Device Backup - Security settings reference
Who is this article for?

![]()
CrashPlan for Small Business, no.
Code42 for Enterprise, yes.
Link: Product plans and features.
Overview
Use the Security tab on the Settings > Device Backup menu to set the default Code42 CrashPlan backup encryption key policy for all users (new and existing). After the encryption policy is upgraded, upgraded users can never downgrade their policy.
Auto

| Item | Description | |
|---|---|---|
| a | Require password to access desktop | Checked - Requires that the user enters the correct password to open the app. Unchecked - No password is required to open the app. |
| b | Lock | Locks this setting to prevent users from changing it in their personal settings. |
| c | Push | Indicates whether or not a change in this setting applies to existing users in addition to new users. |
Archive encryption key

| Item | Description | |
|---|---|---|
| a |
Standard |
(default) Users or administrators can restore files without providing an additional password. |
| b |
Archive key password |
Users or administrators can restore files only by providing the correct archive key password. This additional password cannot be reset if it is forgotten or lost. By default this password is the account password. Users who sign in with SSO (Code42 server versions 5.2.x - 5.3.x only)
Do not use the administration console to enable archive key password for users who sign in with SSO. Doing so prevents users from accessing their archives, resulting in data loss. Instead, make sure the Archive Encryption Key settings are unlocked, then instruct users to enable Archive key password from the CrashPlan app. |
| c |
Custom key |
Users or administrators can restore files only by providing the correct custom key. If a user forgets or loses the custom key, the user's backup data becomes unrecoverable and the key cannot be reset. Adding or changing the custom key requires users to restart their backups. Custom key is only supported in CrashPlan app version 5.2 and later. |
| d | Lock | Locks this setting to prevent users from changing it in their personal settings. |
| e | Push |
Indicates whether or not a change in this setting applies to existing users in addition to new users. |
- Pushing and locking this setting simply enforces the designated security level. Locking this setting does not prevent users from changing their archive key password, for example.
- After you have upgraded a user's security level, you cannot downgrade the security level without restarting that user's backup.
Archive encryption key summary
Below is a description of the three security options for archive key management. Refer to our encryption key article for full details and a comparison chart.
Standard encryption
| Consideration | Details |
|---|---|
| Configuration |
|
| Key creation |
|
| Management requirements |
|
| Key security & storage |
|
| Web restore key access |
|
| Administrator access |
|
Archive key password
| Consideration | Details |
|---|---|
| Configuration |
|
| Key creation |
|
| Management requirements |
|
| Key security & storage |
|
| Web restore key access |
|
| Administrator access |
|
Custom key
| Consideration | Details |
|---|---|
| Configuration |
|
| Key creation |
|
| Management requirements |
|
| Key security & storage |
|
| Web restore key access |
|
| Administrator access |
|