Zero knowledge in plain English: what Zen Passwords can and cannot see

Zero knowledge sounds abstract until you are locked out or under attack. The plain version is this: a secure password manager should not let the vendor decrypt your vault just because someone asks.

What Zen Passwords can see versus cannot see

Practical boundary check

Question	Expected boundary
Can support unlock vault contents?	No vendor-side vault decryption path
Can support guide account setup issues?	Yes, product support and diagnostics help
Can biometrics replace master password forever?	No, convenience unlock with periodic password refresh
Can encrypted backups be user controlled?	Yes, backup/export workflows exist for user custody

This model can feel strict when mistakes happen, but strict is often what keeps privacy real. If a company can always bypass your vault, attackers will keep trying to bypass it too.

Frequently asked questions

Does zero knowledge mean no one can ever help me?

It means no one should be able to decrypt your vault for you from the server side. Support can help with product guidance, but should not have a hidden unlock path to your private vault contents.

Why do people still use biometrics then?

Biometrics are convenience unlock, not ownership replacement. Zen Passwords uses trusted-session behavior so master password recall remains part of healthy security habits.