Log InContact Support

Enterprise Controlled Encryption Account Recovery

Recover access to your ECE-protected account

Enterprise Controlled Encryption (ECE) allows your organization to create and manage its own encryption keys. Verkada cannot access or decrypt your video data.

If you lose access to your customer secret (the cryptographic key that secures your data), you cannot decrypt your data. This can happen if:

  • You forgot your password

  • You logged in using a passwordless method like a magic link

  • You need to recover access without your original credentials

Recovery codes provide a secure fallback method to regain access.

Recovery codes

A recovery code is a unique, secure string tied to your user account. It lets you decrypt a version of your encrypted customer secret when you cannot access it through normal login.

Your recovery code:

  • Is created when you join the organization

  • Is emailed to you after you set your password

  • Stays valid until you rotate it or your account is deleted

  • Can be resent by an Organization Admin

When recovery codes are sent

We send your recovery code only after you accept your invite and set your password. This ensures you are a verified user.

The email will be titled: Verkada ECE Recovery Code - <org short name>

Why recovery codes matter

Your recovery code provides a backup way to decrypt your customer secret. Without it, you may lose access if:

  • You forgot your password

  • You lose your login device

  • You cannot use passwordless login methods

Encryption and security

Recovery codes are protected using:

  • Argon2id (a modern password hashing algorithm) with high entropy (128-bit minimum)

  • AES encryption with keys derived from your recovery code

  • RSA key pairs for additional protection

  • Secret keys stored securely in our backend, accessible only to you

Use your recovery code

If you are locked out and prompted to enter your recovery code:

1

Find the email titled "Verkada ECE Recovery Code - <org short name>" (sent after account setup).

2

Copy and paste the code into the recovery form.

3

You will regain access to decrypt your customer secret.

Rotate or resend a recovery code

Organization Admins can send a new recovery code at any time. You must have access to your current customer secret before sending a recovery code.

You need to log in with an Org Admin account that has validated its recovery code before you can manage user recovery codes. If you log in with a passwordless method, you will be prompted to enter your recovery code. If you skip this step, you will not be able to manage user recovery codes.

1

In Verkada Command, go to All Products > Admin.

2

In the left navigation, select Users & Permissions, then click Users.

3

Select a user profile.

4

In the top right, click > Control Login.

  1. Click Send New Recovery Code

  2. Click Confirm to save

  3. The new code will be emailed to the user, and the old code will be automatically invalidated

5

Click Done when finished.

FAQ

What happens if I lose my recovery code?

Your admin can send you a new recovery code from your user account settings.

Is my recovery code the same as my invite link?

No. The invite link is used to join the organization. The recovery code is generated after you join and create your password.

Can I use my recovery code more than once?

Yes, you can use your recovery code more than once.

Last updated

Was this helpful?