AbolitusAbolitus
Open App
Settings

Account Security and Recovery

Protect local access, understand recovery limits, and plan safe cross-device use.

Abolitus is strict about one thing: if the service never holds your readable secrets, it also cannot magically recover them for you later.

That tradeoff is intentional.

This page explains how to live with that model safely instead of discovering its limits during a bad day.

The Core Mental Model

Account Security in Abolitus is mostly about device-local vault access discipline.

It is not the same thing as a normal cloud account system where the service can reset everything for you on request.

That means you should think in terms of:

  • protecting local unlock paths,
  • labeling and managing trusted devices clearly,
  • preserving your recovery material outside the app,
  • and understanding that convenience features do not move the trust boundary to the server.

Device Label

Each device can carry its own label.

This is useful when:

  • you use more than one device,
  • you need to identify which machine is acting as a tunnel host,
  • you are checking cross-device continuity features,
  • or you simply want clearer device-level organization.

Labels matter more once you start using cloud continuity or desktop-hosted workflows because a vague device list becomes hard to reason about quickly.

Session Lock Timeout

Session Lock controls how long the current unlocked workspace can stay open before the app locks itself again.

This is a local safety setting, not a server-side policy.

Use a shorter timeout if:

  • the device travels with you,
  • the device is sometimes left unattended,
  • or the device is shared or semi-shared.

Use a longer timeout if:

  • the device is private and stationary,
  • or constant re-unlocking would disrupt real work.

If you intentionally disable auto-lock, do it because you understand the exposure, not because you forgot the setting exists.

Password-Based Local Unlock

Abolitus supports password-based local protection for vault access on the current device.

This is about protecting local access.

It does not mean the server now knows your vault key.

It does not turn the product into a normal recoverable cloud-password system.

The password unlock path exists to make local use safer and more practical, not to replace the underlying privacy model.

Recovery Phrase Confirmation

The app tracks whether you confirmed that your recovery material was backed up.

That reminder exists because zero-knowledge systems only work well if the user actually preserves the local recovery path.

In other words, the confirmation is not ceremonial. It is a warning against false confidence.

What Recovery Usually Means Here

Recovery means restoring your ability to unlock protected workspace state using the material you kept safely.

It does not mean:

  • support can open your vault for you,
  • billing can override encryption,
  • or the service can pull plaintext out of cloud storage on demand.

If the app never had the readable secret, the app cannot later pretend it did.

The Hard Truth

If you lose your local recovery material and your device access path at the same time, Abolitus cannot simply bypass its own privacy model to rescue you.

That is not customer-hostile behavior.

It is the cost of the trust model working as designed.

The right time to respect that limitation is before you need recovery, not after.

Cross-Device Implication

Cross-device continuity features are useful, but they do not remove the need for local recovery discipline.

Cloud Sync can help with availability.

It does not convert the service into a plaintext vault custodian.

This is the difference between convenience and authority.

Best Practices

Keep recovery material outside the unlocked workspace

Do not store recovery material inside the same everyday environment that already has an unlocked session.

Treat travel devices differently from home devices

A phone or travel laptop usually deserves a stricter lock timeout than a private stationary machine.

Label devices clearly

Once you have more than one device, clear labels reduce confusion during remote features, handoff flows, and security review.

Test your backup habits before you need them

Do not wait for a device failure to discover that your recovery process was incomplete or badly documented.

Premium and Recovery

Premium Cloud Sync adds convenience, not server-side authority over your secrets.

Even with Premium, the service is not supposed to become a plaintext backup operator for your vault.

Settings Reference

Understand what each settings area controls and which settings sync across devices.

Diagnostics and Debugging

Use local inspection tools to understand prompt assembly, retrieval behavior, and scene failures.

On this page

The Core Mental ModelDevice LabelSession Lock TimeoutPassword-Based Local UnlockRecovery Phrase ConfirmationWhat Recovery Usually Means HereThe Hard TruthCross-Device ImplicationBest PracticesKeep recovery material outside the unlocked workspaceTreat travel devices differently from home devicesLabel devices clearlyTest your backup habits before you need themPremium and RecoveryRelated Pages