This article applies to Code42 for Enterprise version 4.
This article explains CrashPlan's default security setting, as well as recommendations and considerations for when it is appropriate to upgrade. Links to step-by-step instructions for upgrading are also provided.
No matter which CrashPlan security option you use, your backup files are always encrypted before any files are sent to your backup destinations. Encryption is the translation of data into a nearly indecipherable code, and it is the most effective way to protect your data. To view the contents of an encrypted file, you must have access to an encryption key that enables you to decrypt it. CrashPlan offers several options for securing this encryption key.
Note: If you are looking for in-depth technical details about each of our security options, please see our article on archive encryption key security.
Account password (default security)
Your account password is CrashPlan's default method for securing your encryption key. We recommend this setting for most users because it offers a good balance between security and ease of use. There are several advantages to using this level of security:
- Only one password to remember
- Your account password locks the encryption key on your account
- Secure encryption key is automatically generated for you
- Lowest risk of losing ability to restore files
As an additional security measure, you can require your account password to access the CrashPlan app. This is a simple way to enhance security on your account without upgrading your archive encryption security setting. From the CrashPlan app, go to Settings > Security and select Require account password to access CrashPlan desktop application.
When to upgrade security
The default settings satisfy the security needs for most users. However, you may want to consider upgrading your security settings if any of the following apply:
- Your devices are highly mobile and/or are frequently at risk of exposure or theft
- Your devices contain highly-sensitive business or medical information
- Your devices must comply with medical or legal regulations that require an increased level of security
Increasing the security setting for your account trades ease of use for enhanced archive security. Each additional level of protection also comes with risks and an increased need for password management. Please review your options carefully before upgrading your security.
- Your security settings apply to all of the computers on your account. For example, if you use an archive key password on one computer, the same archive key password is required for all your computers.
- Once you have upgraded the security of your account, there is no way to downgrade to a lower security option without resetting your account and starting the backup over. Please contact our Customer Champions for Code42 for Enterprise support.
Lost Archive Key Password Or Custom Key
If you lose or forget your archive key password or your custom key, and cannot recover it:
Archive key password
An archive key password is an alternative method for securing your encryption key. With this option, authentication is needed both to access your account (your account password) and to restore your files (your archive key password). The encryption key itself does not change.
- Requires remembering two passwords instead of one.
- If you forget your archive key password, there are limited options for recovery. If you are unable to recover your archive key password, you cannot recover files from your backup.
- All computers on your account must use the same archive key password to restore files.
Increasing the security by creating your own custom key completely removes the encryption key from CrashPlan's servers and replaces it with an encryption key that you create. This custom encryption key is never sent to a CrashPlan server (unless you supply it for a web restore). It is stored only on your source device.
- Due to the level of management required and the possibility of data loss if the key is lost, we only recommend this level of security if it is specifically required in order to meet a professional or regulatory standard, such as securing medical or legal documents.
- When you upgrade to a custom key, you must start your backup over with the new encryption key. All previously backed up files associated with the old encryption key are deleted and no longer available for restore.
- Because of the length and complexity of encryption keys, it is virtually impossible to commit a custom key to memory. Make sure to store a copy of the custom key in a safe location that you can access, even if the source computer has failed.
Upgrade your security
You can upgrade your archive encryption key security from the Settings > Security screen within the CrashPlan app. You can secure your encryption key with the following options:
Code42 for Enterprise only: Your administrator may choose to lock the security policy so that you cannot upgrade your security settings.