Overview
The CrashPlan app encrypts all file data before it leaves endpoint devices for storage in CrashPlan backup archives. No one can decrypt a user's backed-up files without that user's archive encryption key.
This article provides a conceptual overview of the three encryption key security options available to secure your organization's backup archives.
Best practice recommendation
In almost all cases, administrators should use the default Account password (standard) option and lock the setting so that users cannot change it. The standard option allows administrators to help users recover data. The advanced options (Archive key password and Custom key) lock administrators out of user data, creating a high risk of permanent data loss if a user forgets their credentials.
Security upgrades are permanent
You can upgrade to a more stringent security tier, but you cannot downgrade to a lower tier.
- If you upgrade to Archive key password, you cannot downgrade back to Account password.
- If you upgrade to Custom key, you cannot downgrade to Archive key password or Account password.
Encryption key options comparison
Account password (standard)
This is the default option and the simplest to manage. CrashPlan generates and stores the archive encryption key, which is unlocked automatically by standard account credentials.
- Access Requirements: Simply authenticating as the user or an authorized administrator is all that is required to access the backup archive.
- Risks: Lowest risk of permanent data loss. Because access is tied to standard authentication, user data can easily be restored using the account owner's credentials or through an authorized administrator's intervention.
Archive key password
CrashPlan generates and stores the encryption key, but it is locked behind a second user-created, account-wide password. Users can configure a recovery question that allows them to reset this password.
- Access Requirements: Users must provide their secondary archive key password to access their backup archive. Administrators do not have this password and cannot restore user data or access backed-up files.
- Risks: High risk. Users must configure and remember a separate password and recovery answer. If a user loses the password and does not configure a recovery question, that backup data cannot be recovered.
Custom key
The user provides the encryption key by importing a file, entering a passphrase, or letting the CrashPlan app generate one. CrashPlan does not store the key, it exists only on the user's local device.
- Access Requirements: Users must provide the exact custom key file or string to access their backup archive. Administrators do not have this key and cannot restore user data or access backed-up files.
- Risks: Highest risk. If a user loses the key for a device, that backup data cannot be recovered. A custom key cannot be reset.
Implementation procedures
To implement or change encryption key settings, refer to the following articles:
- For administrators: Organizations - Device Backup Defaults - Security settings reference
- For users: Enabling archive key password security for backups
- For users: Enabling custom key security for backups