Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Set a Private Encryption Key for Online Backups


You know that you need to be backing up your computer (and other devices). Using an online backup service is a good way to do this automatically. But how secure are online backups? Let’s see how to use a feature offered by some backup services to ensure that only you can access your data.

Get the audio podcast version of this post .

Note: this post contains affiliate links.

The Threat

You run the risk of losing the data on your computer (and other devices). Here are a few ways:

Lose the device Device is stolen from you Ransomware encrypts your data Device dies (stops working) Device is destroyed in a natural disaster (fire, flood, etc.)

A backup you keep in your home isn’t good enough, because that backup could be destroyed at the same time as your device, by many of the same causes listed above. So, it’s wise to use online backups (sometimes called cloud backups ).

When you install backup software on your device, most software will create an encryption key for you. The creator of the backup software will store that key with your account. Because the key is able to decrypt your data (make it readable), this gives the company the ability to access your data! You may think, “I trust the company, so what’s the problem?” Maybe you trust the company itself, but do you trust every one of its employees? And what if the company is hacked? Or what if a government (one in your country or a foreign one) wants to see your data? For these reasons, it’s best to use your own encryption key.

How to Increase Your Security & Privacy

Instead of letting the backup software create your encryption key, and letting the backup company store that key, you should create your own encryption key and store it yourself. Different companies have different terms for this. You may see it called private encryption key , user-owned encryption key , user-defined encryption key , custom encryption key , or something similar.

When you create a private encryption key, your data is encrypted with that key. So if you’re the only one with the key, you’re the only one who can access your data! That means employees at the backup company can’t, hackers can’t, and governments can’t. (Note that encryption can be broken by thosewith enough resources and time. But that shouldn’t stop us from protecting our data.)

Your encryption key is like a password, so you should make it strong , just as you’d make a password strong. That means making it long (the more characters, the better), with a variety of character sets (uppercase, lowercase, numbers, special characters).

Set a Private Encryption Key for Online Backups
Choose the private key encryption option

Now, this is important! If you lose your encryption key, you won’t be able to access the data you’ve backed up . Remember, the backup company doesn’t have your key, so they can’t help you. You must store your key somewhere safe . I recommend putting it in your password manager (I like LastPass ).

When choosing a cloud backup service, read the security and privacy sections of their website. Look for the words encrypt and key . Also, check their privacy policy to see how they handle requests from law enforcement. Why? What if you’re not trying to hide from law enforcement? Well, it’s not necessarily about hiding from law enforcement. The reason it matters is that if the company can give your data to law enforcement, that means the company can access your data , which means any rogue employee at the company, or anyone who hacks the company, can also access your data. So if the company says it can’t give your data to law enforcement, that usually means the company itself has no access to your data. For example, the IDrive Privacy Policy states,

If we provide your files to a law enforcement agency as set forth above, we will remove encryption from the files before providing them to law enforcement only if a default encryption key is used. We will not be able to decrypt any files that are encrypted using a user defined encryption key.

In other words, if you choose the default option (let the software create your encryption key, and let the company store it), the company is able to access your data and provide it to others. But if you use your own encryption key, they can’t.

As important as they are, security and privacy aren’t the only criteria to consider in an online backup service. Here are some other questions to ask, about the company and its service:

How long has the company existed? How long has it been providing online backups? How do customers rate and review the company and service? How much storage do you get? Does the backup software run on all the operating systems you use? What happens when you delete a file from your device? Does it stay in the backup? How long? How many of your devices can you can back up? How many versions of each file are stored? What’s the cost?

IDrive is a cloud backup service that lets you create your own encryption key. Because of this, as well as the combination of other features and cost, I like IDrive as a provider. I also like SpiderOak , a company known for its strong stance on user privacy. There are other backup services that let you use your own encryption key. Here’s a list of a few I’m aware of:

IDrive SpiderOak BackBlaze Mozy Carbonite Acronis Sync Tresorit

I know there are others, and if there’s one you recommend, please leave a comment !

If you’re interested in IDrive, you can use this link to get 25% off your first year!

Set a Private Encryption Key for Online Backups

If you use an Apple iOS device (iPhone or iPad), you have the option of using Apple’s iCloud to back up to Apple’s servers. iCloud uses a private encryption key. According to Apple ,

Your data is protected with a key derived from information

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images