CASE Logbook docs

Your backup password

The one thing in this app you have to remember. Everything else can be recovered. This cannot.

What it protects

Your backup password is the secret that unlocks your patient names and MRNs. The app uses it to scramble those values on your phone before they’re sent to the servers.

Lose the password, and the scrambled values on the servers stay scrambled forever. No one can recover them for you.

What it does NOT protect

  • The clinical content of your cases. Procedure, date, hospital, side, notes — these are saved on the servers in readable form. Losing your password does not lose those.
  • Your account. Your email and account stay. You can sign in. You just can’t read the patient names attached to your cases.

The password is specifically the lock on the identifying part of your data.

How to pick one

  • Make it memorable to you and unguessable to anyone else. Something distinctive that you’ll still remember in a year.
  • Write it down somewhere safe. A piece of paper in a locked drawer, a password manager like 1Password or Bitwarden, your iPhone’s Keychain. We cannot recover this for you — that’s the point.
  • Don’t reuse a password from email or banking. Different purpose, different threat.

Daily use: biometric unlock

After setting your backup password during onboarding, you’ll be asked to enrol Face ID or fingerprint unlock. Do it. Daily unlocking becomes instant — look at your phone, the vault unlocks.

You’ll still need the backup password:

  • When you sign in on a new device for the first time
  • When biometric fails (the camera can’t see you, your finger is wet, you changed phones)

Biometric does not replace the password. It just stops you typing it constantly. If you ever cancel the Face/Touch ID prompt, the app simply shows you the backup-password field instead — no error, no fuss. And turning biometric back off in Settings → Security removes the key cleanly.

If the vault has locked itself after a spell of inactivity, opening any screen — Insights included — brings up the unlock prompt, not an error. You’ll never be told “couldn’t reach the server” when the real reason is simply that the vault is locked; just unlock and the screen loads.

If you forget it

The path depends on whether you still have an unlocked device.

If you have at least one device where the vault is unlocked: open that device → Settings → Security → change your backup password. The app re-scrambles your existing key under the new password. Your patient names stay readable. This is the safe path — no data is lost.

If you have no unlocked device: you must reset your vault. Open the app → sign in → tap the reset option → type RESET to confirm. This:

  • Wipes the secret key on the servers
  • Wipes the working copy on your phone
  • Sends you back through onboarding with a fresh key
  • Leaves your previously-saved patient names as unreadable bytes on your case rows. The clinical content of those cases is untouched.

After a reset, affected cases show a Lost in reset label. Tap each one — either re-enter the name (it gets re-scrambled under your new key) or delete the case. If your phone still had a readable copy of the name in its working memory, the app fixes most of these on its own and you’ll only see the label on cases where both copies were lost.

The reset is destructive but doesn’t lose the case itself — only the patient identifier on it.

Why we can’t reset it for you

We don’t have a Forgot password? Click here link, and we never will. If we could reset your password from our side, someone who broke into our systems could too. The design choice is the same one Signal, ProtonMail, and WhatsApp’s encrypted backups make: stronger security in exchange for irrecoverable password loss.

The surgeon, and only the surgeon, holds the key.