Overview
This reference guide describes an organization's backup security settings. You can require users to enter their account password when opening the CrashPlan app, and you can also set the security level of the archive encryption key for users' backup archives.
Access device backup security settings
- To view the general device backup settings, choose Administration > Environment > Organizations. When the Active tab opens, click the organization name. (You may need to expand the parent organization.) Scroll down to Device Backup Defaults and click the Security tab.
- To change these default settings for the organization, from the action menu, choose Device Backup Defaults, then click the Security tab.
Device backup security settings
Item | Description | |
---|---|---|
a | Require account password to access CrashPlan app |
Selected - Requires that the user enters the correct password to open the CrashPlan app.
Require password for added security
We strongly recommend requiring the account password to open the CrashPlan app. If the device is lost, stolen, or infected with malware or ransomware, this helps protect backed-up files from being accessed or deleted by an unauthorized user. |
b | Lock |
Locks this setting to prevent users from changing it in their personal settings. |
c | Push | Applies these settings to existing users in addition to new users. |
d |
Standard |
Users or administrators can restore files without providing an additional password (default). |
e |
Archive key password |
Users or administrators can restore files only by providing the correct archive key password. This additional password cannot be reset if it is forgotten or lost. By default, this password is the account password.
Users who sign in with SSO
Do not use the CrashPlan console to enable archive key password for users who sign in with SSO. Doing so prevents users from accessing their archives, resulting in data loss. Instead, make sure the Archive Encryption Key settings are unlocked, then instruct users to enable Archive key password from the CrashPlan app. |
f |
Custom key |
Users or administrators can restore files only by providing the correct custom key. If a user forgets or loses the custom key, the user's backup data becomes unrecoverable and the key cannot be reset. Adding or changing the custom key requires users to restart their backups. |
- Pushing and locking this setting simply enforces the designated security level. Locking this setting does not prevent users from changing their archive key password, for example.
- After you have upgraded a user's security level, you cannot downgrade the security level without restarting that user's backup.
Archive encryption key summary
Below is a description of the three security options for archive key management. Refer to our encryption key article for full details and a comparison chart.
Standard encryption
Consideration | Details |
---|---|
Configuration |
|
Key creation |
|
Management requirements |
|
Key security & storage |
|
Web restore key access |
|
Administrator access |
|
Archive key password
Consideration | Details |
---|---|
Configuration |
|
Key creation |
|
Management requirements |
|
Key security & storage |
|
Web restore key access |
|
Administrator access |
|
Custom key
Consideration | Details |
---|---|
Configuration |
|
Key creation |
|
Management requirements |
|
Key security & storage |
|
Web restore key access |
|
Administrator access |
|