Encryption information (Small Business)

 This article applies only to CrashPlan for Small Business

Overview

CrashPlan app encrypts all user data before it leaves endpoint devices for storage in CrashPlan backup archives. No one can decrypt a user's data without that user's archive encryption key.

Standard encryption

Account password security is currently the only option available for CrashPlan for Small Business. It provides multiple layers of safety and is adequate for most security requirements.

  • No user data can be restored or decrypted without the owner's CrashPlan account name and password.
  • Administrators with advanced console access can reset names and passwords, and decrypt and restore user data.
  • The CrashPlan app encrypts user data with the AES-256 algorithm, the standard adopted by the U.S. National Institute of Standards and Technology (NIST).
  • CrashPlan client-server communications use signed certificates and TLS security.

Legacy encryption options

CrashPlan for Small Business previously offered 2 advanced encryption options - archive key encryption and custom key encryption. These encryption options are no longer available except for accounts that previously had them enabled.

Change archive-key password from the CrashPlan app

  1. Open the CrashPlan app.
  2. Select bluecogSettings-export.png Settings.
  3. Select Security.
  4. Next to Archive key password, select Change.
  5. Enter your current archive-key password.
  6. Enter your new archive-key password.
    • Passwords must be at least 8 characters. For stronger security, use 16 characters or more.
    • Passwords must have at least one uppercase letter, one lowercase letter, and one number. Special characters and symbols are also allowed.
    • Passwords can't contain spaces or 3 or more repeating letters, numbers, or characters.
    • Passwords shouldn't contain common words or phrases that are easily guessed (like "password" or "letmein").
    • Never reuse passwords. Don't use a password for CrashPlan that you use for any other online account.
  7. Re-enter your new archive-key password.
  8. Click Save.
    The message Archive Key Password Updated appears.

     New password for all devices

    The password is changed for all devices on your account.

Set and answer an archive-key recovery question

A recovery question is an optional feature of the archive key password security setting. The recovery question can be used to reset your archive key password in the event that the existing password is lost or forgotten.

Considerations

  • You must know your existing archive key password to set the recovery question. The question cannot be set if the archive key password has already been lost or forgotten.
  • CrashPlan technical support cannot set a recovery question for you or recover the answer to your recovery question.

 Creating a strong recovery question

If you choose to use this optional feature, take great care when selecting a recovery question and answer. In general, a secure question has the following characteristics:

  • Question has hundreds, if not thousands, of possible answers
  • Question is not a question you would answer publicly (online or in person)
  • Answer is easy for you to remember
  • Answer cannot be researched online via Google, Facebook, LinkedIn, etc.
  • Answer does not change over time

Configured by an administrator

Your administrator may configure your archive encryption key setting:

  • If the archive key encryption option was enabled for you by an administrator, then the default password is set to your CrashPlan app account password until it is changed from the CrashPlan app.
  • This article assumes you have permission to change your security preferences. Your administrator may lock these settings.

Set a recovery question

If you use an archive key password, and you have not previously created a recovery question, follow these steps to set a recovery question for your archive key password.

  1. Open the CrashPlan app.
  2. Select bluecogSettings-export.png Settings.
  3. Select Security.
  4. Next to Change password recovery question, click Change
  5. Enter your archive key password.
  6. Enter a question to use as your recovery question.
    The question cannot exceed 128 characters.
  7. Enter your answer to your recovery question.
    The answer is not case sensitive.
  8. Click Save.

Answer a recovery question

If you forget your archive key password, you can answer your recovery question to change your password.

  1. Open the CrashPlan app.
  2. Select bluecogSettings-export.png Settings.
  3. Select Security.
  4. Next to Archive key password, click Change.
  5. Select Forgot your password? The Change archive key password window appears.
  6. Enter the answer to your security question.
  7. Enter a new archive key password.
  8. Re-enter your new archive key password.
  9. Click Change.
    Your archive key password has been changed.

 Unable to answer recovery question

If the existing password is lost or forgotten and you are unable to answer your recovery question, contact your administrator.

Export your custom encryption key

Once you have set or generated a custom key, export the key for safe keeping. You must provide your key when downloading files from your backup, installing the CrashPlan app, or accessing the CrashPlan app on other devices.

  1. Open the CrashPlan app.
  2. Select bluecogSettings-export.png Settings.
  3. Select Security.
  4. Click Export in the Account Encryption Key Security area.
    The key exports to a plain text file with the extension .cpkey. It is not necessary to use this file extension, but the file must be saved as plain text.
  5. Enter a name and location for the file to which you want to export the encryption key.
  6. Click Save.
Recover a lost or forgotten key
If you have archive-key encryption enabled and have set a recovery question, see Set and answer an archive-key recovery question.

If you did not set an archive-key recovery question or have custom key encryption enabled, there is no way to recover a lost key. CrashPlan technical support cannot assist with recovering lost or forgotten encryption keys.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more