Secure Online Backup

In my “What Makes an Online Backup Solution, Secure?” post, I touched on the fact that an online backup service should never offer a password recovery option because it can subject your password to discovery. I should also have mentioned that some backup services offer an encryption key recovery option instead, which is just as dangerous.

An encryption key is typically a series of bytes generated from your password. So if you had a password that was say, “password123″, it would be transformed into an encryption key. The encryption key is what is used to encrypt and decrypt your files. So whether we are talking about password recovery or encryption key recovery, it is essentially the same thing.

I’ve seen quite a few online backup services offer some form of recovery. Yet these services claim that your backups cannot be viewed by anyone but you. This is simply a misleading statement on their part. The reality is that if the backup service provides a recovery method for your password or encryption key, your backups are at risk. Afterall, a malicious party could claim to be you, provide the right credentials, and then get your password handed over to him, or he could find a way to get your password by hacking the recovery system itself. Either way, your backups are compromised because your password is the only thing protecting them from prying eyes. If you really want to be secure, the online backup service should not have a copy of your password and should never offer a recovery option of any kind.

SecureBackup was engineered from the ground up to be as secure as possible. We simply don’t have a copy of your password or file encryption key stored anywhere. Even if someone held us at gunpoint demanding your password, we wouldn’t be able to provide it. Now you may wonder if we would take the bullet for you? Quite honestly, we wouldn’t have a choice.