Why we don’t have a "Forgot Password" button (and why you should be glad)
If you use Google Drive, Slack, or Notion, you are used to the safety net. You forget your password, you click a button, and they email you a link to reset it.
It feels convenient. But have you ever asked how they do that?
They can reset your password because they hold the keys to your account. If they can unlock it for you, they can unlock it for themselves. They can unlock it for advertisers. They can unlock it for AI training bots.
At Qaxa, we believe that if you are the only one who creates the work, you should be the only one who holds the keys.
We built a "self-custodial" workspace
In the world of cryptocurrency, there is a saying: "Not your keys, not your coins." We believe this applies to your ideas, your writing, and your private chats too.
We built Qaxa on a Zero-Knowledge Architecture. This is a fancy way of saying that everything you do is encrypted on your device before it ever reaches our servers.
- We don’t know your password.
- We can’t see your tasks, files, or notes.
- We couldn’t read your chats even if forced by law.
Because we literally do not have the keys, we cannot build a traditional "Forgot Password" button that emails you a magic link. It is mathematically impossible for us to reset your account for you.
Locked out? The power of seed phrase recovery
This is where we leave the "Web2" world behind and borrow the best feature from "Web3."
When you create your Qaxa account, we generate a 12-word Secret Recovery Phrase (often called a seed phrase). If you click "Forgot Password" in Qaxa, we won't send an email with instant recovery link. Instead, the app will ask you for these 12 words.
Think of it like the physical key to your house. If you lose it, the landlord can't just "reset" the lock because he doesn't have a copy. You are the only one with access.
- It is generated on your device. (We never see it).
- It is the ONLY way to restore your account if you forget your password.
- You must save it safely (write it down, put it in a password manager, or engrave it on metal if you're hardcore).
Trading convenience for responsibility
We know this is different. We know this shifts the power back to you. Instead of renting access to your data from a corporation, you are the custodian. Here is what you get in return for that responsibility:
- Zero Surveillance: Your data isn't just "protected"—it is mathematically inaccessible to anyone but you. No ad tracking, no metadata harvesting.
- Not Training Data: Because we can't decrypt your data, we can't feed your personal notes, drafts, or creative work into an AI training model. Your work stays yours.
- Breach Immunity: Even if Qaxa’s servers are compromised, hacked, or seized, your data remains safe. Because the keys live on your device, a server-side breach yields nothing but encrypted noise.
- Trustless Security: You don't have to trust our employees, our admins, or our moral compass. Our architecture guarantees that even if we wanted to snoop on your work, we mathematically cannot.
- Unforgeable History: Because you hold the keys, you are the only one who can author messages or edit files. No one—not even a rogue admin—can spoof your identity or tamper with your project history.
For the first time, you can have the ease of a cloud app with the iron-clad security of a cold-storage wallet.
So, yes, the "Forgot Password" button works differently here. But once you realize the old button was actually a backdoor, you’ll never miss it.
—
Since your password is the only key to your data, make sure it’s unbreakable. Read our guide on The Password Strength to see why 20+ characters beats complexity every time.
