A recovery key is an automatically generated phrase which you can use to recover your account if you no longer have access to any of your devices. If you have your username or email and your recovery key, you can sign back in to your account much the same way as you can with a password.
A recovery key is not the same as a password, however, for several important reasons. First, we automatically generate a strong recovery key for all our users, so it is not possible for a user to select a weak password. Weak passwords are still the easiest way for an attacker to penetrate your account, and by removing this option we ensure that the most common security failure is eliminated.
You also cannot view your current recovery key in Semaphor after you have set it. This is why it is critical that you store the recovery key elsewhere as soon as you’ve generated it: once you’ve set your passphrase, Semaphor will never show you the key again!
Lastly, you cannot recover or reset your key outside Semaphor. Many services will allow you to reset your password simply by clicking a link in an email. This means that if your email is compromised, an attacker could easily gain access to your account and even reset your password, cutting off your access to your own data. Again, by removing this option Semaphor is closing off another common way that user accounts are compromised and making it even harder for an attacker to steal your data.