Skip to main content
Inheribase uses different authentication mechanisms depending on who is accessing the vault and why. Vault owners use strong, phishing-resistant credentials for everyday access. Heirs go through a separate cryptographic verification flow when a release is triggered. Both paths are designed so that only the intended person can ever gain access.

Vault owner authentication

Passkey authentication

Inheribase’s primary authentication method uses passkeys — the most secure authentication standard available today. Passkeys replace passwords entirely and carry four critical properties:
  • Phishing-resistant: Passkeys are cryptographically bound to a specific domain. A cloned or spoofed site cannot receive your credential.
  • Hardware-backed: The private key lives inside your device’s secure enclave or TPM and cannot be extracted by software.
  • Biometric-optional: You can protect your passkey with Face ID, Touch ID, or a device PIN — the biometric never leaves your device.
  • Cross-device: Passkeys sync across your authorized devices through your platform’s credential manager, so you are never locked to a single device.

Hardware security keys

For users who require an additional layer of assurance, Inheribase supports FIDO2/WebAuthn hardware security keys, including YubiKey and Google Titan. You can register multiple keys so that a lost or damaged key does not lock you out.

Biometric verification

Where your device supports it, you can enable fingerprint recognition, facial recognition, or device-specific biometrics as a second factor. The biometric check happens locally on your device; Inheribase never receives or stores biometric data.

Heir verification

When your configured release conditions are met, the heir access flow begins automatically:
  • Secure, one-time access links are delivered to each registered heir’s email address.
  • If you have configured M-of-N guardian approval, the required number of guardians must cryptographically approve the release before access is granted.
  • Each heir creates their own passkey when claiming the vault, establishing a fresh, heir-owned credential for secure ongoing access.

Account recovery

When you create your account, Inheribase issues a set of one-time recovery codes. Treat these codes with the same care as a physical house key.
  • Store them separately from your vault — for example, in a physical safe or a safety deposit box.
  • Each code can be used exactly once for emergency access.
Due to our zero-knowledge architecture, Inheribase cannot reset your authentication or recover your account if you lose all access methods. Keep your recovery codes in a secure location you will always be able to reach.

Security best practices

  1. Register multiple passkeys across different devices so a single lost device cannot lock you out.
  2. Store recovery codes securely in a physical location that is separate from your digital devices.
  3. Brief your trustees: ensure that the people responsible for executing your estate know where your recovery codes are stored and how to use them.