diff --git a/src/libs/crypto/index.ts b/src/libs/crypto/index.ts
index 9a884cee..b8ff2d57 100644
--- a/src/libs/crypto/index.ts
+++ b/src/libs/crypto/index.ts
@@ -32,7 +32,7 @@ export const newIdentifier = (
   publicHex: string,
   privateHex: string,
   derivationPath: string,
-): Omit<IIdentifier, keyof "provider"> => {
+): IIdentifier => {
   return {
     did: DEFAULT_DID_PROVIDER_NAME + ":" + address,
     keys: [
diff --git a/src/libs/util.ts b/src/libs/util.ts
index 70ae3d1c..c29a5cbd 100644
--- a/src/libs/util.ts
+++ b/src/libs/util.ts
@@ -42,6 +42,8 @@ import { createPeerDid } from "../libs/crypto/vc/didPeer";
 import { registerCredential } from "../libs/crypto/vc/passkeyDidPeer";
 import { logger } from "../utils/logger";
 import { PlatformServiceFactory } from "@/services/PlatformServiceFactory";
+import { sha256 } from "ethereum-cryptography/sha256";
+import { IIdentifier } from "@veramo/core";
 
 export interface GiverReceiverInputInfo {
   did?: string;
@@ -622,14 +624,12 @@ export const retrieveFullyDecryptedAccount = async (
   return result;
 };
 
-export const retrieveAllAccountsMetadata = async (): Promise<Account[]> => {
+export const retrieveAllAccountsMetadata = async (): Promise<AccountEncrypted[]> => {
   const platformService = PlatformServiceFactory.getInstance();
   const dbAccounts = await platformService.dbQuery(`SELECT * FROM accounts`);
   const accounts = databaseUtil.mapQueryResultToValues(dbAccounts) as Account[];
   let result = accounts.map((account) => {
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const { identity, mnemonic, ...metadata } = account;
-    return metadata as Account;
+    return account as AccountEncrypted;
   });
   if (USE_DEXIE_DB) {
     // one of the few times we use accountsDBPromise directly; try to avoid more usage
@@ -638,7 +638,14 @@ export const retrieveAllAccountsMetadata = async (): Promise<Account[]> => {
     result = array.map((account) => {
       // eslint-disable-next-line @typescript-eslint/no-unused-vars
       const { identity, mnemonic, ...metadata } = account;
-      return metadata as Account;
+      // This is not accurate because they can't be decrypted, but we're removing Dexie anyway.
+      const identityStr = JSON.stringify(identity);
+      const encryptedAccount = {
+        identityEncrBase64: sha256(new TextEncoder().encode(identityStr)).toString(),
+        mnemonicEncrBase64: sha256(new TextEncoder().encode(account.mnemonic)).toString(),
+        ...metadata,
+      };
+      return encryptedAccount as AccountEncrypted;
     });
   }
   return result;
@@ -648,9 +655,8 @@ export const retrieveAllAccountsMetadata = async (): Promise<Account[]> => {
  * Saves a new identity to both SQL and Dexie databases
  */
 export async function saveNewIdentity(
-  identity: string,
+  identity: IIdentifier,
   mnemonic: string,
-  newId: { did: string; keys: Array<{ publicKeyHex: string }> },
   derivationPath: string,
 ): Promise<void> {
   try {
@@ -666,7 +672,8 @@ export async function saveNewIdentity(
     }
     const secretBase64 = secrets.values[0][0] as string;
     const secret = base64ToArrayBuffer(secretBase64);
-    const encryptedIdentity = await simpleEncrypt(identity, secret);
+    const identityStr = JSON.stringify(identity);
+    const encryptedIdentity = await simpleEncrypt(identityStr, secret);
     const encryptedMnemonic = await simpleEncrypt(mnemonic, secret);
     const encryptedIdentityBase64 = arrayBufferToBase64(encryptedIdentity);
     const encryptedMnemonicBase64 = arrayBufferToBase64(encryptedMnemonic);
@@ -675,13 +682,13 @@ export async function saveNewIdentity(
     const params = [
       new Date().toISOString(),
       derivationPath,
-      newId.did,
+      identity.did,
       encryptedIdentityBase64,
       encryptedMnemonicBase64,
-      newId.keys[0].publicKeyHex,
+      identity.keys[0].publicKeyHex,
     ];
     await platformService.dbExec(sql, params);
-    await databaseUtil.updateDefaultSettings({ activeDid: newId.did });
+    await databaseUtil.updateDefaultSettings({ activeDid: identity.did });
 
