CrashPlan apps encrypt all user data before it leaves endpoint devices for storage in Code42 backup archives. No one can decrypt a user's data without that user's archive encryption key. To protect the keys, Code42 offers three levels of security. For users of CrashPlan apps, this article describes whether and how to implement the two advanced levels. However, Code42 strongly recommends keeping to the default, standard level of security.
Administrators of Code42 environments are encouraged to see another article about administrative decisions and controls regarding archive encryption keys.
Before you begin
Your administrator may have already configured your CrashPlan app to use advanced key security. In that case, the next time you open your CrashPlan app on your desktop, it prompts you to define your credentials. For instructions, see either:
Step 1: Consult your administrator
Do not change the security settings in your CrashPlan app without first consulting the administrator of your Code42 environment. The advanced security settings may not be suitable for your Code42 environment.
In addition, your administrator may lock the security settings so that you cannot change them. To identify if that is the case:
- Open the CrashPlan app on your desktop.
- Click Details.
- Select the arrow next to your device name, and choose Device preferences.
- Select Security.
- Look for a button labeled Upgrade.
If you do not see the Upgrade button, you are not allowed to change the security for your archive encryption key. Consult your Code42 environment administrator.
Step 2: Choose a security option
To protect the encryption keys for your backup archives, Code42 offers three levels of security, summarized below. For more detailed comparison of the options, and for further warnings about their risks, see the information for administrators.
User data cannot be decrypted and read without the archive encryption key. The data owner gets the key by supplying the account name and password. Administrators of the Code42 environment also have access to the key, and so to your backed-up data.
The standard, default security option allows administrators to help users recover data. The other two options lock administrators out of user data. Code42 not only recommends that you leave the CrashPlan app with the default option, Code42 also recommends that administrators lock that security setting so that users cannot change it.
You create a private password, known only to you, that protects your encryption key. The key is encrypted before it is stored on the Code42 server. Administrators cannot read your key or your backed-up data. You also define a recovery question and answer to help you when you forget your password.
You define your encryption key. That key never leaves the device where it is created. If you lose that key, your backed up data is also lost. There is no way to recover it.
Step 3: Implement a security option
Follow the links below for instructions about implementing advanced security.
- You cannot revert to standard password security: Once you set any one of your CrashPlan apps to use advanced key security (options 2 or 3 below), there is no reversing the process. The only way to resume the standard account password security is to discard all of your backup data and start over.
- The settings affect all your devices: When you change the security setting at one CrashPlan app, you change it for all of the devices that back up data to your Code42 account.
The recommended, standard option is configured by default.
Follow the instructions at Upgrade Code42 CrashPlan security to archive key password.
Follow the instructions at Upgrade Code42 CrashPlan security to custom key.