This article applies only to CrashPlan for Small Business
Overview
CrashPlan app encrypts all user data before it leaves endpoint devices for storage in CrashPlan backup archives. No one can decrypt a user's data without that user's archive encryption key.
Standard encryption
Account password security is currently the only option available for CrashPlan for Small Business. It provides multiple layers of safety and is adequate for most security requirements.
- No user data can be restored or decrypted without the owner's CrashPlan account name and password.
- Administrators with advanced console access can reset names and passwords, and decrypt and restore user data.
- The CrashPlan app encrypts user data with the AES-256 algorithm, the standard adopted by the U.S. National Institute of Standards and Technology (NIST).
- CrashPlan client-server communications use signed certificates and TLS security.
Legacy encryption options
CrashPlan for Small Business previously offered 2 advanced encryption options - archive key encryption and custom key encryption. These encryption options are no longer available except for accounts that previously had them enabled.
Change archive-key password from the CrashPlan app
- Open the CrashPlan app.
- Select Settings.
- Select Security.
- Next to Archive key password, select Change.
- Enter your current archive-key password.
- Enter your new archive-key password.
- Re-enter your new archive-key password.
- Click Save.
The message Archive Key Password Updated appears.New password for all devices
The password is changed for all devices on your account.
Set and answer an archive-key recovery question
A recovery question is an optional feature of the archive key password security setting. The recovery question can be used to reset your archive key password in the event that the existing password is lost or forgotten.
Considerations
- You must know your existing archive key password to set the recovery question. The question cannot be set if the archive key password has already been lost or forgotten.
- CrashPlan technical support cannot set a recovery question for you or recover the answer to your recovery question.
Creating a strong recovery question
If you choose to use this optional feature, take great care when selecting a recovery question and answer. In general, a secure question has the following characteristics:
- Question has hundreds, if not thousands, of possible answers
- Question is not a question you would answer publicly (online or in person)
- Answer is easy for you to remember
- Answer cannot be researched online via Google, Facebook, LinkedIn, etc.
- Answer does not change over time
Configured by an administrator
Your administrator may configure your archive encryption key setting:
- If the archive key encryption option was enabled for you by an administrator, then the default password is set to your CrashPlan app account password until it is changed from the CrashPlan app.
- This article assumes you have permission to change your security preferences. Your administrator may lock these settings.
Set a recovery question
If you use an archive key password, and you have not previously created a recovery question, follow these steps to set a recovery question for your archive key password.
- Open the CrashPlan app.
- Select Settings.
- Select Security.
- Next to Change password recovery question, click Change.
- Enter your archive key password.
- Enter a question to use as your recovery question.
The question cannot exceed 128 characters. - Enter your answer to your recovery question.
The answer is not case sensitive. - Click Save.
Answer a recovery question
If you forget your archive key password, you can answer your recovery question to change your password.
- Open the CrashPlan app.
- Select Settings.
- Select Security.
- Next to Archive key password, click Change.
- Select Forgot your password? The Change archive key password window appears.
- Enter the answer to your security question.
- Enter a new archive key password.
- Re-enter your new archive key password.
- Click Change.
Your archive key password has been changed.
Unable to answer recovery question
If the existing password is lost or forgotten and you are unable to answer your recovery question, contact your administrator.
Once you have set or generated a custom key, export the key for safe keeping. You must provide your key when downloading files from your backup, installing the CrashPlan app, or accessing the CrashPlan app on other devices.
- Open the CrashPlan app.
- Select Settings.
- Select Security.
- Click Export in the Account Encryption Key Security area.
The key exports to a plain text file with the extension .cpkey. It is not necessary to use this file extension, but the file must be saved as plain text. - Enter a name and location for the file to which you want to export the encryption key.
- Click Save.
If you did not set an archive-key recovery question or have custom key encryption enabled, there is no way to recover a lost key. CrashPlan technical support cannot assist with recovering lost or forgotten encryption keys.