Protecting your passwords

Background

All sensitive data held by Restorepoint is protected by encryption. Restorepoint transparently encrypts data when it is written to disk, and decrypts it when it is read. Clear-text data is always only held in volatile memory and therefore disappears when the appliance is shut down or rebooted, rendering data theft impossible without a valid encryption key. In order to make encryption less intrusive for the user, Restorepoint has two operational states:

  • Lock-down state: when the appliance is powered up and no encryption password has been entered by an administrator. In this state, Restorepoint cannot read its own database and therefore cannot perform any automatic operations. An administrator must log in and provide the encryption password.
  • Normal state: after an administrator has provided the encryption password at login. This is the normal operational mode, when all system functions are enabled. Subsequent administrator logins will not require an encryption password, until the appliance is rebooted again.

It is paramount that administrators memorise both user password and encryption password – without either, you will not be able to access your data.

User password and Encryption password

Passwords are configured during the initial configuration of the appliance, and can be modified in the Administration->Users tab. When you edit or create a user, you will also need to configure an email address and a password recovery question and answer, which are used to reset the passwords in case they are forgotten. It is important that you choose a question to which only you know the answer. Restorepoint will send you a password recovery token by email; therefore you should ensure that your SMTP settings and email address are entered correctly. You should keep the password recovery token safe.

Recovering passwords

If you have lost the passwords, and you are not able to log in using another administrator’s credential, you will need to follow the Forgotten Password link, which uses two-factor authentication: you will need to provide your password recovery token and your security question and answer; if the provided information is correct, you will be able to reset your passwords.

REMEMBER: if you have forgotten your password and the appliance is in lock-down state, unless you can provide the information required for the password recovery procedure above, you will not be able to access your data, and your only option may be a factory reset – which destroys all the data on the appliance.

For more information, please email our Technical Support Team.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s