The recovery key

When you enable the Encrypted Vault, MyInvestments shows you a 24-word recovery phrase once. This is the most important page in the product. Read it carefully.

What it is

A 24-word list generated in BIP39 format — the same standard used by hardware wallets like Ledger and Trezor. Those 24 words encode your private decryption key. Anyone with the phrase can decrypt your vault. Anyone without it — including us — cannot.

When you'll need it

• You forget your password
• You lose access to your email and can't reset
• You sign in from a fresh device and the vault won't open
• Any situation where the browser-stored key is gone

How to store it safely

• Paper, not a screenshot. Phones get lost, cloud backups get hacked
• Two copies, two places. A safe at home, a bank deposit box, a trusted relative
• Never type it into a website. Only our Settings page asks for it, and only during recovery
• Never paste it into chat, email, or notes that sync to the cloud

Why we can't recover it for you

Encryption happens in your browser. The server never sees your password or your recovery phrase. We don't have a backdoor — not for us, not for law enforcement, not for anyone. That's the whole point of end-to-end encryption: you trade convenience for total privacy.

If you haven't enabled the vault, this doesn't apply to you — a normal email-based password reset works as usual.