, complete the email OTP step, then click Forgot vault password.
Enter your 12-word recovery key
Type or paste your recovery key exactly as it was issued.
Navigate to your user settings
Go to the bottom-left corner of the workspace selection screen and open your user settings.
Go to the Identity tab
Click the Identity tab, then click Reset password.
Enter your recovery key again
You'll be asked to confirm your recovery key a second time as part of the reset flow.
Create a new vault password
Choose a strong vault password and confirm it.
Save your newly generated recovery key immediately
VERA generates a fresh recovery key at the end of this flow. Your old key is now invalid. Save the new one using the same secure method you used before.
Resetting your vault password generates a new recovery key. Your old one stops working permanently. Save the new one immediately using the same secure method.