     if (USE_DEXIE_DB) {
       // one of the few times we use accountsDBPromise directly; try to avoid more usage
@@ -689,12 +696,12 @@ export async function saveNewIdentity(
       await accountsDB.accounts.add({
         dateCreated: new Date().toISOString(),
         derivationPath: derivationPath,
-        did: newId.did,
-        identity: identity,
+        did: identity.did,
+        identity: identityStr,
         mnemonic: mnemonic,
-        publicKeyHex: newId.keys[0].publicKeyHex,
+        publicKeyHex: identity.keys[0].publicKeyHex,
       });
-      await updateDefaultSettings({ activeDid: newId.did });
+      await updateDefaultSettings({ activeDid: identity.did });
     }
   } catch (error) {
     logger.error("Failed to update default settings:", error);
@@ -715,9 +722,8 @@ export const generateSaveAndActivateIdentity = async (): Promise<string> => {
     deriveAddress(mnemonic);
 
   const newId = newIdentifier(address, publicHex, privateHex, derivationPath);
-  const identity = JSON.stringify(newId);
 
-  await saveNewIdentity(identity, mnemonic, newId, derivationPath);
+  await saveNewIdentity(newId, mnemonic, derivationPath);
   await databaseUtil.updateAccountSettings(newId.did, { isRegistered: false });
   if (USE_DEXIE_DB) {
     await updateAccountSettings(newId.did, { isRegistered: false });
diff --git a/src/views/AccountViewView.vue b/src/views/AccountViewView.vue
index 1ba7dce1..bc1c352a 100644
--- a/src/views/AccountViewView.vue
+++ b/src/views/AccountViewView.vue
@@ -1356,18 +1356,7 @@ export default class AccountViewView extends Vue {
    * Processes the identity and updates the component's state.
    */
   async processIdentity() {
-    let account: Account | undefined = undefined;
-    const platformService = PlatformServiceFactory.getInstance();
-    const dbAccount = await platformService.dbQuery(
-      "SELECT * FROM accounts WHERE did = ?",
-      [this.activeDid],
-    );
-    if (dbAccount) {
-      account = databaseUtil.mapQueryResultToValues(dbAccount)[0] as Account;
-    }
-    if (USE_DEXIE_DB) {
-      account = await retrieveAccountMetadata(this.activeDid);
-    }
+    const account = await retrieveAccountMetadata(this.activeDid);
     if (account?.identity) {
       const identity = JSON.parse(account.identity as string) as IIdentifier;
       this.publicHex = identity.keys[0].publicKeyHex;
@@ -1375,8 +1364,10 @@ export default class AccountViewView extends Vue {
       this.derivationPath = identity.keys[0].meta?.derivationPath as string;
       await this.checkLimits();
     } else if (account?.publicKeyHex) {
+      // use the backup values in the top level of the account object
       this.publicHex = account.publicKeyHex as string;
       this.publicBase64 = Buffer.from(this.publicHex, "hex").toString("base64");
+      this.derivationPath = account.derivationPath as string;
       await this.checkLimits();
     }
   }
diff --git a/src/views/ImportAccountView.vue b/src/views/ImportAccountView.vue
index fcf04385..c328505d 100644
--- a/src/views/ImportAccountView.vue
+++ b/src/views/ImportAccountView.vue
@@ -165,7 +165,7 @@ export default class ImportAccountView extends Vue {
           await accountsDB.accounts.clear();
         }
       }
-      saveNewIdentity(JSON.stringify(newId), mne, newId, this.derivationPath);
+      await saveNewIdentity(newId, mne, this.derivationPath);
       this.$router.push({ name: "account" });
       // eslint-disable-next-line @typescript-eslint/no-explicit-any
     } catch (err: any) {
diff --git a/src/views/ImportDerivedAccountView.vue b/src/views/ImportDerivedAccountView.vue
index 2561d659..090ead41 100644
--- a/src/views/ImportDerivedAccountView.vue
+++ b/src/views/ImportDerivedAccountView.vue
@@ -20,18 +20,18 @@
         Will increment the maximum known derivation path from the existing seed.
       </p>
 
