Dai Vernon Teams — FAQ

Setup guide and frequently asked questions for DVT.

Why Dai Vernon Teams?

Your passphrase never persists — wiped from memory after use. Exists for milliseconds, not minutes.

Your passwords are never stored in plaintext — AES-256-GCM encrypted with keys derived from your passphrase and hardware identity. Computationally indistinguishable random noise without your passphrase.

Nothing lives on our servers — team synchronization uses an encrypted relay. The server never sees passwords, passphrases, or keys.

Before You Begin

DVT and DVP cannot run on the same machine. DVT includes all DVP functionality. If DVP is installed: export data, uninstall DVP, install DVT, import data.
Administrators: install DVT and complete setup before sending the download link to team members.

Installation

Download Dai Vernon Teams 1.0.0 - Windows.zip from brittaine.com.

Verify the Setup file hash against checksum.txt before installing.

Run the installer. Windows may show an “Unknown publisher” warning — click More info → Run anyway. See Application Integrity note below.

Download dai-vernon-linux-teams v1.0.0.zip from brittaine.com.

Verify the AppImage file hash against checksum.txt before running.

After extracting, move the AppImage to a permanent location such as ~/Applications/ before running. Running from Downloads folder works but is not recommended.

The AppImage requires execute permission before it can run. Right-click → Properties → Permissions → check Allow executing as program, then double-click to launch.

Alternatively, open a terminal and run:

chmod +x 'Dai Vernon Teams-1.0.0.AppImage'

Setup Wizard (Steps 1–4)

Step 1: Welcome — review and click Continue.
Step 2: Email Address — used as your identity across teams and devices. Stored locally only, never sent to any server. Note: Consider using a dedicated alias rather than your primary email. See Email Address and Privacy below.
Step 3: Master Passphrase — minimum 12 characters, strength indicator must show at least Good. If forgotten, data cannot be recovered.
Step 4: Complete — email confirmed, passphrase created, vault initialized, device identity ready. Click Get Started.

Creating a Team (Administrators Only)

Click Vaults → Create Team
Enter a Team Name
Create the Wheelbarrow passphrase (minimum 12 characters)
Click Create Team

Important: Share the Wheelbarrow passphrase with each member privately before sending invites. Never in the same message as the invite link or code.

Inviting & Joining

Inviting (Admins): Navigate to team vault → member management panel → generate invitation (link or code) → send to each member.

Invite links and codes expire after 8 hours.

Each member needs: the DVT installer, invite link or code, and the Wheelbarrow passphrase (shared separately).

Joining (Members): Install DVT and complete wizard → Vaults → Join Team → enter invite code or click invite link → enter Wheelbarrow passphrase → vault syncs.

Important: The master passphrase used at join time is permanently linked to team vault access.

Ongoing Administration

The relay is event-driven — admin does not need to be logged in continuously. Admin only needs to be active when something changes.

Typical workflow: Admin logs in → makes changes → notifies members out-of-band → members open app → changes sync automatically.

Note: DVT does not currently send in-app notifications for team updates. Member notification is manual for this release.

Notes & FAQ

Passphrase

How should I choose my master passphrase?

Longer is better. A passphrase of 4–5 unrelated words is stronger than a short complex password. Avoid phrases from songs, books, movies, or personal information. The strength indicator in the app must reach at least Good before the app will accept your passphrase.

What if I forget my master passphrase?

Your data cannot be recovered. DVT uses zero-persistence architecture — your passphrase is the only key. There is no server-side recovery, no password reset email, and no backdoor. Choose a passphrase you will remember, and consider writing it down and storing it securely offline (not on your computer).

Can I change my master passphrase?

Yes, from Settings → Security → Update Passphrase. However, read the note below before doing so.

My passphrase and team vault access are linked — what does that mean?

The master passphrase you use when joining a team is permanently linked to your access to that team vault. If you change your master passphrase after joining, you will need to use your original passphrase to unlock the team vault. This is a deliberate architectural behavior, not a bug. Plan your passphrase carefully before joining teams.

Email Address and Privacy

Why does DVT ask for an email address?

Your email address is used as your identity across teams and devices — it is how administrators identify you and how your device is registered. It is stored locally on your machine only and is never transmitted to any server in plaintext.

Should I use my real email address?

This is worth considering carefully. Your email address is stored in your local vault metadata. While it is encrypted at rest, it is an identifier that could confirm your identity if your device were ever compromised. Even in isolation, a confirmed email address is useful to a bad actor — it can confirm you are a target worth pursuing.

Security-conscious users may prefer to use a dedicated alias rather than their primary personal or work email. Enterprise users should follow their organization's security policy on this point.

How Teams Works

What is the Wheelbarrow passphrase?

A second passphrase that all team members share. It is set by the administrator when creating the team and must be shared with members privately, out-of-band. It is never sent to the server. Think of it as the combination to the team's shared safe — every member needs it, but it never leaves the team through any digital channel. The term stems from the mystery riddle about the man arrested for bringing building supplies to his truck everyday. He used a wheelbarrow to get them from the store to the truck. In the app, the wheelbarrow is the device you use to bring your current passwords to you from the company list.

What is the relay?

The relay server facilitates encrypted synchronization between team members. It handles only encrypted data — it never sees your passwords or passphrases. Your data stays encrypted from your device to your teammates' devices. The relay connection is automatic — there is nothing for users to configure.

Who is the administrator?

The administrator creates the team, invites members, manages roles, and can remove members. A team can have multiple administrators. If there is only one administrator and they lose access to their vault, the team vault cannot be recovered — this is by design. Having a second administrator is strongly recommended for any business-critical team.

