Backup for Files - Recover a pass phrase

Written By Tami Sutcliffe (Super Administrator)

Updated at March 31st, 2021

Your pass phrase is the secret key used to encrypt your data and protect it from unauthorized access. If you do not know your pass phrase and you have to install on a new machine, while you can reset your pass phrase, doing so would only affect backups from the moment of reset forward, and would not retroactively reset the pass phrase encrypting backups that were already backed up. If you are trying to do a recovery of data, resetting your pass phrase would only reset the pass phrase on any new data backed up going forward, and would not change the pass phrase that is encrypting data that was backed up at a previous point in time. 

In the event that you need to recover your data to any machine other than the machine the data was backed up from where the Online Backup Manager is still installed and configured, you will need your pass phrase as it was originally configured. If you do not know your pass phrase, you checked the box to securely store your pass phrase in case it is forgotten, AND you know the answers to your secret questions, your pass phrase can be recovered. If you did not check the box or you cannot answer your secret questions, there is no way to recovery the pass phrase and no way to recover your data without the pass phrase.

Click here for detailed instructions on how to recover a pass phrase

When you need to recover your pass phrase it is secured by the following process:

1. You will use the client software to request a pass phrase recovery. The software generates a new 3072-bit public/private key pair. (This is your request key).

2. The public request key and the details of your request are sent via SSL to our server, where they are stored.

3. A senior-level server technician at Axcient will use the master pass phrase recovery program to decrypt the outer layer of your stored pass phrase envelope. This operator enters the master pass phrase recovery password, which decrypts our 3072-bit private key.

4. At this point, your pass phrase is still encrypted with the 256-bit encryption key generated by the answers to your secret questions. As the technician does not know the answers to your security questions, your pass phrase is still private.

5. The recovery program generates a new 256-bit file key and encrypts the pass phrase envelope. The pass phrase envelope is now fully encrypted again. The new 256-bit file key is encrypted with your request public key.

Only the the person who submitted the request (who presumably now has with the request private key) can decrypt the pass phrase envelope.

6. The newly encrypted pass phrase envelope is stored on the server. The technician emails you that your request has been handled.

7. You use the client software to connect to our server and download the response over an SSL connection.

8. The client software uses the request private key to decrypt the outer layer of the pass phrase envelope.

9. The client software presents your security questions. If you correctly answer these questions, then it will be able to decrypt the final encryption layer protecting your pass phrase, and your pass phrase will be recovered. 

Note: Local disk and local network backups that are encrypted have no way to recover the pass phrase. If you opt to encrypt your local disk or local network backups, be sure you securely store your pass phrase.

Click here to learn more about setting a pass phrase


Detailed steps to recover a pass phrase 

In the event that you no longer have your pass phrase documented, and you wish to recover it, you can do so through the installation of the Online Backup Manager (OBM). You will install the OBM on the system you wish to recover.

1. Open the Online Backup Manager and click on the Control Panel.

mceclip0.png

If you do not have the OBM installed, you must install it.  A full installation of the OBM is needed to do pass phrase recovery. The new OBM does not have to be configured in any way.

2. Click Pass Phrase Recovery 

mceclip1.png

3. A Welcome screen will open. The username and password will already be present in the box if this installation is being done on the machine originally configured for backups from this account. If the Online Backup Manager is unconfigured, or you are using another installation to do the recovery, the boxes will be blank. You will need to manually enter the username and password. Click Next.

mceclip2.png

4. Click Recovery Request.

mceclip3.png

5. All the available pass phrases for the account will be presented. Select the date and click Next.

mceclip4.png

In most cases, only one date will be present. If more than one date is present, be sure that you pick the date that is immediately prior to the date you will want to recover the data for.

 For example, this account has multiple pass phrases. If you needed data from May 2015, you’d pick the 2nd option Thursday, April 02, 2015. If you needed data as it existed on or before December 11, 2015 at 9 am, you’d pick the LAST option of Friday, July 10, 2015 because the December 11 pass phrase was put into use at 3:59 PM on the 11th which would be after the time/date of the data that is needed.

.mceclip5.png

6. Confirmation will appear when the request is successfully submitted.

mceclip6.png

7. At this point our senior-level staff will be notified, and they will process the request. Once the request is processed, you will receive an email. This email will be sent to the email address on file for the account you’re trying to recover the pass phrase for. This email is not required for the next step. If you do not have access to the email address, you can periodically check to see if the next step of Recover Pass Phrase is available to you or not.

8. When the next step is ready, click Recover Pass Phrase

mceclip7.png

9. You will be given pass phrases that are available for you to attempt to recover. Select the proper pass phrase request and click Next.
Note: the date/time on this page is the date/time you put the pass phrase recovery request in, not the date/time that the pass phrase was originally configured.

mceclip8.png

10. Click Recover

mceclip9.png

11. Answer the questions, as they were originally answered when you configured the passphrase. 

mceclip10.png

IMPORTANT: You must answer the security questions exactly as you answered when you saved the pass phrase. Answers ignore capitalization, but punctuation is important. 123-456 is not the same as 123/456. You may get a message telling you how many special characters you have in your answers.

12. If the answers are not correct, you will get this notification:

mceclip11.png

You can continue attempting to answer the questions correctly as many times as you choose.
If you are unable to answer your security questions exactly, then you will be unable to recover your pass phrase. There is no override, and we cannot recover a pass phrase if you cannot answer the secret questions.

13. If you successfully answer the questions right, you will get a notification that you have recovered your pass phrase.

 mceclip12.png

14. The recovered pass phrase will display.

mceclip13.png

You can click on the pass phrase entry you want and click Copy to Clipboard. You will get a balloon confirming success.

mceclip14.png

You will get both the text and hex version of the pass phrase.

15. You can opt to click Save to File and save a copy of the pass phrase information as a text file.