Moat
✦ Key takeaways
- ✓ Encrypted can still mean the provider holds the keys. Zero-knowledge means they don't.
- ✓ With zero-knowledge, data is encrypted before it leaves your device; servers only ever see ciphertext.
- ✓ The trade-off: if you lose your key, no one can recover your data — not even the provider.
- ✓ A simple test: ask whether the company could hand your readable data to anyone. If yes, it isn't zero-knowledge.
“Encrypted” isn't one thing
Almost every service encrypts data — but the question that matters is who holds the keys. There are roughly three levels:
- Encrypted in transit: protected while travelling between you and the server (HTTPS). The server still sees your data in the clear once it arrives.
- Encrypted at rest: stored encrypted on the server — but the provider holds the keys, so they (and anyone who compels them) can decrypt it.
- End-to-end / zero-knowledge: encrypted on your device with a key only you hold. The server stores ciphertext it fundamentally cannot read.
The first two are normal and useful. Only the third means a breach, a rogue employee, or a legal demand cannot expose your actual secrets — because the readable data simply isn't there to take.
How zero-knowledge works in practice
The mechanics are less mysterious than the name suggests:
- A strong key is derived on your device from a secret only you have — for Moat, your recovery key, stretched with
PBKDF2-SHA256at 210,000 iterations and random salts. - Your data is encrypted locally with
AES-256-GCMusing that key. - Only the resulting ciphertext is uploaded. The key never leaves your device.
Because the server never receives the key, it can store and sync your encrypted blob but can't open it. Decryption only ever happens back on a device that has your key.
The honest trade-off. True zero-knowledge means there's no “forgot password, email me a reset” escape hatch for your encrypted data. If you lose your recovery key, the data is unrecoverable — by design. That's why keeping your recovery key safe matters so much.
How to spot the real thing
Marketing pages love the word “encrypted.” To cut through it, ask three questions:
- Could the company show me my own data in readable form from their servers? If yes, they hold a key — not zero-knowledge.
- Where is the key derived, and does it ever leave my device? It shouldn't.
- What happens if I lose my key? A genuine zero-knowledge service will tell you, plainly, that they cannot recover it.
For a security app, this isn't a nice-to-have — it's the point. Your 2FA secrets are the keys to every account they protect. As we covered in our TOTP explainer, those secrets are the crown jewels, and they should be visible to exactly one person: you.
Where Moat stands
Moat is zero-knowledge by design. Your codes and passwords are encrypted on your device, and any backup is end-to-end encrypted before upload. We run no analytics and hold no keys to your data — so there's nothing for us to read, sell, or hand over. You can verify the claim with the questions above; we'll give you the same answers every time.