Do's and Don'ts

Do

Choose a strong, memorable master passphrase before setup — you cannot change it easily after joining teams
Share the Wheelbarrow passphrase in person or by phone
Keep the installer accessible for team members who need to reinstall
Use Settings → Export before resetting or uninstalling
Appoint a second administrator on any business-critical team
Notify members manually when team data has been updated

Don't

Share the Wheelbarrow passphrase in the same message as the invite link or code
Move the app's data files manually — DVT stores encrypted files in specific system locations derived from your hardware; moving them breaks access
Run DVT in a virtual machine — MAC address randomization in VMs can break the hardware-bound encryption, making your vault inaccessible after a VM restart
Install DVT and DVP on the same machine — they cannot coexist
Forget your master passphrase — there is no recovery option

Hardware and Machine Changes

DVT's encryption is bound to your machine's hardware (specifically your network hardware identifier). This is the same principle as TPM-bound storage — the security is inseparable from the hardware.

If you replace your network card (NIC): Your vault files will not be found on the next launch. You will be prompted to enter your passphrase to rebuild access. Your data is not lost.

If you move to a new machine: Use Settings → Export before decommissioning your old machine, then install DVT on the new machine and use Settings → Import.

If you reinstall your operating system on the same hardware: As long as your network card survives the reinstall, vault recovery should work normally on next launch.

If you add or remove a network card: This changes your hardware identifier and may trigger the vault rebuild prompt. Enter your passphrase to restore access.

Reset Vault

When should I use Reset Vault?

Only when you cannot recover access any other way — for example, a forgotten master passphrase that cannot be rebuilt. Reset Vault permanently deletes all local vault data and cannot be undone.

What does Reset Vault delete?

All local vault data including your encrypted chain files, personal vault, team vault data, device identity, and app preferences. After reset, DVT launches fresh as if newly installed.

What happens to my team if I reset as a Member?

Your team vault is unaffected. Other members continue normally. You will need to re-join the team after resetting — contact your administrator for a new invite.

What happens if the sole administrator resets?

If you are the only administrator on a team, your team members will receive a notification on their next sync that the team has been dissolved. They will need to reset their local vaults and re-join once the team is recreated.

If your team has more than one administrator, another admin can remove you from the team (or reduce your status to Member) before you reset and the team continues without interruption.

How do I access Reset Vault?

Settings → Security → Reset Vault. Two confirmations are required before any data is deleted.

Troubleshooting

The app won't open after installation.

Windows may be blocking the unsigned executable. Right-click the installer → Properties → Unblock, then reinstall. Alternatively, click More info → Run anyway when Windows SmartScreen appears.

"DVP has been detected on this machine."

DVT and DVP cannot run on the same machine. Export your DVP data, uninstall DVP, then relaunch DVT.

"Your primary vault file could not be verified."

One of your vault's encrypted files is missing. Enter your master passphrase to rebuild it. Your data is safe — it is protected across multiple secure locations on your device.

I can access my personal vault but not my team vault.

You may be using a different master passphrase than the one used when you joined the team. Your team vault access is linked to the passphrase used at join time. Try unlocking the team vault with your original passphrase.

My invite link or code is not working.

Invites expire after 8 hours. Ask your administrator to generate a new invite.

My team vault shows a dissolution notice.

Your administrator has reset their vault. Follow the prompt in the app to reset your local vault, then contact your administrator to re-join once the team has been recreated.

My team vault is not syncing.

Your administrator needs to be logged into their app to activate the relay session when changes are made. Ask your administrator to log in and confirm the changes were saved, then reopen your app to sync.

Why is the application not signed?

Dai Vernon Teams uses a self-signed certificate verified through a published checksum rather than a commercial certificate authority. Commercial code signing certifies the publisher's identity to Microsoft — it says nothing about the integrity of the code itself. Our checksum approach lets you verify the exact binary you downloaded matches what we released, byte for byte. That is a stronger integrity guarantee than a CA signature alone provides.

The SHA-256 checksum for each release is published on our website and included in your download package. Verify it before installing.

The app won't open after installation.

The AppImage needs execute permission before it can run. Right-click the file → Properties → Permissions → check 'Allow executing as program', then double-click to launch.

Alternatively, open a terminal in the download folder and run: chmod +x 'Dai Vernon Teams-1.0.0.AppImage'

"DVP has been detected on this machine."

DVT and DVP cannot run on the same machine. Export your DVP data, uninstall DVP, then relaunch DVT.

"Your primary vault file could not be verified."

One of your vault's encrypted files is missing. Enter your master passphrase to rebuild it. Your data is safe — it is protected across multiple secure locations on your device.

I can access my personal vault but not my team vault.

My invite link or code is not working.

Invites expire after 8 hours. Ask your administrator to generate a new invite.

My team vault shows a dissolution notice.

Your administrator has reset their vault. Follow the prompt in the app to reset your local vault, then contact your administrator to re-join once the team has been recreated.

My team vault is not syncing.

Why is the application not signed?

Dai Vernon Teams uses a self-signed certificate verified through a published checksum rather than a commercial certificate authority. Commercial code signing certifies the publisher's identity to Microsoft — it says nothing about the integrity of the code itself. Our checksum approach lets you verify the exact AppImage you downloaded matches what we released, byte for byte. That is a stronger integrity guarantee than a CA signature alone provides.

The SHA-256 checksum for each release is published on our website and included in your download package. Verify it before running.

Ready to get started?

Get Dai Vernon Teams