How can we help?

We think these articles could help:

    See More
    Home > CrashPlan > Latest > CrashPlan App Reference > Security Overview & Settings

    Security Overview & Settings

    Applies to:
    • CrashPlan for Home
    • CrashPlan PRO
    • CrashPlan PROe

    Overview

    The Security page allows you to edit security settings for your account, including options to:

    • Change your password
    • Require a password to access the CrashPlan app
    • Enable enhanced security options to:
      • Secure your data (for restoring files) with an archive key password that is separate from your account password
      • Require a custom key
    • ​Set an archive question and answer to enable you to reset your archive key password (versions 3.6.1 and later only)

    Security

    Security Settings Reference Guide

    Item Description
    a Require password to access CrashPlan app    Identifies whether or not you will need to sign in and supply a password when launching the CrashPlan app. Enabling this option ensures no one else can make changes to your settings or restore your files without your password. 
    Account Password (Complete Fields To Change Password)
    b Current password To change your password, enter your current password.
    c New password Enter new password.
    d Re-enter new password in the second password field.
    Archive Encryption Key
    e Standard     (default) Users or administrators can restore files without providing an additional password.
    f Archive key password    

    Prompts you to set an archive key password. Users or administrators can restore files only by providing the correct archive key password. 

    Note: If you choose this option you will not be able to downgrade your security later.

    g Custom key    

    Users or administrators can restore files only by providing the custom key. The custom key cannot be reset if it is forgotten or lost. Without the custom key, backup data is unrecoverable.

    Note: If you choose this option you will not be able to downgrade your security later.

    Save or Cancel
    h Undo Changes     Reset to previous settings (same effect as cancel).
    i Save Apply changes.

    Archive Password

    File:CrashPlan/Latest/CrashPlan_App_Reference/Security_Overview_&_Settings/set-archive-key-password.png

    Item Description
    a Archive password Create an archive key password. Re-enter the archive key password in the second password field.

    Your password must be at least 8 characters and can include any combination of capital (A-Z) letters, numeric (0-9) characters, symbols, and spaces.

    b Question
    (versions 3.6.1 and later)
    (Optional) Enter an archive question for recovering a forgotten archive key password. This can be used to reset the archive key password in the event that you lost or forgot the password. If an archive question and answer is not entered, then the archive key password cannot be reset if it is forgotten or lost. 
    The question is limited to 128 characters.
    c Answer If an archive question is entered, provide the answer.

    Archive Question 
    An archive question reduces the risk of not being able to restore your files due to a lost of forgotten password. However, it increases the risk of someone bypassing your archive key password. If you choose to use this optional feature, take great care when selecting an archive question and answer. In general, a secure question has the following characteristics: 
    • Question has hundreds, if not thousands, of possible answers
    • Question is not a question you would answer publicly (online or in person)
    • Answer is easy for you to remember
    • Answer cannot be researched online via Google, Facebook, LinkedIn, etc.
    • Answer does not change over time

    Security Options Summary

    Below is a description of the three security options for archive key management. Refer to our encryption key article for full details and a comparison chart.

    Standard Archive Encryption

    Consideration Details
    Configuration
    • Standard archive encryption is the default encryption key security option
    Key creation
    • The encryption key is generated by the CrashPlan app when you create your account
    Management requirements
    • Only one password to remember
    • Lowest risk of losing ability to restore files
    • (CrashPlan for Home only) Account password can be reset from our website
    Key security & storage
    • Encryption key is escrowed on CrashPlan's server for web restores and for installations on new devices
    Key storage for mobile devices
    CrashPlan mobile app only
    • Encryption key is not stored on the device
    • Secured key is sent from CrashPlan's server during the sign-in process
    • Secured key is stored in the device's memory only while the CrashPlan mobile app is in the foreground and user is signed in
    Web restore key access
    • Encryption key is escrowed on CrashPlan's servers for decryption
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Administrators can access files backed up to cloud destinations without knowing the user account password

    Archive Key Password

    Consideration Details
    Configuration
    • Archive key password is an increased encryption key security option
    Key creation
    • Encryption key is generated by the CrashPlan app when you create your account
    • Your encryption key remains the same when you upgrade security to archive key password
    Management requirements
    • Two passwords to remember
    • Increased risk of not being able to restore files if archive key password is forgotten
    • You can change your archive key password at any time without affecting backup data
    • Optional You can provide an archive question that, if answered correctly, can be used to reset your archive key password in the event that it is lost of forgotten
    Key security & storage
    • The key is encrypted with your archive key password and stored on CrashPlan's servers for authentication during web restores and installations on new devices
    Key storage for mobile devices
    CrashPlan mobile app only
    • Encryption key is not stored on the device
    • Secured key is sent from CrashPlan's server during the sign-in process and stored in the device's memory while the CrashPlan mobile app is in the foreground and you remain signed in
    • You must enter your archive key password to restore
    • If you enable Remember my private password, then the archive key password is stored in the device's memory as long as you remain signed in; the key and password are both removed when you sign out
    Web restore key access
    • Encryption key is secured with your archive key password on CrashPlan's servers for web restore
    • The archive key password is hashed and escrowed on CrashPlan's servers for decryption
    • You must supply your archive key password in order to restore files
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Admins cannot access files backed up to your destinations without knowing the archive key password​
    • Admins cannot access your archive key password

    Custom Key

    Consideration Details
    Configuration
    • Custom key is the highest upgraded encryption key security option
    Key creation
    • The original encryption key generated by the CrashPlan app is removed from CrashPlan server; you can assign a custom key using the generate, passphrase, or import options in the CrashPlan app
    • You can choose to assign a different custom key to each computer on your account
    Management requirements
    • Nearly impossible to remember, with increased risk of not being able to restore files if the custom key is lost
    • You must start a completely new backup after upgrading to this security option; files backed up prior to upgrading are deleted from backup archives
    • Web restore, new installations, and remote restore require that you provide the custom key
    Key security & storage
    • Encryption key exists only on source computer
    • Your custom key is never cached at any remote location
    Key storage for mobile devices
    CrashPlan mobile app only
    • Custom key is only stored on your device if you enable Remember my custom key
    • Custom key is removed when you sign out of the app
    Web restore key access
    • You must supply your custom key in order to restore files
    • The custom key is held in memory for the purpose of restoring files; it is never written to disk
    • The custom key is flushed from memory once files are restored
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Admins cannot access files backed up to your destinations without knowing the custom key
    • Admins cannot access your custom key

    You must to post a comment.
    Last modified
    13:14, 12 May 2015

    Tags

    Classifications

    CrashPlan User Guide