-      <p v-if="didArrays.length > 1">
+      <p v-if="Object.keys(didArrays).length > 1">
         Choose existing DIDs from same seed phrase to compute derivation.
       </p>
       <ul class="mb-4">
         <li
-          v-for="dids in didArrays"
-          :key="dids[0]"
+          v-for="dids in Object.values(didArrays)"
+          :key="dids[0].did"
           class="block bg-slate-100 rounded-md flex items-center px-4 py-3 mb-2"
-          @click="switchAccount(dids[0])"
+          @click="switchAccount(dids[0].did)"
         >
           <font-awesome
-            v-if="dids[0] == selectedArrayFirstDid"
+            v-if="dids[0].did == selectedArrayFirstDid"
             icon="circle"
             class="fa-fw text-blue-500 text-xl mr-3"
           ></font-awesome>
@@ -41,8 +41,8 @@
             class="fa-fw text-slate-400 text-xl mr-3"
           ></font-awesome>
           <span class="overflow-hidden">
-            <div class="text-sm text-slate-500 truncate">
-              <code>{{ dids.join(",") }}</code>
+            <div class="text-sm text-slate-500">
+              <code>{{ dids.map((d) => d.did).join(" ") }}</code>
             </div>
           </span>
         </li>
@@ -69,6 +69,7 @@
 </template>
 
 <script lang="ts">
+import * as R from "ramda";
 import { Component, Vue } from "vue-facing-decorator";
 import { Router, RouteLocationNormalizedLoaded } from "vue-router";
 
@@ -80,12 +81,12 @@ import {
 } from "../libs/crypto";
 import { accountsDBPromise, db } from "../db/index";
 import { MASTER_SETTINGS_KEY } from "../db/tables/settings";
-import * as databaseUtil from "../db/databaseUtil";
-import { retrieveAllAccountsMetadata } from "../libs/util";
+import { retrieveAllAccountsMetadata, retrieveFullyDecryptedAccount, saveNewIdentity } from "../libs/util";
 import { logger } from "../utils/logger";
-import { Account } from "../db/tables/accounts";
+import { Account, AccountEncrypted } from "../db/tables/accounts";
 import { PlatformServiceFactory } from "@/services/PlatformServiceFactory";
 import { USE_DEXIE_DB } from "@/constants/app";
+
 @Component({
   components: {},
 })
@@ -94,23 +95,22 @@ export default class ImportAccountView extends Vue {
   $router!: Router;
 
   derivationPath = DEFAULT_ROOT_DERIVATION_PATH;
-  didArrays: Array<Array<string>> = [];
+  didArrays: Record<string, Account[]> = {};
   selectedArrayFirstDid = "";
 
   async mounted() {
-    const accounts: Account[] = await retrieveAllAccountsMetadata();
-    const seedDids: Record<string, Array<string>> = {};
-    accounts.forEach((account) => {
-      // Since we're only getting metadata, we can't check mnemonic
-      // Instead, we'll group by derivation path
-      if (account.derivationPath) {
-        const prevDids: Array<string> = seedDids[account.derivationPath] || [];
-        seedDids[account.derivationPath] = prevDids.concat([account.did]);
-      }
-    });
-    this.didArrays = Object.values(seedDids);
-    if (this.didArrays.length > 0) {
-      this.selectedArrayFirstDid = this.didArrays[0][0];
+    const accounts: AccountEncrypted[] = await retrieveAllAccountsMetadata();
+    const decryptedAccounts: (Account | undefined)[] = await Promise.all(accounts.map(async (account) => {
+      return retrieveFullyDecryptedAccount(account.did);
+    }));
+    const filteredDecryptedAccounts: Account[] = decryptedAccounts.filter((account) => account !== undefined);
+
+    // group by account.mnemonic
+    const groupedAccounts: Record<string, Account[]> = R.groupBy((a) => a.mnemonic || "", filteredDecryptedAccounts) as Record<string, Account[]>;
+
+    this.didArrays = groupedAccounts;
+    if (Object.keys(this.didArrays).length > 0) {
+      this.selectedArrayFirstDid = Object.values(this.didArrays)[0][0].did;
     }
   }
 
@@ -124,60 +124,30 @@ export default class ImportAccountView extends Vue {
 
   public async incrementDerivation() {
     // find the maximum derivation path for the selected DIDs
-    const selectedArray: Array<string> =
-      this.didArrays.find((dids) => dids[0] === this.selectedArrayFirstDid) ||
+    const selectedArray: Array<Account> =
+      Object.values(this.didArrays).find((dids) => dids[0].did === this.selectedArrayFirstDid) ||
       [];
-    const platformService = PlatformServiceFactory.getInstance();
-    const qmarks = selectedArray.map(() => "?").join(",");
-    const queryResult = await platformService.dbQuery(
-      `SELECT * FROM accounts WHERE did IN (${qmarks})`,
-      selectedArray,
-    );
-    let allMatchingAccounts = databaseUtil.mapQueryResultToValues(
-      queryResult,
-    ) as unknown as Account[];
-    if (USE_DEXIE_DB) {
-      const accountsDB = await accountsDBPromise; // let's match derived accounts differently so we don't need the private info
-      allMatchingAccounts = (await accountsDB.accounts
-        .where("did")
-        .anyOf(...selectedArray)
-        .toArray()) as Account[];
-    }
-    const accountWithMaxDeriv = allMatchingAccounts[0];
-    allMatchingAccounts.slice(1).forEach((account) => {
-      if (
-        account.derivationPath &&
-        accountWithMaxDeriv.derivationPath &&
-        account.derivationPath > accountWithMaxDeriv.derivationPath
-      ) {
-        accountWithMaxDeriv.derivationPath = account.derivationPath;
-      }
+    // extract the derivationPath array and sort it
+    const derivationPaths = selectedArray.map((account) => account.derivationPath);
+    derivationPaths.sort((a, b) => {
+      const aParts = a?.split("/");
+      const aLast = aParts?.[aParts.length - 1];
+      const bParts = b?.split("/");
+      const bLast = bParts?.[bParts.length - 1];
+      return parseInt(aLast || "0") - parseInt(bLast || "0");
     });
-    // increment the last number in that max derivation path
-    const newDerivPath = nextDerivationPath(
-      accountWithMaxDeriv.derivationPath as string,
-    );
+    // we're sure there's at least one
+    const maxDerivPath: string = derivationPaths[derivationPaths.length - 1] as string;
 
-    const mne: string = accountWithMaxDeriv.mnemonic as string;
+    const newDerivPath = nextDerivationPath(maxDerivPath);
 
+    const mne = selectedArray[0].mnemonic as string;
     const [address, privateHex, publicHex] = deriveAddress(mne, newDerivPath);
 
     const newId = newIdentifier(address, publicHex, privateHex, newDerivPath);
 
     try {
-      const { sql, params } = databaseUtil.generateInsertStatement(
-        {
-          dateCreated: new Date().toISOString(),
-          derivationPath: newDerivPath,
-          did: newId.did,
-          identity: JSON.stringify(newId),
-          mnemonic: mne,
-          publicKeyHex: newId.keys[0].publicKeyHex,
-        },
-        "accounts",
-      );
-      const platformService = PlatformServiceFactory.getInstance();
-      await platformService.dbExec(sql, params);
+      await saveNewIdentity(newId, mne, newDerivPath);
       if (USE_DEXIE_DB) {
         const accountsDB = await accountsDBPromise;
         await accountsDB.accounts.add({
@@ -191,6 +161,7 @@ export default class ImportAccountView extends Vue {
       }
 
       // record that as the active DID
+      const platformService = PlatformServiceFactory.getInstance();
       await platformService.dbExec("UPDATE settings SET activeDid = ?", [
         newId.did,
       ]);
diff --git a/src/views/QuickActionBvcEndView.vue b/src/views/QuickActionBvcEndView.vue
index f9b62055..89531cf9 100644
--- a/src/views/QuickActionBvcEndView.vue
+++ b/src/views/QuickActionBvcEndView.vue
@@ -167,6 +167,7 @@ import {
 } from "../libs/endorserServer";
 import { logger } from "../utils/logger";
 import { PlatformServiceFactory } from "@/services/PlatformServiceFactory";
+import { retrieveAllAccountsMetadata } from "@/libs/util";
 @Component({
   methods: { claimSpecialDescription },
   components: {
@@ -229,13 +230,7 @@ export default class QuickActionBvcBeginView extends Vue {
         suppressMilliseconds: true,
       }) || "";
 
-    const queryResult = await platformService.dbQuery(
-      "SELECT did FROM accounts",
-    );
-    this.allMyDids =
-      databaseUtil
-        .mapQueryResultToValues(queryResult)
-        ?.map((row) => row[0] as string) || [];
+    this.allMyDids = (await retrieveAllAccountsMetadata()).map((account) => account.did);
     if (USE_DEXIE_DB) {
       const accountsDB = await accountsDBPromise;
       await accountsDB.open();