I'm like the idea but the site does not let me know how it works after I die? How does the other person gets access to the vault?
Now, there have been cases of seniors being conned into signing away power of attorney. If this is detected, how can the owner change the authorization?
And if used by seniors (I am one, OK) how can they remember the password/questions other than a password manager app (which requires a password) or printing them out and saving in a lockbox? And then there’s access to the key …
Anyway, granting access seems to be the entire point of this, and I didn’t see it addressed “job one” on a quick run through the website. Then again, I’m a senior …
1. How the Owner Can Change or Revoke Authorization EchoVaults is entirely offline and local to your device. That means:
You can edit your trusted contact, master password, or emergency instructions at any time from within the app.
All changes happen instantly, without needing to connect to the cloud or re-sync anything.
If someone you previously trusted becomes untrustworthy, you just open the app, change the vault password, the 5 identity challenge questions, or remove them entirely. No delay. No approval needed. You remain in control at all times.
Because there’s no external server, no one — not even us — can override or silently alter this.
2. What About Memory? What If a Senior User Forgets? You’re right to say that remembering a master password + challenge questions can be tricky, especially for seniors. That’s why we built the system with multiple human-friendly backup methods:
You can print an encrypted PDF backup of your vault with your password + answers, and store it in a physical lockbox or with a trusted lawyer or child.
You can export a password-protected backup file and write the access code down on paper.
Or, if you use a password manager already (like 1Password or Bitwarden), you can safely store your EchoVaults credentials there.
We also strongly recommend setting a codeword-based lock screen message like:
"If I’m incapacitated, [Name] should use the code ‘River’ to open EchoVaults."
This gives helpful direction to trusted parties, without exposing anything sensitive upfront.
3. Preventing Exploitation (e.g. Power of Attorney Scams) Because we don’t connect to servers or share data, no one can remotely access or tamper with your EchoVaults data.
The most important layer of defense is:
Your phone’s passcode (which protects the device itself)
Your EchoVaults master password
Your chosen unlock questions
If someone ever tries to pressure you or gain access improperly, you can silently update or revoke their access within seconds. They would never know until it no longer works.
You're absolutely right that this kind of product must earn your trust, not just ask for it. That’s why we’ve published a full transparency report https://echovaults.org/transparency, made the app open-source, and designed everything to work offline, privately, and at your pace.
If there are better ways we can surface this info on the website (e.g., clearer onboarding or an FAQ section just for seniors), we’d love your suggestions.
Thank you again for asking. Your voice matters, and it helps us build better.
It's for all the others! I appreciate your reply.
P.S. I never used, but like the idea of a plausible deniability password, which unlocks nice looking but useless (or even incriminating) info, like the fake ID that came with a wallet, but I keep it the vulnerable back pocket in case someone lifts it. Unfortunately, it's very dated. I keep the real stuff in front.
We don’t use any "secret" internet triggers or remote unlock mechanisms, which are often vulnerable, difficult to test, or dependent on the existence of external infrastructure long after the user has passed. Instead, EchoVaults is fully offline and built on a human-first model of trust, clarity, and layered security.
Here’s how access works after death, step-by-step:
-1. Persistent Lock Screen Instruction (You Set This) During setup, EchoVaults lets you write a permanent message that stays visible on your phone’s lock screen.
This message should guide whoever finds your phone — for example:
“If I’m no longer around, please contact [Name]. They know how to access EchoVaults. Use the codeword: ‘River’.”
This is how your intent survives you, in a form any first responder or family member can understand without needing to unlock anything yet.
-2. They Must Unlock Your Phone (First Layer of Defense) EchoVaults doesn’t bypass or weaken your device’s native security.
The person you trust must already know your phone passcode. We don’t encourage storing or sharing this casually — but if you’re planning for emergencies or death, this is the only real-world viable method.
On both iOS and Android, over 90% of phone theft attempts fail precisely because this passcode layer is so difficult to break. In most jurisdictions, even Apple themselves can’t unlock a phone without a court order — and sometimes, not even then.
-3. EchoVaults: Status Check + Identity Challenge (Second Layer) Once the phone is unlocked and EchoVaults is opened:
The app prompts: “Are you the original user?” or “Has the user passed away?”
If the responder selects “User has passed away”, they’re presented with a 5-question identity challenge, created by you during setup.
These are not generic security questions — they are deeply personal ones only someone close to you can answer (e.g. “What nickname did my mom call me?” or “Where did I hide my emergency note in 2023?”).
You can optionally give this trusted person an encrypted PDF containing these questions and answers in advance, stored safely offline or physically printed.
-4. Access Level and Delayed Vault Reveal Once the correct answers are given:
The trusted person gains access only to the vaults you've marked as “Basic” — typically containing general guidance, will instructions, or useful information for your family.
For vaults marked “Sensitive”, access is delayed based on the wait period you choose — this could be 24 hours, or even weeks, months, or years.
For vaults marked as "Ultra-Sensitive" no one can see this except you, even when trusted person correctly answers your security questions, the vaults in this privacy level will never be visible to them.
After that wait period passes (and only if you don’t cancel the unlock, in case of false positive or mistaken access), the app reveals the sensitive vault.
The delay serves as a grace window: If you’re still alive and access was accidental, you can cancel it. If you’ve truly passed away, it proceeds in a dignified, secure, and planned way.
-Security Model EchoVaults was built with the following principles:
100% offline: No cloud, no syncing, no tracking, no server dependency. Your data stays on your device.
Tamper-resistant encryption: AES-256-GCM with PBKDF2 key derivation, same used in secure password managers and military-grade systems.
Human-readable recovery: All instructions are visible, understandable, and usable by your family or loved ones without technical knowledge.
This is how EchoVaults answers the hardest question: “If I’m gone, how will the people I love access what I left behind — and only them?” Without compromising on privacy, encryption, or simplicity.