Skip to content
English
Submit a request Customer portal
Back to iofinnet.com
  • There are no suggestions because the search field is empty.

Backup & recovery setup

A step-by-step setup guide to ensure continued access to your vault.

Table of content:
Your recovery materials
Set up and store your signer PIN/passphrase
Store your 24-word seed phrase
Vault Redundancy
Checklist & Best Practices

This article walks you through setting up and maintaining the three elements required to ensure continued access to your vault: your encrypted backup file, your 24-word seed phrase, and your signer accessibility. These protect your signer — the component where your secret share is stored on your device — and allow you to restore access if a device is lost or unavailable. If any one of these is missing when you need it, your assets may be at risk — io.finnet cannot reset or recover any of these on your behalf.

You can only export your backup file and re-export your 24-word seed phrase from an active, accessible signer. If your signer is lost — whether the device is unavailable or the passphrase forgotten — you can no longer export either. The copies you saved beforehand are your only recovery option. This is why keeping them consistently up to date is critical.

Your recovery materials

Material What it is Where to store it
Signer passphrase / PIN Set once on the app when registering your signer. Protects the signer on that device. Cannot be recovered or changed if lost. Password manager or equivalent. Never rely on biometric login alone.
24-word seed phrase Generated at signer registration. Used to decrypt your backup file. Can be re-exported from the app — but only while your signer is accessible. Written on paper, stored securely offline. Never digitally.
Encrypted backup file An encrypted copy of the secret share stored on your signer. Must be re-downloaded after each vault event. Offline/external drive (primary) + cloud sync (secondary)

1. Set up and store your signer PIN/passphrase 

When you log in to the app for the first time using the same credentials as your web dashboard, the app will prompt you to register a signer. During that registration, you are asked to set a PIN or passphrase specifically for that signer. 

For a full walkthrough of the registration process, see Registering a signing device.

  • This is set once, on the app, at the time of signer registration
  • It is device-specific — each registered device has its own unique passphrase or PIN
  • It cannot be recovered or changed if lost
  • Store it immediately in a trusted password manager, or write it down in a physically secure location
  • If you have multiple devices, label each one clearly so you know which device it belongs to

Biometrics warning: if you enable Face ID or fingerprint login on the app, you will stop entering your passphrase or PIN regularly and may forget it. If you then lose or replace your device, biometrics will not work on the new device — and without the passphrase or PIN, your signer cannot be restored. Write it down at registration, regardless of whether you use biometrics.

Do not uninstall the app. Uninstalling the app removes the signer from your device. If you have not saved an up-to-date backup file and your 24-word seed phrase beforehand, access to your vault may be lost.


2. Store your 24-word seed phrase

When registering your signer, the app generates a 24-word seed phrase. You will be prompted to save it at signer registration or when receiving funds for the first time.

  • Write it down on paper immediately
  • Store it in a physically secure, offline location — for example, a safe
  • Never photograph it, email it, or store it in a notes app or cloud document
  • Never share it with anyone

If you have multiple devices, each signer has its own 24-word phrase. Store each one separately and label it clearly by device.


Note: your 24-word seed phrase can be re-exported at any time from the app — but only while your signer is active and accessible. If the signer is lost, this is no longer possible. Treat it with maximum care.

3. Download your encrypted backup file

When to download

You must re-download your backup file every time your signer participates in any of the following:

  • Creating a new vault
  • A vault reshare
  • Adding or removing a signer from a vault
  • Any other modification to your vault's signing configuration

Even if none of these events occur, re-downloading at least once a month is recommended.

An outdated backup file may not reflect your latest vault configuration. This can cause a failed recovery — including missing wallets, incorrect permissions, or inability to restore access to your assets.

How to download
  1. Open the io.vault app and log in
  2. Tap the Settings icon in the top right-hand corner
  3. Ensure cloud access is granted — in Settings, tap "Grant access to Google Drive" or enable iCloud sync if you have not already done so. 
    Screenshot 2026-06-07 at 16.54.03

    Wait for the green checkmark to appear next to the Google Drive or Apple logo before proceeding. If the checkmark is not showing, do not proceed — your backup will not sync to the cloud.
    Sync to Google Drive conf

    Screenshot 2026-06-07 at 5.21.39 PM

    For more information on signer syncing, see Registering a signing device — Signer syncing.

  4. Select "Sync all backups & export" , then tap Continue
    Sync all backups & export button
  5. Choose a file name and destination, then tap Save
  6. Confirm the file has been saved successfully before closing the app

If you use multiple email addresses with io.vault, download the backup file for each account separately. When preparing for recovery, zip all backup files from all accounts into a single folder — this is required if you ever need to run the disaster recovery tool.

The backup file is AES-256 encrypted — without your 24-word seed phrase, it cannot be read. However, encryption does not remove the need for a secure, independent copy.

Where to store the exported backup file

Downloaded manually and stored on a secure external drive, independent of any cloud account or device. This is your true fallback — the copy that remains accessible even if your cloud account is lost, suspended, or misconfigured.

Vault Redundancy

Good backups protect your credentials. Good vault design protects your access. You need both.

Even with perfect backups, your vault configuration can create a single point of failure. If one device holds enough shares to be required for every transaction, losing that device means disaster recovery — regardless of how well you backed up.

Risky: vault threshold is 3. Device 1 holds 2 shares — it is required for every transaction. If lost, the vault is inaccessible.

Recommended: distribute shares so no single device is essential. Any combination of remaining devices should be able to reach the threshold independently.

Quick checklist & Best Practices:

Use this after every vault creation or reshare, and at minimum once a month. For full best practice guidance, check also our Best Practices.

☐ Signer Accessibility: Signer passphrase / PIN stored securely — not relying on biometrics alone

☐ Encrypted File Accessibility: 24-word seed phrase written down and stored offline

☐ Encrypted File: Backup file exported and saved to an offline / external drive

☐ Signer Sync: Cloud sync active and correct account verified

☐ Vault Redundancy: Vault design checked — no single device is essential to reach the signing threshold



If you have completed all the steps above and still cannot access your vault, refer to the Disaster Recovery article for last-resort recovery procedures.

For assistance, contact us at customer@iofinnet.com or submit a support request via the Help Center.