Managing your Hushmail passphrase

It’s one of the most common inquiries handled by our customer care team — how to recover a lost or forgotten passphrase. As clearly stated when you first set up your account, passphrases can’t be recovered or reset. This might come as a shock for those of us used to easily resetting passphrases for other services, but Hushmail has decided to forgo this amenity for a very good reason. Allowing customers to reset passphrases opens the door to security breaches.

Allowing passphrase resets makes your account vulnerable

One way services allow you to reset your passphrase is through security questions to confirm your identity. But these questions are surprisingly easy to answer with just a little bit of research. The name of your high school, your mother’s maiden name, or your dream job can be guessed or discovered through social media posts or online records.

Another way to reset a passphrase is to email a link to a backup email account that you can use to set up a new passphrase. However, if that backup email account is compromised, someone with unauthorized access could gain the ability to change your passphrase and access your account.

Text messages are also used to reset passphrases, but SMS is easy for a savvy hacker to circumvent. Hushmail uses SMS, but only for two-step verification, which works when used with a passphrase, never by itself.

Passphrase recovery and Hushmail for Business

Passphrase recovery is only available for Hushmail for Business customers who have users under their own domain, and who elect to enable passphrase recovery. If a passphrase is forgotten or misplaced, the administrator of the account can reset the passphrase for the user.

However, passphrase recovery must be enabled before user accounts are created. If it’s enabled after accounts are already in place, the users will have to go in and change their passphrases for it to be effective.

If you decide to use passphrase recovery for your business account, it’s important to remember that it’s not a retroactive solution. If the passphrase is already lost and the feature was not enabled, then enabling it after the fact will not allow you to reset the passphrase.

What happens if you forget your passphrase?

First make sure you’ve really forgotten it. Double-check that you’re entering your full email address when you attempt to sign in. Hushmail email addresses can end in,,,, or your own domain.

Hushmail passphrases are case sensitive. If you’re having difficulty accessing your account, make sure that you don’t have caps lock enabled on your keyboard.

If your passphrase is saved in your web browser and automatically filled in on our sign-in page, most web browsers now offer the ability to view and retrieve saved credentials.

If all else fails, we'll transfer the duration of your subscription to another account at no charge.

Ways to safely remember your passphrase

You may be wondering how to keep up with a passphrase that you must remember at the risk of losing your account and having to set up a new one. Here are a few suggestions:

  • Select a phrase that has a very specific meaning for you but that isn’t easily guessed. Consider a phrase about a family member, hobby, or personal belief.
  • Keep it short and simple. Passphrases must be entered accurately every time, so leave out any extraneous words. For example, “Skiing is fun and my favorite sport,” should be shortened to “Skiing is my favorite sport.”
  • Get into the habit of keying your passphrase in every time you log in to your account, at least at first. Even though you have options to set up autofill for your passphrase on both webmail and apps, filling it in manually for the first few weeks will help you remember it more easily in the long term.
  • Write down your passphrase and put it someplace safe, but don’t include your email address. That way if someone finds your passphrase, the words will be meaningless and not facilitate an account breach.

Hushmail will never ask you for your passphrase

It’s important to remember that Hushmail will never ask you for your passphrase. We don’t know your passphrase, and we don’t store passphrases on our system. If you receive an email that looks like it’s from Hushmail asking you for your passphrase, don’t respond and delete the email. You can also file a report with our abuse department.

Hushmail’s top priority will always be your security

At Hushmail we feel that the inconvenience that may come from not being able to reset a passphrase is a small price to pay for greater security. In short, most passphrase resetting methods are easier to crack than the passphrase itself, which defeats the purpose of having a strong passphrase. Not enabling you to reset your Hushmail passphrase makes your account more secure, and at Hushmail, security will always be our top priority.

Don't have an account?

Sign up for Hushmail Premium or Hushmail Business today.

Subscribe to our newsletter

Enter your email address in the box below to receive regular updates.