Security Encyclopedia

Escrow Passwords

Escrow Passwords are ones kept by a trusted third party who may release them to a person under certain circumstances.

In a “fair cryptosystem” as it is termed, a user is permitted to encrypt communications so long as a trusted third party has the cryptokeys—here, a password. An example of this would be a government official in a three-letter agency of the US government their agency employer having keys. Another is a bank employee and their financial institution both having keys. In the case of emergency or a need to recover them, processes are in place for the use of the escrowed key.

Escrow passwords follow the same principle as key escrow. Their use might range from the mundane “recovery code” for when access is interrupted due to forgotten passwords or passwords being out of reach at the time of access. Or, the arrangement is more serious as in they might be held in escrow for when a workplace incident or employment separation occurs.

Escrow passwords and key escrow usually entails encryption of the passwords or keys at the trusted third party or place where they are vaulted as a preventative measure against their unauthorized access. Escrowed passwords and keys are also tied to users as a measure to prove legitimacy of access.


“Passwords that are held by a user and in escrow by a trusted third party are meant to provide a level of assurance should extraordinary circumstances arise. One example is when a court order or some other mandate calls for the release of them, such as for monitoring conversations that are a threat to national security.”