How can we help?

We think these articles could help:

    See More
    Home > CrashPlan > Latest > Configuring > Security Overview & Settings

    Security Overview & Settings

    Applies to:
    • CrashPlan for Home
    • CrashPlan PRO
    • CrashPlan PROe

    Overview

    The Security page allows you to edit security settings for your account, including options to:

    • Change your password
    • Require a password to access the CrashPlan app
    • Enable enhanced security options to:
      • Secure your data (for restoring files) with an archive key password that is separate from your account password
      • Require a custom 448-bit encryption key
    • ​Set an archive question and answer to enable you to reset your archive key password (versions 3.6.1 and later only)

    Security

    Security Settings Reference Guide

    Item Description
    a Require password to access CrashPlan app    Identifies whether or not you will need to sign in and supply a password when launching the CrashPlan app. Enabling this option ensures no one else can make changes to your settings or restore your files without your password.
    Account Password (Complete Fields To Change Password)
    b Current password To change your password, enter your current password.
    c New password Enter new password.
    d Re-enter new password in the second password field.
    Archive Encryption Key (Select One)
    e 448-bit encryption     (default) Users or administrators can restore files without providing an additional password.
    f 448-bit encryption+ password    

    Prompts you to set an archive key password. Users or administrators can restore files only by providing the correct archive key password. 

    Note: If you choose this option you will not be able to downgrade your security later.

    g 448-bit encryption with custom 448-bit key    

    Users or administrators can restore files only by providing the correct 448-bit key. The custom key cannot be reset if it is forgotten or lost. Without the custom key, backup data is unrecoverable.

    Note: If you choose this option you will not be able to downgrade your security later.

    Save or Cancel
    h Undo Changes     Reset to previous settings (same effect as cancel).
    i Save Apply changes.

    Archive Password

    Item Description
    a Archive password Enter archive key password. Re-enter the archive key password in the second password field.
    b Question
    (versions 3.6.1 and later only)
    Optional Enter an archive question for recovering a forgotten archive key password. This can be used to reset the archive key password in the event that you lost or forgot the password. If an archive question and answer is not entered, then the archive key password cannot be reset if it is forgotten or lost. The question is limited to 128 characters.
    c Answer If an archive question is entered, provide the answer.

    CAUTION
    An archive question reduces the risk of not being able to restore your files due to a lost of forgotten password. However, it increases the risk of someone bypassing your archive key password. If you choose to use this optional feature, take great care when selecting an archive question and answer. In general, a secure question has the following characteristics: 
    • Question has hundreds, if not thousands, of possible answers
    • Question is not a question you would answer publicly (online or in person)
    • Answer is easy for you to remember
    • Answer cannot be researched online via Google, Facebook, LinkedIn, etc.
    • Answer does not change over time

    Security Options Summary

    Below is a description of the three security options for archive key management. Refer to our encryption key article for full details and a comparison chart.

    448-Bit Encryption - Secure With Account Password

    Consideration Details
    Configuration
    • Account password is the default encryption key security option
    Management requirements
    • Only one password to remember
    • Lowest risk of losing ability to restore files
    • (CrashPlan for Home only) Account password can be reset from our website
    Key creation
    • Encryption key is generated by the CrashPlan app when you create your account
    Key security & storage
    • Encryption key is escrowed on CrashPlan's server for web restores and for installations on new devices
    • Secured key is stored at destination for guest restore
    Key storage for mobile devices
    CrashPlan mobile app only
    • Encryption key is not stored on the device
    • Secured key is sent from CrashPlan's server during the sign-in process
    • Secured key is stored in the device's memory only while the CrashPlan mobile app is in the foreground and user is signed in
    Web restore key access
    • Encryption key is escrowed on CrashPlan's servers for decryption
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Administrators can access files backed up to cloud destinations without knowing user account password

    448-Bit Encryption + Password - Secure With Archive Key Password

    Consideration Details
    Configuration
    • Upgraded security
    Management requirements
    • Two passwords to remember
    • Increased risk of not being able to restore files if archive key password is forgotten
    • You can change your archive key password at any time without affecting backup data
    • Optional You can provide an archive question that, if answered correctly, can be used to reset your archive key password in the event that it is lost of forgotten
    Key creation
    • Encryption key is generated by the CrashPlan app when you create your account
    • Your encryption key remains the same when you upgrade security to archive key password
    Key security & storage
    • Encryption key exists only on source computer
    • Secured key is secured with your archive key password hash and stored on CrashPlan's servers for authentication during web restores and installations on new devices
    • Secured key stored at destination for guest restore
    Key storage for mobile devices
    CrashPlan mobile app only
    • Encryption key is not stored on the device
    • Secured key is sent from CrashPlan's server during the sign-in process and stored in the device's memory while the CrashPlan mobile app is in the foreground and you remain signed in
    • You must enter your archive key password to restore
    • If you enable Remember my private password, then the archive key password is stored in the device's memory as long as you remain signed in; the key and password are both removed when you sign out
    Web restore key access
    • Encryption key is secured with your archive key password hash and stored on CrashPlan's servers for web restore
    • You must supply your archive key password in order to restore files
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Admins cannot access files backed up to your destinations without knowing your archive key password​
    • Admins cannot access your archive key password

    448-Bit Encryption With Custom 448-Bit Key - Generate Your Own Custom Key

    Consideration Details
    Configuration
    • Highest level of upgraded security
    Management requirements
    • Nearly impossible to remember, with increased risk of not being able to restore files if custom key is lost
    • You must start a completely new backup after upgrading to this security option; files backed up prior to upgrading are deleted from backup archives
    • Web restore, guest restore, new installations, and remote restore require that you provide the custom key
    Key creation
    • The original encryption key generated by the CrashPlan app is replaced with an encryption key you choose
    • You can choose to assign a different custom key to each computer on your account
    Key security & storage
    • Encryption key exists only on source computer
    • Your custom key is never cached at any remote location
    Key storage for mobile devices
    CrashPlan mobile app only
    • Custom key is only stored on your device if you enable Remember my custom key
    • Custom key is removed when you sign out of the app
    Web restore key access
    • You must supply your custom key in order to restore files
    • The custom key is held in memory for the purpose of restoring files; it is never written to disk
    • The custom key is flushed from memory once files are restored
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Admins cannot access files backed up to your destinations without knowing your custom key
    • Admins cannot access your custom key

    You must to post a comment.
    Last Modified
    17:15, 11 Feb 2014

    Page Rating

    Was this article helpful?

    Tags

    Guide Type: